Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
an_api.exe

Overview

General Information

Sample name:an_api.exe
Analysis ID:1526423
MD5:d8b47bd38c34fc553ec5765b5297db5d
SHA1:514bef950e36a998fac74c506d1d8123a778dac3
SHA256:59fe7e6e026da28b275c1fa65ac6f2bb0712793903fe1b77cbe148c15df0c927
Tags:exeuser-aachum
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
Drops large PE files
Injects a PE file into a foreign processes
Sigma detected: Explorer NOUACCHECK Flag
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • an_api.exe (PID: 3644 cmdline: "C:\Users\user\Desktop\an_api.exe" MD5: D8B47BD38C34FC553EC5765B5297DB5D)
    • csc.exe (PID: 7148 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
      • explorer.exe (PID: 4676 cmdline: "C:\Windows\explorer.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)
      • cvtres.exe (PID: 6696 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" P61I1O 193.142.146.64 8000 O4U27X MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
        • conhost.exe (PID: 7136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • explorer.exe (PID: 4932 cmdline: C:\Windows\explorer.exe /NoUACCheck MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\explorer.exe /NoUACCheck, CommandLine: C:\Windows\explorer.exe /NoUACCheck, CommandLine|base64offset|contains: y, Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\explorer.exe /NoUACCheck, ProcessId: 4932, ProcessName: explorer.exe
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Music\OcoulsUpdater\EyesUpdater.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\an_api.exe, ProcessId: 3644, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OcuulusUpdater
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: an_api.exeReversingLabs: Detection: 44%
Source: an_api.exeVirustotal: Detection: 57%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
Source: an_api.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Binary string: C:\Users\LapTop\Desktop\DLL\obj\Debug\DLL.pdb source: csc.exe, 00000002.00000002.1623463170.00000000068D1000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000007.00000002.3318711703.0000000000402000.00000040.00000400.00020000.00000000.sdmp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h2_2_04D87478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then jmp 04D83700h2_2_04D833BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then push dword ptr [ebp-24h]2_2_04D87EF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh2_2_04D87EF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h2_2_04D876EC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then push dword ptr [ebp-24h]2_2_04D87EE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh2_2_04D87EE5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then xor edx, edx2_2_04D87E1D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then xor edx, edx2_2_04D87E28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then push dword ptr [ebp-20h]2_2_04D87BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh2_2_04D87BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then push dword ptr [ebp-20h]2_2_04D87BC4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh2_2_04D87BC4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp-4Ch]7_2_02739AFC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp+0Ch]7_2_02732390
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp+0Ch]7_2_02732398
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp+0Ch]7_2_027324B4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp-4Ch]7_2_0273AA33
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp-4Ch]7_2_0273A9F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp-4Ch]7_2_0273A9BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 4x nop then mov ecx, dword ptr [ebp-4Ch]7_2_02739AEF
Source: global trafficTCP traffic: 192.168.2.8:49706 -> 193.142.146.64:8000
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: unknownTCP traffic detected without corresponding DNS query: 193.142.146.64
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://ascstats.iobit.com/usage.phpU
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: EyesUpdater.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://piriform.com/go/app_cc_license_agreement
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://piriform.com/go/app_cc_privacy_policy
Source: cvtres.exe, 00000007.00000002.3320106410.00000000028F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: an_api.exe, EyesUpdater.exe.0.drString found in binary or memory: http://www.piriform.com/ccleaner
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D83728 CreateDesktopW,2_2_04D83728

System Summary

barindex
Source: C:\Users\user\Desktop\an_api.exeFile dump: EyesUpdater.exe.0.dr 976635604Jump to dropped file
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042FF22 NtQueryDefaultLocale,0_2_0042FF22
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00430170 NtQueryDefaultLocale,0_2_00430170
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0043017F NtQueryDefaultLocale,0_2_0043017F
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042F919 NtQueryDefaultLocale,0_2_0042F919
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042FA0F NtQueryDefaultLocale,0_2_0042FA0F
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042FADD NtQueryDefaultLocale,0_2_0042FADD
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042F6BC NtQueryDefaultLocale,0_2_0042F6BC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004260560_2_00426056
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00436C580_2_00436C58
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424C730_2_00424C73
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424C000_2_00424C00
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004350300_2_00435030
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0043243A0_2_0043243A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004304C60_2_004304C6
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004324E70_2_004324E7
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004330800_2_00433080
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004354BD0_2_004354BD
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004331460_2_00433146
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042FD6C0_2_0042FD6C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004255120_2_00425512
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004255CD0_2_004255CD
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004331920_2_00433192
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004259900_2_00425990
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004261940_2_00426194
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004331A50_2_004331A5
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004369A40_2_004369A4
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042F1AD0_2_0042F1AD
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042824E0_2_0042824E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424E530_2_00424E53
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00425A240_2_00425A24
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004282290_2_00428229
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042523A0_2_0042523A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00425EC50_2_00425EC5
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424ED00_2_00424ED0
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424AD40_2_00424AD4
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424ADA0_2_00424ADA
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004252EA0_2_004252EA
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424EF50_2_00424EF5
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004252890_2_00425289
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004252AE0_2_004252AE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00433AAC0_2_00433AAC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424EB30_2_00424EB3
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042F6BC0_2_0042F6BC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424B490_2_00424B49
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424B4E0_2_00424B4E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00425F670_2_00425F67
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00432B7C0_2_00432B7C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00427F120_2_00427F12
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424F150_2_00424F15
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004253200_2_00425320
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004247330_2_00424733
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004333320_2_00433332
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004247310_2_00424731
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424F3B0_2_00424F3B
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004253CE0_2_004253CE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424FDE0_2_00424FDE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424BEF0_2_00424BEF
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004253F80_2_004253F8
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424F870_2_00424F87
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042538D0_2_0042538D
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424B900_2_00424B90
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424BA90_2_00424BA9
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424FB90_2_00424FB9
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073BD860_2_0073BD86
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FAEF0_2_0073FAEF
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073F83A0_2_0073F83A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007404380_2_00740438
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007408190_2_00740819
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B8090_2_0073B809
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074000A0_2_0074000A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073F0F10_2_0073F0F1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C0DB0_2_0073C0DB
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C4C60_2_0073C4C6
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007404CB0_2_007404CB
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007404B80_2_007404B8
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B09C0_2_0073B09C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007408870_2_00740887
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007409770_2_00740977
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C16A0_2_0073C16A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073F56C0_2_0073F56C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B94E0_2_0073B94E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073ED390_2_0073ED39
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073D1260_2_0073D126
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00740D0A0_2_00740D0A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073F9F20_2_0073F9F2
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EDFE0_2_0073EDFE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007401EA0_2_007401EA
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EDDB0_2_0073EDDB
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007401C90_2_007401C9
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007401A70_2_007401A7
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007401A00_2_007401A0
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007405AC0_2_007405AC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073ED860_2_0073ED86
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074098E0_2_0074098E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EE710_2_0073EE71
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FA750_2_0073FA75
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007406520_2_00740652
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FA5E0_2_0073FA5E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EE5C0_2_0073EE5C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B6440_2_0073B644
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FE4C0_2_0073FE4C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FE330_2_0073FE33
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B6040_2_0073B604
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C6FC0_2_0073C6FC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007406E80_2_007406E8
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C2C60_2_0073C2C6
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007406A50_2_007406A5
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007402920_2_00740292
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EA980_2_0073EA98
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FA8D0_2_0073FA8D
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B68C0_2_0073B68C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B7660_2_0073B766
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FF540_2_0073FF54
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EB320_2_0073EB32
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B72E0_2_0073B72E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EB1B0_2_0073EB1B
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B7070_2_0073B707
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FF060_2_0073FF06
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007407020_2_00740702
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EBFF0_2_0073EBFF
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C3E80_2_0073C3E8
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073B7D10_2_0073B7D1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FFC20_2_0073FFC2
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073EFC60_2_0073EFC6
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C3A10_2_0073C3A1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073F3A10_2_0073F3A1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073BBAA0_2_0073BBAA
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073C39B0_2_0073C39B
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0073FF9C0_2_0073FF9C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007478670_2_00747867
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074A03B0_2_0074A03B
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074717D0_2_0074717D
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00749DBE0_2_00749DBE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074858B0_2_0074858B
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00749E600_2_00749E60
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00749E590_2_00749E59
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074764F0_2_0074764F
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00749F550_2_00749F55
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0074833E0_2_0074833E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007500560_2_00750056
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0075006E0_2_0075006E
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007500CD0_2_007500CD
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007735D10_2_007735D1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077EE470_2_0077EE47
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00784BD70_2_00784BD7
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077E0790_2_0077E079
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077D8680_2_0077D868
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0078545B0_2_0078545B
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077EC4C0_2_0077EC4C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007860210_2_00786021
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007774140_2_00777414
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007878060_2_00787806
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007894CF0_2_007894CF
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007884A60_2_007884A6
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007858870_2_00785887
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007879120_2_00787912
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007759F70_2_007759F7
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077D9F20_2_0077D9F2
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007755CA0_2_007755CA
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00774DBE0_2_00774DBE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007851880_2_00785188
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00786E5F0_2_00786E5F
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0076423C0_2_0076423C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0075F6230_2_0075F623
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0078861D0_2_0078861D
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007632E20_2_007632E2
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077DAE10_2_0077DAE1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00764ADC0_2_00764ADC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00773EDB0_2_00773EDB
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0077E2B20_2_0077E2B2
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007872AC0_2_007872AC
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007856A00_2_007856A0
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00772A9F0_2_00772A9F
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0075F29A0_2_0075F29A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00787E810_2_00787E81
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007843770_2_00784377
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007853130_2_00785313
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00776F060_2_00776F06
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00789B040_2_00789B04
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00787B040_2_00787B04
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00787FF90_2_00787FF9
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00774BF20_2_00774BF2
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007727EA0_2_007727EA
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00786BDE0_2_00786BDE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00787F910_2_00787F91
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007853830_2_00785383
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007900200_2_00790020
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007ACCF50_2_007ACCF5
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007AB8940_2_007AB894
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A5C820_2_007A5C82
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007AB8740_2_007AB874
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0079006D0_2_0079006D
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007900600_2_00790060
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A38360_2_007A3836
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A44D50_2_007A44D5
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007AACA10_2_007AACA1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A55590_2_007A5559
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A31280_2_007A3128
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007AD12C0_2_007AD12C
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007ABD240_2_007ABD24
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007901DE0_2_007901DE
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00790D9A0_2_00790D9A
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007B86620_2_007B8662
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A52470_2_007A5247
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007AB6160_2_007AB616
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A4EE10_2_007A4EE1
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A5AB60_2_007A5AB6
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007902910_2_00790291
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A32910_2_007A3291
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007902850_2_00790285
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A53760_2_007A5376
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007B7FE80_2_007B7FE8
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A2FE70_2_007A2FE7
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_007A3BD00_2_007A3BD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D8A1602_2_04D8A160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D80C502_2_04D80C50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D8ABA02_2_04D8ABA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D8D5E82_2_04D8D5E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D8B0F82_2_04D8B0F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D83F982_2_04D83F98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D88AB02_2_04D88AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D88AA12_2_04D88AA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 2_2_04D83F882_2_04D83F88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 7_2_0273A0B87_2_0273A0B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 7_2_0273A0A77_2_0273A0A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 7_2_0273F8787_2_0273F878
Source: an_api.exe, 00000000.00000000.1448812423.00000000006C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenShot.exe, vs an_api.exe
Source: an_api.exe, 00000000.00000002.1656328707.0000000002432000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePHVNC.exe, vs an_api.exe
Source: an_api.exe, 00000000.00000002.1655444562.0000000000724000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameScreenShot.exe, vs an_api.exe
Source: an_api.exe, 00000000.00000002.1655444562.0000000000724000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePHVNC.exe, vs an_api.exe
Source: an_api.exeBinary or memory string: OriginalFilenameScreenShot.exe, vs an_api.exe
Source: an_api.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: 2.2.csc.exe.68f5888.2.raw.unpack, HVNC.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 2.2.csc.exe.68f5888.2.raw.unpack, HVNC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 2.2.csc.exe.68e57ec.1.raw.unpack, HVNC.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 2.2.csc.exe.68e57ec.1.raw.unpack, HVNC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: classification engineClassification label: mal80.evad.winEXE@9/3@0/1
Source: C:\Users\user\Desktop\an_api.exeFile created: C:\Users\user\Music\OcoulsUpdaterJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeMutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeMutant created: \Sessions\1\BaseNamedObjects\O4U27X
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7136:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\explorer.exe
Source: unknownProcess created: C:\Windows\explorer.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\explorer.exeJump to behavior
Source: C:\Windows\explorer.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\an_api.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: an_api.exeReversingLabs: Detection: 44%
Source: an_api.exeVirustotal: Detection: 57%
Source: C:\Users\user\Desktop\an_api.exeFile read: C:\Users\user\Desktop\an_api.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\an_api.exe "C:\Users\user\Desktop\an_api.exe"
Source: C:\Users\user\Desktop\an_api.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: unknownProcess created: C:\Windows\explorer.exe C:\Windows\explorer.exe /NoUACCheck
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" P61I1O 193.142.146.64 8000 O4U27X
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\an_api.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" P61I1O 193.142.146.64 8000 O4U27XJump to behavior
Source: C:\Users\user\Desktop\an_api.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\an_api.exeSection loaded: k7rn7l32.dllJump to behavior
Source: C:\Users\user\Desktop\an_api.exeSection loaded: ntd3ll.dllJump to behavior
Source: C:\Users\user\Desktop\an_api.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\an_api.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: starttiledata.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: usermgrproxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cscui.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: structuredquery.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: icu.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: mswb7.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.storage.search.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: an_api.exeStatic file information: File size 3604856 > 1048576
Source: an_api.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x2a9200
Source: Binary string: C:\Users\LapTop\Desktop\DLL\obj\Debug\DLL.pdb source: csc.exe, 00000002.00000002.1623463170.00000000068D1000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000007.00000002.3318711703.0000000000402000.00000040.00000400.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: 0.2.an_api.exe.724afa.0.raw.unpack, RunPE.cs.Net Code: Run4 System.Reflection.Assembly.Load(byte[])
Source: C:\Users\user\Desktop\an_api.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\an_api.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00435E2B push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00428053 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00426056 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042AC5B push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424C73 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00425802 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00424C00 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00425809 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A81B push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00426032 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004304C6 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004258C7 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004308D5 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004280D9 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A8FB push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A891 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042849C push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A8A7 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00434CAC push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004308B4 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A942 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042615E push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A90A push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00425512 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00428120 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A12C push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_00428139 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004255CD push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A9DA push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_004361F1 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeCode function: 0_2_0042A5F5 push esp; retf 0000h0_2_00436825
Source: C:\Users\user\Desktop\an_api.exeFile created: C:\Users\user\Music\OcoulsUpdater\EyesUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\an_api.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OcuulusUpdaterJump to behavior
Source: C:\Users\user\Desktop\an_api.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OcuulusUpdaterJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 4D80000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 68D0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 88D0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeMemory allocated: E20000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeMemory allocated: 28F0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeMemory allocated: 48F0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\an_api.exeDropped PE file which has not been started: C:\Users\user\Music\OcoulsUpdater\EyesUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\an_api.exeAPI coverage: 5.8 %
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 4536Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe TID: 5700Thread sleep time: -40000s >= -30000sJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe TID: 3160Thread sleep count: 50 > 30Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe TID: 3160Thread sleep time: -50000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: cvtres.exe, 00000007.00000002.3319029869.0000000000B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\an_api.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: 0.2.an_api.exe.724afa.0.raw.unpack, RunPE.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
Source: 0.2.an_api.exe.724afa.0.raw.unpack, RunPE.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
Source: 0.2.an_api.exe.724afa.0.raw.unpack, RunPE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
Source: 0.2.an_api.exe.724afa.0.raw.unpack, RunPE.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
Source: 0.2.an_api.exe.724afa.0.raw.unpack, RunPE.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, data, bufferSize, ref bytesRead)
Source: C:\Users\user\Desktop\an_api.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 2D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000 protect: page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\an_api.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 2D0000 value starts with: 4D5AJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000 value starts with: 4D5AJump to behavior
Source: C:\Users\user\Desktop\an_api.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 2D0000Jump to behavior
Source: C:\Users\user\Desktop\an_api.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 47BF008Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 402000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 412000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 414000Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 601008Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" P61I1O 193.142.146.64 8000 O4U27XJump to behavior
Source: csc.exe, 00000002.00000002.1623463170.00000000068D1000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000007.00000002.3318711703.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: cvtres.exe, 00000007.00000002.3319029869.0000000000BB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation
1
Create Account
312
Process Injection
1
Masquerading
OS Credential Dumping21
Security Software Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API
1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
11
Disable or Modify Tools
LSASS Memory2
Process Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading
1
DLL Side-Loading
31
Virtualization/Sandbox Evasion
Security Account Manager31
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
Process Injection
NTDS1
File and Directory Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information
LSA Secrets12
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading
DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526423 Sample: an_api.exe Startdate: 05/10/2024 Architecture: WINDOWS Score: 80 28 Multi AV Scanner detection for submitted file 2->28 30 .NET source code contains potential unpacker 2->30 32 .NET source code references suspicious native API functions 2->32 34 2 other signatures 2->34 8 an_api.exe 1 2 2->8         started        12 explorer.exe 5 4 2->12         started        process3 file4 24 C:\Users\user\Music\...yesUpdater.exe, PE32 8->24 dropped 36 Writes to foreign memory regions 8->36 38 Allocates memory in foreign processes 8->38 40 Drops large PE files 8->40 42 Injects a PE file into a foreign processes 8->42 14 csc.exe 1 8->14         started        signatures5 process6 signatures7 44 Writes to foreign memory regions 14->44 46 Allocates memory in foreign processes 14->46 48 Injects a PE file into a foreign processes 14->48 17 cvtres.exe 4 14->17         started        20 explorer.exe 14->20         started        process8 dnsIp9 26 193.142.146.64, 49706, 49708, 49709 HOSTSLICK-GERMANYNL Netherlands 17->26 22 conhost.exe 17->22         started        process10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
an_api.exe45%ReversingLabsWin32.Trojan.Midie
an_api.exe58%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://piriform.com/go/app_cc_privacy_policy0%VirustotalBrowse
http://piriform.com/go/app_cc_license_agreement0%VirustotalBrowse
http://www.piriform.com/ccleaner0%VirustotalBrowse
http://ascstats.iobit.com/usage.phpU0%VirustotalBrowse
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://piriform.com/go/app_cc_privacy_policyan_api.exe, EyesUpdater.exe.0.drfalseunknown
http://ascstats.iobit.com/usage.phpUan_api.exe, EyesUpdater.exe.0.drfalseunknown
http://www.piriform.com/ccleaneran_api.exe, EyesUpdater.exe.0.drfalseunknown
http://piriform.com/go/app_cc_license_agreementan_api.exe, EyesUpdater.exe.0.drfalseunknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecvtres.exe, 00000007.00000002.3320106410.00000000028F1000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
193.142.146.64
unknownNetherlands
208046HOSTSLICK-GERMANYNLfalse
Joe Sandbox version:41.0.0 Charoite
Analysis ID:1526423
Start date and time:2024-10-05 16:48:20 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 8m 32s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:Run with higher sleep bypass
Number of analysed new started processes analysed:12
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:an_api.exe
Detection:MAL
Classification:mal80.evad.winEXE@9/3@0/1
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 88%
  • Number of executed functions: 216
  • Number of non-executed functions: 54
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target cvtres.exe, PID 6696 because it is empty
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
TimeTypeDescription
10:51:09API Interceptor34x Sleep call for process: cvtres.exe modified
16:49:35Task SchedulerRun new task: CreateExplorerShellUnelevatedTask path: C:\Windows\explorer.exe s>/NoUACCheck
16:49:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OcuulusUpdater C:\Users\user\Music\OcoulsUpdater\EyesUpdater.exe
16:49:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OcuulusUpdater C:\Users\user\Music\OcoulsUpdater\EyesUpdater.exe
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
193.142.146.64licarisan_api.exeGet hashmaliciousIcarusBrowse
    build.exeGet hashmaliciousUnknownBrowse
      Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
        Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
          No context
          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          HOSTSLICK-GERMANYNLlicarisan_api.exeGet hashmaliciousIcarusBrowse
          • 193.142.146.64
          build.exeGet hashmaliciousUnknownBrowse
          • 193.142.146.64
          ub16vsLP6y.zipGet hashmaliciousRemcosBrowse
          • 193.142.146.203
          ISehgzqm2V.zipGet hashmaliciousRemcosBrowse
          • 193.142.146.203
          Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
          • 193.142.146.64
          Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
          • 193.142.146.64
          bot_library.exeGet hashmaliciousUnknownBrowse
          • 193.142.146.43
          SecuriteInfo.com.ELF.Mirai-CQT.17542.12898.elfGet hashmaliciousMiraiBrowse
          • 193.142.146.10
          arm7.elfGet hashmaliciousUnknownBrowse
          • 193.142.146.10
          No context
          No context
          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):706
          Entropy (8bit):5.349842958726647
          Encrypted:false
          SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTArkvoDLI4MWuCq1KDLI4M9XKbbDLI4MWuPJKAVKhk:MLU84qpE4KiE4Kx1qE4qXKDE4KhKiKhk
          MD5:86CF233CE16FF4D7540CDC53D0B313FF
          SHA1:6968C0B0D1C109D59A72C821AF75A012BB4EDC9E
          SHA-256:F2F3CD07D8D9BED11E44314A9A8E4A835A98B7E627AE7C4666A9B6E37D8D8521
          SHA-512:FA6BF1A4841AFC9C97323F90E9A96CA5DD3ACBB5D7224A77853B8E8FFCB260BA374969CC94A58D30CEA7A0D43D0EEC8AEBD616CA8D6B5E5F6B584BBB9BB93F3F
          Malicious:false
          Reputation:low
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..
          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
          File Type:ASCII text, with no line terminators
          Category:modified
          Size (bytes):10
          Entropy (8bit):2.446439344671015
          Encrypted:false
          SSDEEP:3:MKV/z:MKBz
          MD5:E27D47991851642F9EDCBA5827441DD5
          SHA1:D2D3C1B59CDE8CA587E7AF6AA565D0B3A6AD69AB
          SHA-256:0736DC7C3FEFD085EC17D24EF7BE290E4447B87A1196397DD3203D7C19EEACED
          SHA-512:BEA4525CFC84C6C666628810723D2A28A2184AEC4F16F8F189425A2D669F62B5F89B00B5035D3B38A94629CF5B0EA5F3A4FD2B224A69C19B4450636AE9989205
          Malicious:false
          Reputation:low
          Preview:10/05/2024
          Process:C:\Users\user\Desktop\an_api.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):976635604
          Entropy (8bit):0.05263770084266713
          Encrypted:false
          SSDEEP:
          MD5:BEC213FE01EBDFBB381B2F51BAF82A52
          SHA1:6D2CC91D29645FCCBB075C2F19D6CAB71FAB269F
          SHA-256:03AA9197CEC1ABDC26538D9E3141FD48B75FA2A32F1AB49FE8E6F894F7E7571E
          SHA-512:BE5BC63FCF8C04392F1396F4198E8CE517B75EEB9EDB45A970DF7BFAD5F364199EFF7CF2FF041525DEB84AE5D1586DE95EA977677A3CAD7CC4878E7A62162E07
          Malicious:false
          Reputation:low
          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...m.$a......................,...................@...........................;.......7..........@...............................=......F.*...........6.xO...`...............................P......................d................................text............................... ..`.itext.............................. ..`.data....@.......@..................@....bss.....................................idata...@.......>..................@....tls.........@...........................rdata.......P......................@..@.rsrc...F.*.......*.. ..............@..@.....................................................@......................@..@................................................................................................
          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):6.8033875458884285
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.94%
          • Win16/32 Executable Delphi generic (2074/23) 0.02%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:an_api.exe
          File size:3'604'856 bytes
          MD5:d8b47bd38c34fc553ec5765b5297db5d
          SHA1:514bef950e36a998fac74c506d1d8123a778dac3
          SHA256:59fe7e6e026da28b275c1fa65ac6f2bb0712793903fe1b77cbe148c15df0c927
          SHA512:b8f630c43031b1dff4ae68afadebd6691cacf05148c6d21247fc06cbfd569eda100e371cf4f32dbb8a1a1e0fc7fdc16890a121e08e75e1519c115e66ba9940b5
          SSDEEP:49152:gVMxgUgoJUcaqCDxdITcP2MNoSPhaC+1R7JDO95n5c:gV7UgoJUBZgoP2MNBajv8955c
          TLSH:BDF57C51E211D80ED02A2678C077CDF17622AD38D4748713BEAE7C777B75BA01A1CAE6
          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
          Icon Hash:3b71d48cc8c86907
          Entrypoint:0x4aac88
          Entrypoint Section:.itext
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          DLL Characteristics:
          Time Stamp:0x6124A66D [Tue Aug 24 07:57:33 2021 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:0
          File Version Major:5
          File Version Minor:0
          Subsystem Version Major:5
          Subsystem Version Minor:0
          Import Hash:33e003ddaff3bc71480e8cb946f52917
          Signature Valid:
          Signature Issuer:
          Signature Validation Error:
          Error Number:
          Not Before, Not After
            Subject Chain
              Version:
              Thumbprint MD5:
              Thumbprint SHA-1:
              Thumbprint SHA-256:
              Serial:
              Instruction
              push ebp
              mov ebp, esp
              add esp, FFFFFFF0h
              mov eax, 004A98E4h
              call 00007FB8F0B2D089h
              call 00007FB8F0BD52ACh
              mov eax, dword ptr [004F2830h]
              mov eax, dword ptr [eax]
              call 00007FB8F0B322BCh
              mov eax, dword ptr [004F2830h]
              mov eax, dword ptr [eax]
              mov dl, 01h
              call 00007FB8F0B322FEh
              mov ecx, dword ptr [004AED4Ch]
              mov eax, dword ptr [004F2830h]
              mov eax, dword ptr [eax]
              mov edx, dword ptr [004A9528h]
              call 00007FB8F0B3229Eh
              mov eax, dword ptr [004F2830h]
              mov eax, dword ptr [eax]
              call 00007FB8F0B3229Ah
              call 00007FB8F0B2CCEDh
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xf00000x13dee.idata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1100000x2a9046.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x36b6000x4f78.rsrc
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1060000x95f8.rdata
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x1050000x18.rdata
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0xf1f640x1a00.idata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000xa90000xa8e00b6345467ee85dd7097ee84ae3eaaf44dFalse0.4634761287934863data6.6366006981501595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .itext0xaa0000x10000xe0047f13ebf2c1d7f5f845d183af3921c70False0.533203125data5.726454537490657IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .data0xab0000x40000x400050b772b21b84466c3b21a7e6d5fd0748False0.48486328125DOS executable (block device driver)5.33588059365472IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .bss0xaf0000x410000x41000513135b4c6487bca867d615455634c4dFalse0.6882662259615384data7.410467622829767IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .idata0xf00000x140000x13e00a6fdfc22de58e230668e6140af18f713False0.20748575078616352data5.442044496747251IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .tls0x1040000x10000x100023a516eee44fe9d482d78f4329d3baa2False0.392822265625data4.09924522772341IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rdata0x1050000xb0000x2007630f45a6a5af0e127c28e46ae9ee2bbFalse0.05078125data0.18415065608732903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .rsrc0x1100000x2a90460x2a9200aa0435b87b899984986e67aae0721676unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              NameRVASizeTypeLanguageCountryZLIB Complexity
              MAD0x11529c0x14data1.25
              MAD0x1152b00x10ea4data1.0004474337509381
              PNG0x1261540x269bPNG image data, 340 x 205, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9596276434281089
              PNG0x1287f00x2248PNG image data, 340 x 205, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9644484958979034
              PNG0x12aa380x1915PNG image data, 340 x 205, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9484503971344027
              PNG0x12c3500x2114PNG image data, 340 x 205, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9636277751535192
              PNG0x12e4640x18fPNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0275689223057645
              PNG0x12e5f40x238PNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0193661971830985
              PNG0x12e82c0x5059PNG image data, 205 x 45, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.996159268802567
              PNG0x1338880x219PNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0204841713221602
              PNG0x133aa40x258PNG image data, 19 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0183333333333333
              PNG0x133cfc0x203PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0155339805825243
              PNG0x133f000x358PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0128504672897196
              PNG0x1342580x153PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9911504424778761
              PNG0x1343ac0x34aPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013064133016627
              PNG0x1346f80x2c6PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0154929577464789
              PNG0x1349c00x114ePNG image data, 49 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0024830699774265
              PNG0x135b100x18a8PNG image data, 61 x 57, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001742712294043
              PNG0x1373b80x1e62PNG image data, 73 x 69, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001414245307277
              PNG0x13921c0x30a5PNG image data, 98 x 92, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.000883321288043
              PNG0x13c2c40x475dPNG image data, 122 x 115, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0008758005364278
              PNG0x140a240x6328PNG image data, 206 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.44425622439331863
              PNG0x146d4c0x608PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0071243523316062
              PNG0x1473540x801PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0053684724255734
              PNG0x147b580x782PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005723204994797
              PNG0x1482dc0x7c3PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055359838953195
              PNG0x148aa00x3f16PNG image data, 490 x 270, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9763467492260062
              PNG0x14c9b80x7b96PNG image data, 205 x 257, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9983564068525191
              PNG0x1545500x27fePNG image data, 768 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9854463762453605
              PNG0x156d500x13dPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003154574132492
              PNG0x156e900x167PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0139275766016713
              PNG0x156ff80x182PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0129533678756477
              PNG0x15717c0x197PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0171990171990173
              PNG0x1573140x213PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0207156308851224
              PNG0x1575280x1ffPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0215264187866928
              PNG0x1577280x268PNG image data, 25 x 25, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0178571428571428
              PNG0x1579900x2baPNG image data, 30 x 30, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.015759312320917
              PNG0x157c4c0x41dPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0104463437796771
              PNG0x15806c0x4fbPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008627450980392
              PNG0x1585680x6b0PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064252336448598
              PNG0x158c180x896PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0050045495905369
              PNG0x1594b00x21ePNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0018450184501846
              PNG0x1596d00x253PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0033613445378151
              PNG0x1599240x275PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8712241653418124
              PNG0x159b9c0x39ePNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8704103671706264
              PNG0x159f3c0x286PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0170278637770898
              PNG0x15a1c40x2efPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.014647137150466
              PNG0x15a4b40x3eePNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9701789264413518
              PNG0x15a8a40x4d2PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9619124797406807
              PNG0x15ad780x410PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010576923076923
              PNG0x15b1880x51cPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0084097859327217
              PNG0x15b6a40x6d1PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0063037249283668
              PNG0x15bd780x832PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0052430886558628
              PNG0x15c5ac0x3a9PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0117395944503735
              PNG0x15c9580x43dPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0101382488479262
              PNG0x15cd980x5bbPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0074982958418541
              PNG0x15d3540x71cPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006043956043956
              PNG0x15da700x1f4PNG image data, 18 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.022
              PNG0x15dc640x266PNG image data, 23 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.017915309446254
              PNG0x15decc0x2c9PNG image data, 28 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0154277699859748
              PNG0x15e1980x386PNG image data, 37 x 37, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121951219512195
              PNG0x15e5200x470PNG image data, 46 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0096830985915493
              PNG0x15e9900x10dPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x15eaa00x1efPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121212121212122
              PNG0x15ec900x1baPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9932126696832579
              PNG0x15ee4c0x165PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7675070028011205
              PNG0x15efb40x20bPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8107074569789675
              PNG0x15f1c00x10dPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x15f2d00x1e0PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0041666666666667
              PNG0x15f4b00x17dPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.979002624671916
              PNG0x15f6300x165PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7703081232492998
              PNG0x15f7980x20ePNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8098859315589354
              PNG0x15f9a80xf3PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9794238683127572
              PNG0x15fa9c0xfaPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.948
              PNG0x15fb980x119PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9466192170818505
              PNG0x15fcb40x14bPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7190332326283988
              PNG0x15fe000x17ePNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6544502617801047
              PNG0x15ff800xefPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9832635983263598
              PNG0x1600700xfePNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9803149606299213
              PNG0x1601700x11aPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9680851063829787
              PNG0x16028c0x14fPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7194029850746269
              PNG0x1603dc0x181PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6311688311688312
              PNG0x1605600x105PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9693486590038314
              PNG0x1606680x115PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1607800x122PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9896551724137931
              PNG0x1608a40x16cPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8159340659340659
              PNG0x160a100x1a1PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7553956834532374
              PNG0x160bb40x103PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.972972972972973
              PNG0x160cb80x118PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.975
              PNG0x160dd00x126PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9285714285714286
              PNG0x160ef80x16fPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8092643051771117
              PNG0x1610680x1a5PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7505938242280285
              PNG0x1612100xdePNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9234234234234234
              PNG0x1612f00xe9PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9313304721030042
              PNG0x1613dc0xf0PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.875
              PNG0x1614cc0x138PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6538461538461539
              PNG0x1616040x16aPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.5994475138121547
              PNG0x1617700xdcPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9090909090909091
              PNG0x16184c0xe8PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9353448275862069
              PNG0x1619340xf2PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9132231404958677
              PNG0x161a280x13dPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6624605678233438
              PNG0x161b680x16fPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6103542234332425
              PNG0x161cd80x1b7PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0250569476082005
              PNG0x161e900x21cPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0203703703703704
              PNG0x1620ac0x279PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0173775671406002
              PNG0x1623280x310PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0140306122448979
              PNG0x1626380x3bcPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0115062761506277
              PNG0x1629f40x386PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0121951219512195
              PNG0x162d7c0x4c2PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0090311986863711
              PNG0x1632400x665PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0067196090409285
              PNG0x1638a80x998PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0044788273615635
              PNG0x1642400xd0fPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003290457672749
              PNG0x164f500x2b0PNG image data, 32 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0159883720930232
              PNG0x1652000x3c5PNG image data, 42 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01139896373057
              PNG0x1655c80x4a3PNG image data, 52 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0092670598146587
              PNG0x165a6c0x5d7PNG image data, 63 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073578595317725
              PNG0x1660440x715PNG image data, 84 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0060672917815774
              PNG0x16675c0x5e2PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0073041168658698
              PNG0x166d400x6f5PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0061763054463784
              PNG0x1674380x7cbPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055137844611528
              PNG0x167c040xa5fPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0041431261770244
              PNG0x1686640xcfaPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9993979530403372
              PNG0x1693600x7c6PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0055276381909548
              PNG0x169b280x7a2PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056294779938588
              PNG0x16a2cc0xa9ePNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004047093451067
              PNG0x16ad6c0x11ecPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0023975588491718
              PNG0x16bf580x176ePNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.001833944648216
              PNG0x16d6c80x823PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0052808449351895
              PNG0x16deec0xa2cPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0042242703533026
              PNG0x16e9180xc07PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035725885027607
              PNG0x16f5200x102fPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026550808592807
              PNG0x1705500x125fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.002338932596215
              PNG0x1717b00x6b6PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064027939464493
              PNG0x171e680x8b7PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0049305244285074
              PNG0x1727200xafcPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0039118065433854
              PNG0x17321c0x110ePNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0025194686211636
              PNG0x17432c0x146aPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9980864906238041
              PNG0x1757980x109PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0075471698113208
              PNG0x1758a40x464PNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7135231316725978
              PNG0x175d080x462PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7112299465240641
              PNG0x17616c0x479PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7170305676855895
              PNG0x1765e80x4b9PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7377998345740281
              PNG0x176aa40x6dcPNG image data, 24 x 23, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00626423690205
              PNG0x1771800x939PNG image data, 30 x 29, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0046590427784836
              PNG0x177abc0xb1fPNG image data, 36 x 34, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0038637161924833
              PNG0x1785dc0x1151PNG image data, 48 x 46, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0024813895781637
              PNG0x1797300x17bePNG image data, 60 x 57, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0018098058571898
              PNG0x17aef00x7a9PNG image data, 68 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0056093829678736
              PNG0x17b69c0x122PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.006896551724138
              PNG0x17b7c00x103PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0038610038610039
              PNG0x17b8c40x146PNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0153374233128833
              PNG0x17ba0c0x134PNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064935064935066
              PNG0x17bb400x164PNG image data, 14 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0196629213483146
              PNG0x17bca40x1c6PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.024229074889868
              PNG0x17be6c0x21dPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0203327171903882
              PNG0x17c08c0x26fPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0176565008025682
              PNG0x17c2fc0x2f4PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0145502645502646
              PNG0x17c5f00x3adPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0116896918172158
              PNG0x17c9a00x1524PNG image data, 64 x 60, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0020325203252032
              PNG0x17dec40x1d78PNG image data, 80 x 75, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.001458112407211
              PNG0x17fc3c0x27c8PNG image data, 96 x 90, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0010801256873527
              PNG0x1824040x3a7aPNG image data, 128 x 120, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0007348029392118
              PNG0x185e800x51f4PNG image data, 160 x 150, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0007626310772164
              PNG0x18b0740x3946PNG image data, 120 x 113, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.0007502387123175
              PNG0x18e9bc0x4aadPNG image data, 150 x 141, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000836951404509
              PNG0x19346c0x6301PNG image data, 180 x 169, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000631288222529
              PNG0x1997700xaa7bPNG image data, 240 x 226, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000481176821025
              PNG0x1a41ec0xcc64PNG image data, 300 x 282, 8-bit/color RGB, non-interlacedEnglishGreat Britain1.000496903906429
              PNG0x1b0e500x107fPNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0026047833293867
              PNG0x1b1ed00x157dPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.00199963642974
              PNG0x1b34500x1dc2PNG image data, 72 x 72, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0014439485429247
              PNG0x1b52140x2facPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009013438216978
              PNG0x1b81c00x432cPNG image data, 120 x 120, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0009304489416144
              PNG0x1bc4ec0x102PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9922480620155039
              PNG0x1bc5f00x1b6PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9908675799086758
              PNG0x1bc7a80x16cPNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9752747252747253
              PNG0x1bc9140x170PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.779891304347826
              PNG0x1bca840x201PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8031189083820662
              PNG0x1bcc880xf6PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9959349593495935
              PNG0x1bcd800xffPNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.984313725490196
              PNG0x1bce800x118PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9714285714285714
              PNG0x1bcf980x14fPNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7253731343283583
              PNG0x1bd0e80x182PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6373056994818653
              PNG0x1bd26c0xddPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9140271493212669
              PNG0x1bd34c0xe9PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9356223175965666
              PNG0x1bd4380xf3PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9135802469135802
              PNG0x1bd52c0x13ePNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6666666666666666
              PNG0x1bd66c0x16fPNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.6076294277929155
              PNG0x1bd7dc0x112PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9817518248175182
              PNG0x1bd8f00x119PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9786476868327402
              PNG0x1bda0c0x127PNG image data, 60 x 48, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9322033898305084
              PNG0x1bdb340x170PNG image data, 80 x 64, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8097826086956522
              PNG0x1bdca40x1a6PNG image data, 100 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7535545023696683
              PNG0x1bde4c0xc6PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9949494949494949
              PNG0x1bdf140xfdPNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1be0140x121PNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0069204152249136
              PNG0x1be1380xedPNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1be2280x115PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1be3400xc5PNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9898477157360406
              PNG0x1be4080xfaPNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004
              PNG0x1be5040xddPNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9547511312217195
              PNG0x1be5e40x14aPNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.009090909090909
              PNG0x1be7300x128PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010135135135135
              PNG0x1be8580xc0PNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.984375
              PNG0x1be9180xcbPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9852216748768473
              PNG0x1be9e40x116PNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0071942446043165
              PNG0x1beafc0xebPNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957446808510638
              PNG0x1bebe80x11bPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1bed040xbePNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9894736842105263
              PNG0x1bedc40xd0PNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9711538461538461
              PNG0x1bee940xdcPNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.990909090909091
              PNG0x1bef700xe8PNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1bf0580xffPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1bf1580xbcPNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9893617021276596
              PNG0x1bf2140xcbPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9802955665024631
              PNG0x1bf2e00x112PNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9598540145985401
              PNG0x1bf3f40xefPNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1bf4e40x119PNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1bf6000xbfPNG image data, 8 x 9, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9842931937172775
              PNG0x1bf6c00xcfPNG image data, 10 x 11, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9855072463768116
              PNG0x1bf7900xdePNG image data, 12 x 13, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9954954954954955
              PNG0x1bf8700xecPNG image data, 16 x 18, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957627118644068
              PNG0x1bf95c0xfaPNG image data, 20 x 22, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1bfa580xbePNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9947368421052631
              PNG0x1bfb180xc8PNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.99
              PNG0x1bfbe00xbda3PNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7202916761076894
              PNG0x1cb9840xe8PNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9956896551724138
              PNG0x1cba6c0x109PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1cbb780xcePNG image data, 9 x 8, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1cbc480xcaPNG image data, 11 x 10, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9851485148514851
              PNG0x1cbd140xf6PNG image data, 13 x 12, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9959349593495935
              PNG0x1cbe0c0xeePNG image data, 18 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9957983193277311
              PNG0x1cbefc0xbf71PNG image data, 22 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.7202146544512232
              PNG0x1d7e700x12dPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0066445182724253
              PNG0x1d7fa00x13aPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0095541401273886
              PNG0x1d80dc0x161PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0113314447592068
              PNG0x1d82400x18aPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0203045685279188
              PNG0x1d83cc0x1caPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0240174672489082
              PNG0x1d85980xffPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1d86980x11bPNG image data, 20 x 20, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0035335689045937
              PNG0x1d87b40x135PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0161812297734627
              PNG0x1d88ec0x160PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0113636363636365
              PNG0x1d8a4c0x18cPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0176767676767677
              PNG0x1d8bd80x4f5PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0086682427107958
              PNG0x1d90d00x2b8PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0158045977011494
              PNG0x1d93880x42bPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0103092783505154
              PNG0x1d97b40x3d7PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0111902339776195
              PNG0x1d9b8c0xf6PNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040650406504066
              PNG0x1d9c840xcdPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0
              PNG0x1d9d540x10cPNG image data, 40 x 32, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0223880597014925
              PNG0x1d9e600x240PNG image data, 50 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0190972222222223
              PNG0x1da0a00x27dPNG image data, 26 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0172684458398744
              PNG0x1da3200x39cPNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0119047619047619
              PNG0x1da6bc0x717PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8429752066115702
              PNG0x1dadd40x7e5PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8629391390400791
              PNG0x1db5bc0x937PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8817295464179737
              PNG0x1dbef40xa5ePNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8862094951017332
              PNG0x1dc9540x4a5PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0092514718250631
              PNG0x1dcdfc0x7f5PNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8689248895434463
              PNG0x1dd5f40x8f0PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8837412587412588
              PNG0x1ddee40xabfPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9051254089422028
              PNG0x1de9a40xcb7PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9182795698924732
              PNG0x1df65c0x438PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.010185185185185
              PNG0x1dfa940x7afPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8566344687341129
              PNG0x1e02440x87fPNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8726436781609196
              PNG0x1e0ac40xa53PNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8974650018917897
              PNG0x1e15180xc5fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9153773287022419
              PNG0x1e21780x796PNG image data, 40 x 40, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.005664263645726
              PNG0x1e29100xbeePNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9119187950229207
              PNG0x1e35000xda8PNG image data, 60 x 60, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9236270022883295
              PNG0x1e42a80x114bPNG image data, 80 x 80, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9405918229049017
              PNG0x1e53f40x14d6PNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9514435695538058
              PNG0x1e68cc0x7faPNG image data, 50 x 50, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8653281096963761
              PNG0x1e70c80x8e2PNG image data, 62 x 62, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8768689533861038
              PNG0x1e79ac0xa08PNG image data, 75 x 75, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8921339563862928
              PNG0x1e83b40xc4fPNG image data, 100 x 100, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9139955569660425
              PNG0x1e90040xf37PNG image data, 125 x 125, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.9324775353016688
              PNG0x1e9f3c0x325PNG image data, 32 x 16, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.013664596273292
              PNG0x1ea2640x472PNG image data, 42 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0096660808435853
              PNG0x1ea6d80x55fPNG image data, 52 x 26, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.008
              PNG0x1eac380x6aePNG image data, 63 x 31, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0064327485380118
              PNG0x1eb2e80x8f3PNG image data, 84 x 42, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0048013967699694
              PNG0x1ebbdc0x9baPNG image data, 37 x 47, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.004417670682731
              PNG0x1ec5980x34dPNG image data, 126 x 14, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.01301775147929
              PNG0x1ec8e80xa99PNG image data, 157 x 17, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0040545521562845
              PNG0x1ed3840xc30PNG image data, 189 x 21, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.003525641025641
              PNG0x1edfb40xe60PNG image data, 252 x 28, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0029891304347827
              PNG0x1eee140x1506PNG image data, 315 x 35, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0020438498699369
              PNG0x1f031c0xbbePNG image data, 37 x 47, 8-bit/color RGBA, non-interlacedEnglishGreat Britain1.0036593479707252
              RT_BITMAP0x1f0edc0x1028Device independent bitmap graphic, 32 x 32 x 32, image size 40960.41392649903288203
              RT_BITMAP0x1f1f040x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.2161654135338346
              RT_BITMAP0x1f232c0x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.5018796992481203
              RT_BITMAP0x1f27540x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.3167293233082707
              RT_BITMAP0x1f2b7c0x1028Device independent bitmap graphic, 32 x 32 x 32, image size 40960.5548839458413927
              RT_BITMAP0x1f3ba40x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.5582706766917294
              RT_BITMAP0x1f3fcc0x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.48402255639097747
              RT_BITMAP0x1f43f40x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.5469924812030075
              RT_BITMAP0x1f481c0x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.4906015037593985
              RT_BITMAP0x1f4c440x1028Device independent bitmap graphic, 32 x 32 x 32, image size 40960.3034332688588008
              RT_BITMAP0x1f5c6c0x428Device independent bitmap graphic, 16 x 16 x 32, image size 10240.48872180451127817
              RT_BITMAP0x1f60940x6804Device independent bitmap graphic, 391 x 17 x 32, image size 26588, resolution 3582 x 3582 px/mEnglishGreat Britain0.2400105152471083
              RT_BITMAP0x1fc8980x5c28Device independent bitmap graphic, 368 x 16 x 32, image size 23552, resolution 3700 x 3700 px/mEnglishGreat Britain0.2527975584944049
              RT_BITMAP0x2024c00x8fe8Device independent bitmap graphic, 460 x 20 x 32, image size 36800, resolution 3503 x 3503 px/mEnglishGreat Britain0.2719326818675353
              RT_BITMAP0x20b4a80xcf28Device independent bitmap graphic, 552 x 24 x 32, image size 52992, resolution 3543 x 3543 px/mEnglishGreat Britain0.23167144365666012
              RT_BITMAP0x2183d00x17028Device independent bitmap graphic, 736 x 32 x 32, image size 94208, resolution 3543 x 3543 px/mEnglishGreat Britain0.1775528393175452
              RT_BITMAP0x22f3f80x23f28Device independent bitmap graphic, 920 x 40 x 32, image size 147200, resolution 3503 x 3503 px/mEnglishGreat Britain0.14206058136375985
              RT_BITMAP0x2533200x9ea4Device independent bitmap graphic, 483 x 21 x 32, image size 40572, resolution 3582 x 3582 px/mEnglishGreat Britain0.2606618733379297
              RT_BITMAP0x25d1c40xe0c4Device independent bitmap graphic, 575 x 25 x 32, image size 57500, resolution 3503 x 3503 px/mEnglishGreat Britain0.21746611053180395
              RT_BITMAP0x26b2880x19f98Device independent bitmap graphic, 782 x 34 x 32, image size 106352, resolution 3543 x 3543 px/mEnglishGreat Britain0.16091435446274155
              RT_BITMAP0x2852200x27a18Device independent bitmap graphic, 966 x 42 x 32, image size 162288, resolution 3582 x 3582 px/mEnglishGreat Britain0.13048272633187127
              RT_BITMAP0x2acc380x2028Device independent bitmap graphic, 128 x 16 x 32, image size 8192, resolution 3700 x 3700 px/mEnglishGreat Britain0.04652575315840622
              RT_BITMAP0x2aec600x3228Device independent bitmap graphic, 160 x 20 x 32, image size 12800, resolution 3700 x 3700 px/mEnglishGreat Britain0.07842679127725857
              RT_BITMAP0x2b1e880x4828Device independent bitmap graphic, 192 x 24 x 32, image size 18432, resolution 3661 x 3661 px/mEnglishGreat Britain0.056463837158943264
              RT_BITMAP0x2b66b00x8028Device independent bitmap graphic, 256 x 32 x 32, image size 32768, resolution 3661 x 3661 px/mEnglishGreat Britain0.0326749573274811
              RT_BITMAP0x2be6d80xc828Device independent bitmap graphic, 320 x 40 x 32, image size 51200, resolution 3661 x 3661 px/mEnglishGreat Britain0.03266978922716628
              RT_BITMAP0x2caf000xab8Device independent bitmap graphic, 52 x 13 x 32, image size 2704, resolution 2795 x 2795 px/mEnglishGreat Britain0.1271865889212828
              RT_BITMAP0x2cb9b80x1028Device independent bitmap graphic, 64 x 16 x 32, image size 4096, resolution 3622 x 3622 px/mEnglishGreat Britain0.1071083172147002
              RT_BITMAP0x2cc9e00x16b8Device independent bitmap graphic, 76 x 19 x 32, image size 5776, resolution 3622 x 3622 px/mEnglishGreat Britain0.10333562585969738
              RT_BITMAP0x2ce0980x2a68Device independent bitmap graphic, 104 x 26 x 32, image size 10816, resolution 3661 x 3661 px/mEnglishGreat Britain0.05407148120854827
              RT_BITMAP0x2d0b000x4028Device independent bitmap graphic, 128 x 32 x 32, image size 16384, resolution 3661 x 3661 px/mEnglishGreat Britain0.0479176814417925
              RT_BITMAP0x2d4b280x2028Device independent bitmap graphic, 16 x 128 x 32, image size 8192, resolution 2834 x 2834 px/mEnglishGreat Britain0.22983479105928087
              RT_BITMAP0x2d6b500x1028Device independent bitmap graphic, 32 x 32 x 32, image size 4096, resolution 3780 x 3780 px/mEnglishCanada0.30947775628626695
              RT_ICON0x2d7b780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584ChineseChina0.32692535194605465
              RT_MENU0x2e83a00x5edataEnglishGreat Britain0.8617021276595744
              RT_MENU0x2e84000x13cdataEnglishGreat Britain0.49683544303797467
              RT_MENU0x2e853c0x8edataEnglishGreat Britain0.6971830985915493
              RT_MENU0x2e85cc0x1aadataEnglishGreat Britain0.42018779342723006
              RT_MENU0x2e87780xdadataEnglishGreat Britain0.6238532110091743
              RT_MENU0x2e88540x164dataEnglishGreat Britain0.547752808988764
              RT_MENU0x2e89b80xbedataEnglishGreat Britain0.6368421052631579
              RT_MENU0x2e8a780xaedataEnglishGreat Britain0.632183908045977
              RT_MENU0x2e8b280xb8dataEnglishGreat Britain0.657608695652174
              RT_DIALOG0x2e8be00x530dataEnglishGreat Britain0.42846385542168675
              RT_DIALOG0x2e91100x238dataEnglishGreat Britain0.4982394366197183
              RT_DIALOG0x2e93480xe8dataEnglishGreat Britain0.6508620689655172
              RT_DIALOG0x2e94300x1c8dataEnglishGreat Britain0.5657894736842105
              RT_DIALOG0x2e95f80x1e0dataEnglishGreat Britain0.49166666666666664
              RT_DIALOG0x2e97d80x1acdataEnglishGreat Britain0.5607476635514018
              RT_DIALOG0x2e99840x1ccdataEnglishGreat Britain0.5
              RT_DIALOG0x2e9b500x1e4dataEnglishGreat Britain0.5206611570247934
              RT_DIALOG0x2e9d340x33cdataEnglishGreat Britain0.358695652173913
              RT_DIALOG0x2ea0700x6b6dataEnglishGreat Britain0.3911525029103609
              RT_DIALOG0x2ea7280x1a4dataEnglishGreat Britain0.5166666666666667
              RT_DIALOG0x2ea8cc0x1cedataEnglishGreat Britain0.48268398268398266
              RT_DIALOG0x2eaa9c0x4e4dataEnglishGreat Britain0.40814696485623003
              RT_DIALOG0x2eaf800x57edataEnglishGreat Britain0.4139402560455192
              RT_DIALOG0x2eb5000x54dataEnglishGreat Britain0.8095238095238095
              RT_DIALOG0x2eb5540xe0dataEnglishGreat Britain0.6517857142857143
              RT_DIALOG0x2eb6340x29adataEnglishGreat Britain0.47297297297297297
              RT_DIALOG0x2eb8d00xdcdataEnglishGreat Britain0.6363636363636364
              RT_DIALOG0x2eb9ac0x70dataEnglishGreat Britain0.7857142857142857
              RT_DIALOG0x2eba1c0x1cedataEnglishGreat Britain0.48484848484848486
              RT_DIALOG0x2ebbec0x180dataEnglishGreat Britain0.5755208333333334
              RT_DIALOG0x2ebd6c0x230dataEnglishGreat Britain0.4446428571428571
              RT_DIALOG0x2ebf9c0xc4dataEnglishGreat Britain0.7244897959183674
              RT_DIALOG0x2ec0600x14cdataEnglishGreat Britain0.5993975903614458
              RT_DIALOG0x2ec1ac0x462dataEnglishGreat Britain0.43137254901960786
              RT_DIALOG0x2ec6100x468dataEnglishGreat Britain0.43351063829787234
              RT_DIALOG0x2eca780x224dataEnglishGreat Britain0.5091240875912408
              RT_DIALOG0x2ecc9c0x286dataEnglishGreat Britain0.5046439628482973
              RT_DIALOG0x2ecf240x1e8dataEnglishGreat Britain0.5758196721311475
              RT_DIALOG0x2ed10c0xc8dBase III DBT, next free block index 4294901761EnglishGreat Britain0.665
              RT_DIALOG0x2ed1d40x938dataEnglishGreat Britain0.3771186440677966
              RT_DIALOG0x2edb0c0x462dataEnglishGreat Britain0.446524064171123
              RT_DIALOG0x2edf700x48adataEnglishGreat Britain0.3717728055077453
              RT_DIALOG0x2ee3fc0x34dataEnglishGreat Britain0.9038461538461539
              RT_DIALOG0x2ee4300x336dataEnglishGreat Britain0.38929440389294406
              RT_DIALOG0x2ee7680x462dataEnglishGreat Britain0.44563279857397503
              RT_DIALOG0x2eebcc0xd6dBase III DBT, next free block index 4294901761EnglishGreat Britain0.7009345794392523
              RT_DIALOG0x2eeca40x37cdataEnglishGreat Britain0.4461883408071749
              RT_DIALOG0x2ef0200xd4dataEnglishGreat Britain0.6037735849056604
              RT_DIALOG0x2ef0f40x2c8dataEnglishGreat Britain0.44662921348314605
              RT_DIALOG0x2ef3bc0x1a2dataEnglishGreat Britain0.5239234449760766
              RT_DIALOG0x2ef5600x186dataEnglishGreat Britain0.5948717948717949
              RT_DIALOG0x2ef6e80x3b4dataEnglishGreat Britain0.4588607594936709
              RT_DIALOG0x2efa9c0x38adataEnglishGreat Britain0.45916114790286977
              RT_DIALOG0x2efe280x3c8dataEnglishGreat Britain0.3894628099173554
              RT_DIALOG0x2f01f00x428dataEnglishGreat Britain0.36654135338345867
              RT_DIALOG0x2f06180x92dataEnglishGreat Britain0.6027397260273972
              RT_DIALOG0x2f06ac0x39cdataEnglishGreat Britain0.4090909090909091
              RT_DIALOG0x2f0a480x248dataEnglishGreat Britain0.488013698630137
              RT_DIALOG0x2f0c900x51cdataEnglishGreat Britain0.4258409785932722
              RT_DIALOG0x2f11ac0x558dataEnglishGreat Britain0.4159356725146199
              RT_DIALOG0x2f17040x4fedataEnglishGreat Britain0.4460093896713615
              RT_DIALOG0x2f1c040x544dataEnglishGreat Britain0.41839762611275966
              RT_DIALOG0x2f21480x454dataEnglishGreat Britain0.4575812274368231
              RT_DIALOG0x2f259c0x144dataEnglishGreat Britain0.6172839506172839
              RT_DIALOG0x2f26e00x514dataEnglishGreat Britain0.4276923076923077
              RT_DIALOG0x2f2bf40x248dataEnglishGreat Britain0.4674657534246575
              RT_DIALOG0x2f2e3c0x1dcdataEnglishGreat Britain0.5189075630252101
              RT_DIALOG0x2f30180xfcdataEnglishGreat Britain0.6746031746031746
              RT_DIALOG0x2f31140x40dataEnglishGreat Britain0.875
              RT_DIALOG0x2f31540x334dataEnglishGreat Britain0.44390243902439025
              RT_STRING0x2f34880x2b4data0.47398843930635837
              RT_STRING0x2f373c0xbe0data0.24243421052631578
              RT_RCDATA0x2f431c0x10data1.5
              RT_RCDATA0x2f432c0x3acdata0.7042553191489361
              RT_RCDATA0x2f46d80x140Delphi compiled form 'TFormMain'0.740625
              RT_RCDATA0x2f48180xb90Delphi compiled form 'TMadExcept'0.47297297297297297
              RT_RCDATA0x2f53a80x34eDelphi compiled form 'TMEContactForm'0.43498817966903075
              RT_RCDATA0x2f56f80x228Delphi compiled form 'TMEDetailsForm'0.5416666666666666
              RT_RCDATA0x2f59200x2a3Delphi compiled form 'TMEScrShotForm'0.5333333333333333
              RT_RCDATA0x2f5bc40x507Delphi compiled form 'TNoticForm'0.5003885003885004
              RT_RCDATA0x2f60cc0x2c634Delphi compiled form 'TScreenShotMainForm'0.26612654830264226
              RT_RCDATA0x3227000x20a2Delphi compiled form 'TTipForm'0.3003351687814221
              RT_GROUP_ICON0x3247a40x14dataChineseChina1.15
              RT_VERSION0x3247b80x30cdataEnglishUnited States0.4564102564102564
              RT_DLGINCLUDE0x324ac40xf436PC bitmap, Windows 3.x format, 8436 x 2 x 51, image size 63287, cbSize 62518, bits offset 540.9213346556191817
              RT_ANIICON0x333efc0xdb5bPC bitmap, Windows 3.x format, 7600 x 2 x 39, image size 56797, cbSize 56155, bits offset 540.3993411094292583
              RT_ANIICON0x341a580x916cPC bitmap, Windows 3.x format, 4737 x 2 x 47, image size 37231, cbSize 37228, bits offset 540.3930643601590201
              RT_ANIICON0x34abc40x9f2dPC bitmap, Windows 3.x format, 5290 x 2 x 47, image size 41201, cbSize 40749, bits offset 540.41745809713121795
              RT_ANIICON0x354af40x35514PC bitmap, Windows 3.x format, 27750 x 2 x 41, image size 219036, cbSize 218388, bits offset 540.4682720662307453
              RT_ANIICON0x38a0080x2ecebPC bitmap, Windows 3.x format, 24404 x 2 x 49, image size 192574, cbSize 191723, bits offset 540.4801041085315794
              RT_MANIFEST0x3b8cf40x352XML 1.0 document, ASCII text, with CRLF line terminatorsChineseChina0.48
              DLLImport
              gdi32.dllTextOutW, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixelV, SetPixel, SetDIBitsToDevice, SetDIBits, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, Polyline, OffsetViewportOrgEx, MoveToEx, LineTo, IntersectClipRect, GetViewportOrgEx, GetTextMetricsW, GetTextExtentPoint32W, GetTextExtentExPointW, GetTextColor, GetTextAlign, GetStockObject, GetROP2, GetPixel, GetPaletteEntries, GetObjectType, GetObjectW, GetNearestPaletteIndex, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBkMode, GetBkColor, ExtTextOutW, ExcludeClipRect, Ellipse, DeleteObject, DeleteDC, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePen, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CombineRgn, BitBlt
              kernel32.dlllstrcmpW, WriteProcessMemory, WritePrivateProfileStringW, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, UnmapViewOfFile, TerminateProcess, SystemTimeToFileTime, Sleep, ReadProcessMemory, QueryDosDeviceW, OutputDebugStringW, OpenProcess, MulDiv, MapViewOfFile, LocalFree, LocalAlloc, LoadLibraryW, LeaveCriticalSection, IsBadCodePtr, InitializeCriticalSection, HeapFree, HeapDestroy, HeapAlloc, GlobalUnlock, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalGetAtomNameW, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetTickCount, GetTempPathW, GetSystemTime, GetSystemInfo, GetSystemDirectoryW, GetProcessTimes, GetProcAddress, GetPrivateProfileStringW, GetPriorityClass, GetModuleHandleW, GetModuleFileNameW, GetLogicalDriveStringsW, GetLastError, GetDriveTypeW, GetDiskFreeSpaceExW, GetCurrentThreadId, GetCurrentProcess, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FlushInstructionCache, FileTimeToSystemTime, EnterCriticalSection, CreateMutexW, CreateFileMappingW, CreateFileW, CopyFileW, CloseHandle
              advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegFlushKey, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW, GetUserNameW, AdjustTokenPrivileges
              shell32.dllSHGetFileInfoW, ExtractIconW
              shell32.dllSHGetSpecialFolderPathW, SHGetPathFromIDListW, SHBrowseForFolderW
              ole32.dllCoCreateInstance
              comctl32.dll_TrackMouseEvent, ImageList_GetIconSize, ImageList_Draw
              Kernel32.dllGetLongPathNameW
              kernel32.dllSleep
              ole32.dllIsEqualGUID
              comctl32.dllImageList_GetIconSize
              user32.dllPrivateExtractIconsW
              kernel32.dllVerSetConditionMask, VerifyVersionInfoW
              Language of compilation systemCountry where language is spokenMap
              EnglishGreat Britain
              EnglishCanada
              ChineseChina
              EnglishUnited States
              TimestampSource PortDest PortSource IPDest IP
              Oct 5, 2024 16:49:38.955152988 CEST497068000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:38.960084915 CEST800049706193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:38.960215092 CEST497068000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:38.972548008 CEST497068000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:38.977435112 CEST800049706193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:38.977562904 CEST497068000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:38.982367992 CEST800049706193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:40.579416990 CEST800049706193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:40.579595089 CEST497068000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:40.606723070 CEST497068000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:40.611670017 CEST800049706193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:41.610183001 CEST497088000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:41.615134954 CEST800049708193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:41.615232944 CEST497088000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:41.617486000 CEST497088000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:41.622524977 CEST800049708193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:41.624625921 CEST497088000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:41.629492044 CEST800049708193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:43.272295952 CEST800049708193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:43.272432089 CEST497088000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:43.272856951 CEST497088000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:43.279561043 CEST800049708193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:44.286132097 CEST497098000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:44.291137934 CEST800049709193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:44.291342020 CEST497098000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:44.293349981 CEST497098000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:44.298300028 CEST800049709193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:44.298361063 CEST497098000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:44.303302050 CEST800049709193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:45.939038038 CEST800049709193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:45.939131021 CEST497098000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:45.939344883 CEST497098000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:45.946734905 CEST800049709193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:46.957187891 CEST497108000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:46.963884115 CEST800049710193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:46.963979959 CEST497108000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:46.964586020 CEST497108000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:46.969419003 CEST800049710193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:46.969470978 CEST497108000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:46.974318027 CEST800049710193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:48.616780996 CEST800049710193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:48.616856098 CEST497108000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:48.617065907 CEST497108000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:48.621840000 CEST800049710193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:49.627278090 CEST497118000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:49.947645903 CEST800049711193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:49.947727919 CEST497118000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:49.948281050 CEST497118000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:49.953094006 CEST800049711193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:49.953144073 CEST497118000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:49.958143950 CEST800049711193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:51.583631992 CEST800049711193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:51.583703995 CEST497118000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:51.583901882 CEST497118000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:51.588701963 CEST800049711193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:52.595319033 CEST497128000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:52.600740910 CEST800049712193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:52.600817919 CEST497128000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:52.601444006 CEST497128000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:52.606267929 CEST800049712193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:52.606319904 CEST497128000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:52.611099958 CEST800049712193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:54.253746986 CEST800049712193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:54.253810883 CEST497128000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:54.254070997 CEST497128000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:54.260149956 CEST800049712193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:55.266892910 CEST497138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:55.271790028 CEST800049713193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:55.271859884 CEST497138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:55.272402048 CEST497138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:55.277210951 CEST800049713193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:55.277266026 CEST497138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:55.282048941 CEST800049713193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:56.912939072 CEST800049713193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:56.913018942 CEST497138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:56.913988113 CEST497138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:56.918833971 CEST800049713193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:57.926048040 CEST497148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:57.933181047 CEST800049714193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:57.933274984 CEST497148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:57.933809042 CEST497148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:57.940902948 CEST800049714193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:57.940989971 CEST497148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:57.948086023 CEST800049714193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:59.563374996 CEST800049714193.142.146.64192.168.2.8
              Oct 5, 2024 16:49:59.563462973 CEST497148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:59.563653946 CEST497148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:49:59.569344044 CEST800049714193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:00.579205990 CEST497158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:00.586667061 CEST800049715193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:00.586745977 CEST497158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:00.587295055 CEST497158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:00.594750881 CEST800049715193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:00.594805956 CEST497158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:00.601967096 CEST800049715193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:02.203279018 CEST800049715193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:02.205796003 CEST497158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:02.206068993 CEST497158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:02.210978031 CEST800049715193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:03.220763922 CEST497168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:03.226075888 CEST800049716193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:03.227061987 CEST497168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:03.227802038 CEST497168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:03.232556105 CEST800049716193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:03.233581066 CEST497168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:03.238424063 CEST800049716193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:04.863604069 CEST800049716193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:04.864820957 CEST497168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:04.864936113 CEST497168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:04.869820118 CEST800049716193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:05.875858068 CEST497178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:05.881005049 CEST800049717193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:05.881091118 CEST497178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:05.881679058 CEST497178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:05.886795044 CEST800049717193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:05.886857033 CEST497178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:05.891794920 CEST800049717193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:07.521719933 CEST800049717193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:07.521804094 CEST497178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:07.522002935 CEST497178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:07.526851892 CEST800049717193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:08.540092945 CEST497188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:08.545130968 CEST800049718193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:08.545361042 CEST497188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:08.545794010 CEST497188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:08.550587893 CEST800049718193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:08.550664902 CEST497188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:08.555535078 CEST800049718193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:10.156519890 CEST800049718193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:10.157047987 CEST497188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:10.159132004 CEST497188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:10.165539026 CEST800049718193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:11.172665119 CEST497198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:11.177803993 CEST800049719193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:11.177930117 CEST497198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:11.178507090 CEST497198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:11.183425903 CEST800049719193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:11.183654070 CEST497198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:11.188601971 CEST800049719193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:12.850222111 CEST800049719193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:12.850291014 CEST497198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:12.850840092 CEST497198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:12.855654001 CEST800049719193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:13.860234022 CEST497208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:13.865222931 CEST800049720193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:13.865341902 CEST497208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:13.866245985 CEST497208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:13.871005058 CEST800049720193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:13.871110916 CEST497208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:13.875869989 CEST800049720193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:18.297457933 CEST800049720193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:18.297538996 CEST497208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:18.297950029 CEST497208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:18.302855968 CEST800049720193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:19.313364029 CEST497228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:19.318550110 CEST800049722193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:19.322088003 CEST497228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:19.322719097 CEST497228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:19.327544928 CEST800049722193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:19.328888893 CEST497228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:19.333714008 CEST800049722193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:21.047852039 CEST800049722193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:21.048008919 CEST497228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:21.048217058 CEST497228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:21.053045988 CEST800049722193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:22.065087080 CEST497238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:22.535907984 CEST800049723193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:22.536103010 CEST497238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:22.536900997 CEST497238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:22.541950941 CEST800049723193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:22.542047024 CEST497238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:22.547156096 CEST800049723193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:24.173099995 CEST800049723193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:24.173196077 CEST497238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:24.174180984 CEST497238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:24.180783033 CEST800049723193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:25.189424992 CEST497248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:25.194562912 CEST800049724193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:25.194639921 CEST497248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:25.195291042 CEST497248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:25.200066090 CEST800049724193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:25.200222969 CEST497248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:25.205053091 CEST800049724193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:27.222498894 CEST800049724193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:27.222608089 CEST497248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:27.222923040 CEST497248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:27.227996111 CEST800049724193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:28.235768080 CEST497258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:28.240823984 CEST800049725193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:28.240932941 CEST497258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:28.241544962 CEST497258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:28.246462107 CEST800049725193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:28.246598005 CEST497258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:28.251548052 CEST800049725193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:29.881323099 CEST800049725193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:29.881417990 CEST497258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:29.881628990 CEST497258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:29.886465073 CEST800049725193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:30.891773939 CEST497268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:30.896794081 CEST800049726193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:30.896878958 CEST497268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:30.897480965 CEST497268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:30.902335882 CEST800049726193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:30.902393103 CEST497268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:30.907278061 CEST800049726193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:32.516336918 CEST800049726193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:32.516680956 CEST497268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:32.516680956 CEST497268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:32.523123026 CEST800049726193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:33.532182932 CEST497278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:33.537224054 CEST800049727193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:33.537298918 CEST497278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:33.538136005 CEST497278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:33.542947054 CEST800049727193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:33.543000937 CEST497278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:33.547919989 CEST800049727193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:35.176464081 CEST800049727193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:35.176533937 CEST497278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:35.176743031 CEST497278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:35.181833029 CEST800049727193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:36.188465118 CEST497348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:36.193475962 CEST800049734193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:36.193547010 CEST497348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:36.194072008 CEST497348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:36.198805094 CEST800049734193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:36.198849916 CEST497348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:36.203639984 CEST800049734193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:37.815021038 CEST800049734193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:37.815125942 CEST497348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:37.815345049 CEST497348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:37.820310116 CEST800049734193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:38.828929901 CEST497528000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:38.833745003 CEST800049752193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:38.833827019 CEST497528000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:38.834353924 CEST497528000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:38.839245081 CEST800049752193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:38.839314938 CEST497528000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:38.844172955 CEST800049752193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:40.468521118 CEST800049752193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:40.468601942 CEST497528000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:40.468791962 CEST497528000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:40.473624945 CEST800049752193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:41.469644070 CEST497678000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:41.474606037 CEST800049767193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:41.478086948 CEST497678000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:41.478569031 CEST497678000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:41.483350992 CEST800049767193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:41.483422995 CEST497678000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:41.488215923 CEST800049767193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:43.097070932 CEST800049767193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:43.097140074 CEST497678000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:43.098411083 CEST497678000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:43.103348970 CEST800049767193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:44.110337019 CEST497878000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:44.115330935 CEST800049787193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:44.116085052 CEST497878000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:44.116614103 CEST497878000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:44.121767044 CEST800049787193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:44.122160912 CEST497878000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:44.127408028 CEST800049787193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:45.814029932 CEST800049787193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:45.814212084 CEST497878000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:45.814431906 CEST497878000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:45.819140911 CEST800049787193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:46.828923941 CEST498058000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:46.833806038 CEST800049805193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:46.833880901 CEST498058000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:46.834330082 CEST498058000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:46.839118004 CEST800049805193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:46.839179039 CEST498058000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:46.844166994 CEST800049805193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:48.455553055 CEST800049805193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:48.455624104 CEST498058000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:48.455811977 CEST498058000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:48.460525990 CEST800049805193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:49.469645977 CEST498218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:49.475509882 CEST800049821193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:49.475581884 CEST498218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:49.476171017 CEST498218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:49.480959892 CEST800049821193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:49.481019020 CEST498218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:49.485972881 CEST800049821193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:51.094677925 CEST800049821193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:51.094830990 CEST498218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:51.096606016 CEST498218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:51.101511955 CEST800049821193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:52.110162020 CEST498418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:52.123354912 CEST800049841193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:52.123415947 CEST498418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:52.124125957 CEST498418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:52.130985975 CEST800049841193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:52.131047964 CEST498418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:52.137043953 CEST800049841193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:53.758024931 CEST800049841193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:53.758219957 CEST498418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:53.758394957 CEST498418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:53.765168905 CEST800049841193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:54.766515970 CEST498568000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:54.772161007 CEST800049856193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:54.772254944 CEST498568000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:54.772923946 CEST498568000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:54.779537916 CEST800049856193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:54.779659033 CEST498568000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:54.786358118 CEST800049856193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:56.398797989 CEST800049856193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:56.398874044 CEST498568000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:56.399080038 CEST498568000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:56.403918982 CEST800049856193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:57.407252073 CEST498748000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:57.412414074 CEST800049874193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:57.412503004 CEST498748000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:57.412983894 CEST498748000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:57.417824984 CEST800049874193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:57.417886019 CEST498748000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:57.422935963 CEST800049874193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:59.032792091 CEST800049874193.142.146.64192.168.2.8
              Oct 5, 2024 16:50:59.032907009 CEST498748000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:59.033788919 CEST498748000192.168.2.8193.142.146.64
              Oct 5, 2024 16:50:59.038650990 CEST800049874193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:00.047833920 CEST498868000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:00.053020954 CEST800049886193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:00.053137064 CEST498868000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:00.053710938 CEST498868000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:00.058425903 CEST800049886193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:00.058495045 CEST498868000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:00.063288927 CEST800049886193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:01.692553997 CEST800049886193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:01.692640066 CEST498868000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:01.692948103 CEST498868000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:01.697876930 CEST800049886193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:02.704036951 CEST499028000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:02.709060907 CEST800049902193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:02.709141970 CEST499028000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:02.709908962 CEST499028000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:02.714869022 CEST800049902193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:02.714925051 CEST499028000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:02.719790936 CEST800049902193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:04.329298973 CEST800049902193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:04.330106020 CEST499028000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:04.330622911 CEST499028000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:04.335432053 CEST800049902193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:05.344727039 CEST499158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:05.349741936 CEST800049915193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:05.350111008 CEST499158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:05.350604057 CEST499158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:05.355443001 CEST800049915193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:05.358128071 CEST499158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:05.363734007 CEST800049915193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:06.987337112 CEST800049915193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:06.987608910 CEST499158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:06.987868071 CEST499158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:06.992748022 CEST800049915193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:08.000955105 CEST499328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:08.006844044 CEST800049932193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:08.006933928 CEST499328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:08.007630110 CEST499328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:08.013972998 CEST800049932193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:08.014040947 CEST499328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:08.019350052 CEST800049932193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:09.626362085 CEST800049932193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:09.626537085 CEST499328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:09.626749992 CEST499328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:09.631618977 CEST800049932193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:10.594635963 CEST499508000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:10.599678040 CEST800049950193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:10.599757910 CEST499508000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:10.600478888 CEST499508000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:10.605304003 CEST800049950193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:10.605361938 CEST499508000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:10.611247063 CEST800049950193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:12.225079060 CEST800049950193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:12.225186110 CEST499508000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:12.225516081 CEST499508000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:12.230384111 CEST800049950193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:13.172827959 CEST499668000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:13.179727077 CEST800049966193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:13.179814100 CEST499668000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:13.180485010 CEST499668000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:13.185519934 CEST800049966193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:13.185600996 CEST499668000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:13.191468000 CEST800049966193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:14.797776937 CEST800049966193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:14.797907114 CEST499668000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:14.798703909 CEST499668000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:14.803807020 CEST800049966193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:15.704669952 CEST499848000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:15.709585905 CEST800049984193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:15.710990906 CEST499848000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:15.711657047 CEST499848000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:15.716522932 CEST800049984193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:15.718139887 CEST499848000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:15.723129034 CEST800049984193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:17.329545975 CEST800049984193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:17.329607964 CEST499848000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:17.329853058 CEST499848000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:17.334640026 CEST800049984193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:18.204155922 CEST500008000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:18.255714893 CEST800050000193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:18.255805016 CEST500008000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:18.256930113 CEST500008000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:18.264081955 CEST800050000193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:18.264306068 CEST500008000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:18.270850897 CEST800050000193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:19.878101110 CEST800050000193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:19.878329992 CEST500008000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:19.878526926 CEST500008000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:19.883281946 CEST800050000193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:20.735354900 CEST500138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:20.740642071 CEST800050013193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:20.742141008 CEST500138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:20.742693901 CEST500138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:20.747476101 CEST800050013193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:20.748127937 CEST500138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:20.753505945 CEST800050013193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:22.362782001 CEST800050013193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:22.366244078 CEST500138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:22.366744995 CEST500138000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:22.371582031 CEST800050013193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:23.188540936 CEST500148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:23.194978952 CEST800050014193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:23.195091009 CEST500148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:23.195713043 CEST500148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:23.203762054 CEST800050014193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:23.203840971 CEST500148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:23.217051029 CEST800050014193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:24.824289083 CEST800050014193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:24.824527025 CEST500148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:24.824606895 CEST500148000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:24.829761028 CEST800050014193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:25.626055956 CEST500158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:25.631206989 CEST800050015193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:25.631318092 CEST500158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:25.631874084 CEST500158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:25.636889935 CEST800050015193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:25.636969090 CEST500158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:25.642726898 CEST800050015193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:27.251806974 CEST800050015193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:27.251879930 CEST500158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:27.252051115 CEST500158000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:27.256989002 CEST800050015193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:28.018901110 CEST500168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:28.024463892 CEST800050016193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:28.024559021 CEST500168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:28.028490067 CEST500168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:28.033461094 CEST800050016193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:28.033587933 CEST500168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:28.038472891 CEST800050016193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:29.658217907 CEST800050016193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:29.658337116 CEST500168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:29.658545971 CEST500168000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:29.663301945 CEST800050016193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:30.407366991 CEST500178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:30.412658930 CEST800050017193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:30.412767887 CEST500178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:30.413436890 CEST500178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:30.418199062 CEST800050017193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:30.418267012 CEST500178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:30.423516989 CEST800050017193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:32.049341917 CEST800050017193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:32.049454927 CEST500178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:32.049648046 CEST500178000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:32.054404020 CEST800050017193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:32.766592026 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:32.771532059 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:32.771640062 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:32.772205114 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:32.777018070 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:32.777070045 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:32.781888962 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.068434954 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.068484068 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.068682909 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.068855047 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.068892956 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.069224119 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.069261074 CEST500188000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.074466944 CEST800050018193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.767921925 CEST500198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.772844076 CEST800050019193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.773000002 CEST500198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.778075933 CEST500198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.782840967 CEST800050019193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:35.782900095 CEST500198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:35.787655115 CEST800050019193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:37.409033060 CEST800050019193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:37.409174919 CEST500198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:37.409603119 CEST500198000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:37.416142941 CEST800050019193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:38.079046965 CEST500208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:38.084199905 CEST800050020193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:38.084286928 CEST500208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:38.084837914 CEST500208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:38.089560032 CEST800050020193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:38.089638948 CEST500208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:38.094439030 CEST800050020193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:39.726061106 CEST800050020193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:39.726165056 CEST500208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:39.726396084 CEST500208000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:39.731198072 CEST800050020193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:40.376477003 CEST500218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:40.385281086 CEST800050021193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:40.385395050 CEST500218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:40.386008024 CEST500218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:40.390995979 CEST800050021193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:40.391051054 CEST500218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:40.395889044 CEST800050021193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:42.018161058 CEST800050021193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:42.018251896 CEST500218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:42.018517017 CEST500218000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:42.024456024 CEST800050021193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:42.644773960 CEST500228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:42.650248051 CEST800050022193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:42.650330067 CEST500228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:42.650973082 CEST500228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:42.655869961 CEST800050022193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:42.655991077 CEST500228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:42.660940886 CEST800050022193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:44.267342091 CEST800050022193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:44.267453909 CEST500228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:44.267694950 CEST500228000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:44.272948027 CEST800050022193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:44.876058102 CEST500238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:44.881067991 CEST800050023193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:44.881179094 CEST500238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:44.881792068 CEST500238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:44.886605978 CEST800050023193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:44.886662006 CEST500238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:44.891454935 CEST800050023193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:46.517688990 CEST800050023193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:46.517759085 CEST500238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:46.517976046 CEST500238000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:46.522797108 CEST800050023193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:47.110594034 CEST500248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:47.115678072 CEST800050024193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:47.115797997 CEST500248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:47.119544983 CEST500248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:47.124373913 CEST800050024193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:47.124533892 CEST500248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:47.129395962 CEST800050024193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:48.738410950 CEST800050024193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:48.738514900 CEST500248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:48.738763094 CEST500248000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:48.743479967 CEST800050024193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:49.315336943 CEST500258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:49.320388079 CEST800050025193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:49.320466995 CEST500258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:49.323215961 CEST500258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:49.327991009 CEST800050025193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:49.328058958 CEST500258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:49.332851887 CEST800050025193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:51.008935928 CEST800050025193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:51.009011030 CEST500258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:51.009198904 CEST500258000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:51.013986111 CEST800050025193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:51.563604116 CEST500268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:51.568552971 CEST800050026193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:51.568669081 CEST500268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:51.570044994 CEST500268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:51.575069904 CEST800050026193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:51.575136900 CEST500268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:51.580045938 CEST800050026193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:53.304438114 CEST800050026193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:53.304589033 CEST500268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:53.304894924 CEST500268000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:53.309967041 CEST800050026193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:53.845664024 CEST500278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:53.850689888 CEST800050027193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:53.850778103 CEST500278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:53.851398945 CEST500278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:53.856177092 CEST800050027193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:53.856245995 CEST500278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:53.861001015 CEST800050027193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:55.501914978 CEST800050027193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:55.501991987 CEST500278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:55.502207041 CEST500278000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:55.507045984 CEST800050027193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:56.016580105 CEST500288000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:56.021811962 CEST800050028193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:56.021909952 CEST500288000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:56.022495985 CEST500288000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:56.027539015 CEST800050028193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:56.027618885 CEST500288000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:56.032464981 CEST800050028193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:57.649760962 CEST800050028193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:57.649931908 CEST500288000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:57.650636911 CEST500288000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:57.657422066 CEST800050028193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:58.141946077 CEST500298000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:58.280355930 CEST800050029193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:58.280488968 CEST500298000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:58.282103062 CEST500298000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:58.287396908 CEST800050029193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:58.287488937 CEST500298000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:58.292500019 CEST800050029193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:59.928915024 CEST800050029193.142.146.64192.168.2.8
              Oct 5, 2024 16:51:59.929056883 CEST500298000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:59.932308912 CEST500298000192.168.2.8193.142.146.64
              Oct 5, 2024 16:51:59.937686920 CEST800050029193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:00.408523083 CEST500308000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:00.413614988 CEST800050030193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:00.413758039 CEST500308000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:00.415883064 CEST500308000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:00.420737982 CEST800050030193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:00.420850992 CEST500308000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:00.425690889 CEST800050030193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:02.033526897 CEST800050030193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:02.033591032 CEST500308000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:02.033772945 CEST500308000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:02.038562059 CEST800050030193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:02.502424002 CEST500318000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:02.507515907 CEST800050031193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:02.507642031 CEST500318000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:02.508207083 CEST500318000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:02.512995958 CEST800050031193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:02.513077021 CEST500318000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:02.517880917 CEST800050031193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:04.127531052 CEST800050031193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:04.127661943 CEST500318000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:04.127872944 CEST500318000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:04.132791042 CEST800050031193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:04.579305887 CEST500328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:04.591336966 CEST800050032193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:04.591553926 CEST500328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:04.592231035 CEST500328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:04.602823973 CEST800050032193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:04.602920055 CEST500328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:04.612242937 CEST800050032193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:06.206295967 CEST800050032193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:06.206428051 CEST500328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:06.207098007 CEST500328000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:06.211858034 CEST800050032193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:06.641856909 CEST500338000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:06.646792889 CEST800050033193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:06.650197983 CEST500338000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:06.651016951 CEST500338000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:06.655810118 CEST800050033193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:06.658154011 CEST500338000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:06.662967920 CEST800050033193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:08.417900085 CEST800050033193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:08.418035030 CEST500338000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:08.418232918 CEST500338000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:08.431102991 CEST800050033193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:08.847027063 CEST500348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:08.852020025 CEST800050034193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:08.852113008 CEST500348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:08.852634907 CEST500348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:08.857553959 CEST800050034193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:08.857620001 CEST500348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:08.862487078 CEST800050034193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:10.471615076 CEST800050034193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:10.471690893 CEST500348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:10.471932888 CEST500348000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:10.477669954 CEST800050034193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:10.875993013 CEST500358000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:10.880846977 CEST800050035193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:10.881062031 CEST500358000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:10.881701946 CEST500358000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:10.886471987 CEST800050035193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:10.886538982 CEST500358000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:10.891472101 CEST800050035193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:12.509501934 CEST800050035193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:12.509615898 CEST500358000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:12.509947062 CEST500358000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:12.514919996 CEST800050035193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:12.907293081 CEST500368000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:12.914041042 CEST800050036193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:12.914119959 CEST500368000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:12.914664984 CEST500368000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:12.919945955 CEST800050036193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:12.920011997 CEST500368000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:12.924871922 CEST800050036193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:14.554791927 CEST800050036193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:14.554892063 CEST500368000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:14.555200100 CEST500368000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:14.560184956 CEST800050036193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:14.944427967 CEST500378000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:14.949338913 CEST800050037193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:14.949446917 CEST500378000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:14.954679012 CEST500378000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:14.959789991 CEST800050037193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:14.959846020 CEST500378000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:14.965027094 CEST800050037193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:16.586199999 CEST800050037193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:16.586313009 CEST500378000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:16.587740898 CEST500378000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:16.592484951 CEST800050037193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:16.954145908 CEST500388000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:16.959028006 CEST800050038193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:16.959119081 CEST500388000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:16.959901094 CEST500388000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:16.964966059 CEST800050038193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:16.965061903 CEST500388000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:16.969854116 CEST800050038193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:18.580744982 CEST800050038193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:18.580828905 CEST500388000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:18.581024885 CEST500388000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:18.585923910 CEST800050038193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:18.938420057 CEST500398000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:18.943320036 CEST800050039193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:18.943391085 CEST500398000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:18.943875074 CEST500398000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:18.948862076 CEST800050039193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:18.948909044 CEST500398000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:18.953974962 CEST800050039193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:20.565016985 CEST800050039193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:20.565099001 CEST500398000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:20.565335989 CEST500398000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:20.570627928 CEST800050039193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:20.910859108 CEST500408000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:20.915699005 CEST800050040193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:20.915783882 CEST500408000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:20.920243979 CEST500408000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:20.925015926 CEST800050040193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:20.925079107 CEST500408000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:20.929913044 CEST800050040193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:22.568406105 CEST800050040193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:22.568495035 CEST500408000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:22.568742990 CEST500408000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:22.576447964 CEST800050040193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:22.907322884 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:22.912489891 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:22.912602901 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:22.913151026 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:22.918179035 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:22.918257952 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:22.923182964 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:24.689549923 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:24.689702034 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:24.719727993 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.032140970 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.048242092 CEST500428000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.641480923 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.731786966 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.731817007 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.731894016 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.731972933 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.732050896 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.732050896 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.733227968 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.733257055 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.733290911 CEST800050042193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.733318090 CEST800050041193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.733421087 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.733499050 CEST500418000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.733527899 CEST500428000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.735050917 CEST500428000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.739875078 CEST800050042193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:25.739980936 CEST500428000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:25.744844913 CEST800050042193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:27.367897034 CEST800050042193.142.146.64192.168.2.8
              Oct 5, 2024 16:52:27.367995024 CEST500428000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:27.462801933 CEST500428000192.168.2.8193.142.146.64
              Oct 5, 2024 16:52:27.467894077 CEST800050042193.142.146.64192.168.2.8

              Click to jump to process

              Click to jump to process

              Click to dive into process behavior distribution

              Click to jump to process

              Target ID:0
              Start time:10:49:19
              Start date:05/10/2024
              Path:C:\Users\user\Desktop\an_api.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\an_api.exe"
              Imagebase:0x400000
              File size:3'604'856 bytes
              MD5 hash:D8B47BD38C34FC553EC5765B5297DB5D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Target ID:2
              Start time:10:49:34
              Start date:05/10/2024
              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
              Imagebase:0x320000
              File size:2'141'552 bytes
              MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:true

              Target ID:3
              Start time:10:49:34
              Start date:05/10/2024
              Path:C:\Windows\explorer.exe
              Wow64 process (32bit):false
              Commandline:"C:\Windows\explorer.exe"
              Imagebase:0x7ff62d7d0000
              File size:5'141'208 bytes
              MD5 hash:662F4F92FDE3557E86D110526BB578D5
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Target ID:4
              Start time:10:49:34
              Start date:05/10/2024
              Path:C:\Windows\explorer.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\explorer.exe /NoUACCheck
              Imagebase:0x7ff62d7d0000
              File size:5'141'208 bytes
              MD5 hash:662F4F92FDE3557E86D110526BB578D5
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Target ID:7
              Start time:10:49:36
              Start date:05/10/2024
              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" P61I1O 193.142.146.64 8000 O4U27X
              Imagebase:0xa00000
              File size:46'832 bytes
              MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:moderate
              Has exited:false

              Target ID:8
              Start time:10:49:36
              Start date:05/10/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff6ee680000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              Reset < >

                Execution Graph

                Execution Coverage:0.6%
                Dynamic/Decrypted Code Coverage:53.4%
                Signature Coverage:33.1%
                Total number of Nodes:133
                Total number of Limit Nodes:12
                execution_graph 50734 4360c3 50735 436108 VirtualProtect 50734->50735 50737 4361d8 50735->50737 50740 436216 50735->50740 50743 4361f1 7 API calls 50737->50743 50739 4361e6 50744 43681f 7 API calls 50740->50744 50743->50739 50745 747c36 50746 747c3b VirtualProtect 50745->50746 50747 747c87 50746->50747 50748 747d46 VirtualProtect 50747->50748 50752 747d1a 50747->50752 50751 747d78 50748->50751 50750 747d12 50750->50748 50754 747cdb 50752->50754 50753 747d46 VirtualProtect 50755 747d78 50753->50755 50754->50753 50755->50750 50760 784e30 50761 784e6f WriteProcessMemory 50760->50761 50763 784f5a 50761->50763 50783 784f55 50761->50783 50764 785090 50763->50764 50765 7850fb 50763->50765 50787 785383 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50764->50787 50786 78511b Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50765->50786 50768 78537b 50784 785880 50768->50784 50788 785447 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50768->50788 50770 785d3c 50793 786021 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50770->50793 50771 78543d 50789 78545b Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50771->50789 50778 785523 50785 785829 50778->50785 50791 785887 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50778->50791 50779 785451 50779->50778 50790 785621 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50779->50790 50784->50770 50784->50785 50792 785dd5 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50784->50792 50785->50783 50794 786755 Wow64SetThreadContext Wow64SetThreadContext Wow64SetThreadContext 50785->50794 50787->50768 50788->50771 50789->50779 50791->50784 50793->50785 50798 42016c 50799 42016f 50798->50799 50800 420194 VirtualProtect 50799->50800 50801 4201c2 50800->50801 50802 77ee47 50804 77ee54 50802->50804 50803 77f9d2 VirtualAllocEx 50805 77fa0f 50803->50805 50804->50803 50806 42ff11 50809 42ff22 50806->50809 50810 42ff56 50809->50810 50814 42ff45 NtQueryDefaultLocale 50809->50814 50810->50814 50818 430160 50810->50818 50812 43026a 50813 43045d 50821 4304c6 7 API calls 50813->50821 50814->50812 50814->50813 50816 4304bc 50822 430170 50818->50822 50821->50816 50830 43017f 50822->50830 50824 430178 NtQueryDefaultLocale 50826 43026a 50824->50826 50827 43045d 50824->50827 50828 4304c6 7 API calls 50827->50828 50829 4304bc 50828->50829 50831 4301a4 NtQueryDefaultLocale 50830->50831 50833 43026a 50831->50833 50834 43045d 50831->50834 50837 4304c6 7 API calls 50834->50837 50836 4304bc 50837->50836 50838 7405ac 50839 7405b2 VirtualAlloc 50838->50839 50840 74063e 50839->50840 50843 740648 50839->50843 50867 740652 13 API calls 50840->50867 50842 740718 50845 7412da 50842->50845 50850 740a0d 50842->50850 50843->50842 50868 74079d 12 API calls 50843->50868 50856 74136f 50845->50856 50872 7413a1 VirtualFree VirtualFree VirtualFree VirtualFree 50845->50872 50858 740e87 VirtualFree 50850->50858 50871 740eed 9 API calls 50850->50871 50851 740795 50854 7408ae 50851->50854 50869 740808 12 API calls 50851->50869 50854->50842 50870 74078f 12 API calls 50854->50870 50855 7419be 50861 741647 50856->50861 50862 741641 VirtualFree VirtualFree VirtualFree 50856->50862 50858->50855 50859 74189d 50859->50858 50863 74190d 50859->50863 50861->50858 50861->50859 50873 7417ff VirtualFree VirtualFree 50861->50873 50862->50856 50864 741950 VirtualFree 50863->50864 50866 7419be 50864->50866 50866->50858 50867->50843 50868->50851 50870->50842 50871->50858 50873->50861 50874 7abd82 50898 7abd94 50874->50898 50876 7abd8a VirtualAlloc 50878 7ac4cd 50876->50878 50879 7ad8b5 50876->50879 50880 7ac882 50878->50880 50888 7ad18e 50878->50888 50881 7ac9ef 7 API calls 50880->50881 50896 7ac9e6 50881->50896 50882 7accf5 ReadFile ReadFile ReadFile ReadFile ReadFile 50883 7acceb 50882->50883 50884 7acd10 50883->50884 50894 7acd51 50883->50894 50885 7acd23 ReadFile 50884->50885 50886 7acd1c 50885->50886 50887 7ad0c0 50889 7ad0d7 ReadFile ReadFile 50887->50889 50890 7ad88d ReadFile 50888->50890 50891 7ad0d0 50889->50891 50890->50879 50892 7acdb1 50892->50887 50892->50888 50893 7aca0a 50893->50882 50894->50892 50895 7ad02b ReadFile ReadFile ReadFile 50894->50895 50895->50892 50896->50893 50897 7acc9b 6 API calls 50896->50897 50897->50896 50899 7ac4a6 VirtualAlloc 50898->50899 50900 7ad8b5 50899->50900 50901 7ac4cd 50899->50901 50902 7ac882 50901->50902 50910 7ad18e 50901->50910 50920 7ac9ef 7 API calls 50902->50920 50912 7ad88d ReadFile 50910->50912 50912->50900 50921 73c84d 50922 73c874 LoadLibraryW 50921->50922 50924 73c89d LoadLibraryW 50922->50924 50925 73c8ba 50922->50925 50924->50925 50930 7876a6 50931 7876b6 Wow64SetThreadContext 50930->50931 50933 7877b4 50931->50933 50934 773be8 50935 773c13 VirtualProtect 50934->50935 50937 773ce3 50935->50937
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00784F4B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID: A$D$E$L$L$L$L$P$P$P$S$W$W$a$a$a$a$b$b$b$c$c$c$d$d$e$e$e$e$g$i$i$i$i$o$o$o$o$o$p$r$r$r$r$r$r$s$s$s$s$t$t$t$u$v$x$y$y
                • API String ID: 3559483778-1767516126
                • Opcode ID: 212cce9c8623a1b776a63750937d0ff178700bda268de22295b4aac2d64a7175
                • Instruction ID: e57743384bf2be94cf143c3fe414f71f46bd031cc480286f5cfff7b5c4884dda
                • Opcode Fuzzy Hash: 212cce9c8623a1b776a63750937d0ff178700bda268de22295b4aac2d64a7175
                • Instruction Fuzzy Hash: BE42CFB1D086A98EEB24DB24CC487EABBB5AF51304F0440E9D44D67681D2BD5FC5CF62

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 302 73bd86-73bdb6 303 73bdc9-73bdde 302->303 304 73bdb8-73bdc4 302->304 305 73bdf1-73be10 303->305 306 73bde0-73bdec 303->306 307 73c0ba-73c0c1 304->307 308 73be23-73be35 305->308 309 73be12-73be1e 305->309 306->307 310 73c0c7-73c0da call 73c0db 307->310 311 73c195-73c87a 307->311 312 73be37-73be43 308->312 313 73be48-73beb1 308->313 309->307 319 73c880-73c89b LoadLibraryW 310->319 311->319 312->307 321 73beb7-73bf01 313->321 322 73c0ae-73c0b4 313->322 324 73c8f8-73cd73 call 73c926 call 73cc95 call 73cca8 call 73cd74 319->324 325 73c89d-73c8b8 LoadLibraryW 319->325 326 73bf12-73bf23 321->326 322->307 325->324 328 73c8ba-73c8d5 325->328 329 73bfc4-73c015 326->329 330 73bf29-73bf39 326->330 328->324 343 73c8d7-73c8f2 328->343 346 73c023-73c07a 329->346 347 73c017-73c021 329->347 330->329 335 73bf3f-73bf90 call 73bf5f 330->335 348 73bf92-73bfb4 335->348 349 73bfb6 335->349 343->324 360 73dc54-73e229 call 73dd5c call 73ddcb call 73e20f call 73e22a 343->360 354 73c088 346->354 355 73c07c-73c086 346->355 353 73c092-73c099 347->353 348->349 350 73bfbd 348->350 349->326 350->329 358 73c09b-73c0a7 353->358 359 73c0a9 353->359 354->353 355->353 358->307 359->322
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;$A$E$F$F2<>$P$R$V$V$a$a$c$c$e$e$e$i$i$i$l$l$l$l$o$o$r$r$r$r$s$s$t$t$t$u$u$x
                • API String ID: 0-3242596576
                • Opcode ID: 22d4afd0425f057eb71b9609288411be4d7df077d64ee263f9918b7fc1dd899d
                • Instruction ID: ed1ce2c161c53e3fd8376926f28cc6b2327e2fe3134638cfb7d050ea562ca732
                • Opcode Fuzzy Hash: 22d4afd0425f057eb71b9609288411be4d7df077d64ee263f9918b7fc1dd899d
                • Instruction Fuzzy Hash: 7A42BEB1D042A88BFB25CB24CC547EABBB5EF95300F1481EAD44DA7282D6795FC18F52

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 388 77e2b2-77e2ed 389 77e300-77e315 388->389 390 77e2ef-77e2fb 388->390 392 77e317-77e323 389->392 393 77e328-77e347 389->393 391 77e5f1-77e61f 390->391 403 77e626-77e9bf 391->403 404 77e621 391->404 392->391 395 77e35a-77e36c 393->395 396 77e349-77e355 393->396 397 77e37f-77e3e8 395->397 398 77e36e-77e37a 395->398 396->391 401 77e5e5-77e5eb 397->401 402 77e3ee-77e438 397->402 398->391 401->391 406 77e449-77e45a 402->406 425 77e9c5-77eb4c 403->425 426 77f2d2-77f9cc call 77f354 403->426 407 788bcd-788ce6 404->407 409 77e460-77e470 406->409 410 77e4fb-77e51b call 77e51d 406->410 411 788ce8-788cf2 407->411 412 788cf7-788d42 407->412 409->410 416 77e476-77e4c7 409->416 410->401 417 788fb3-788fec call 788fd0 call 788fe1 411->417 413 788d53-788d73 call 788d75 412->413 414 788d44-788d4e 412->414 413->417 414->417 432 77e4ed 416->432 433 77e4c9-77e4eb 416->433 452 7898fe-789ced 417->452 453 788ff2-78947e call 7890b9 417->453 430 77eb4e-77eb58 425->430 431 77eb5d-77eba8 425->431 473 77f9d2-77fa0d VirtualAllocEx 426->473 437 77ee19-77ee90 call 77ee30 call 77ee47 430->437 438 77ebaa-77ebb4 431->438 439 77ebb9-77ec4b call 77ec4c 431->439 432->406 433->432 440 77e4f4 433->440 437->473 438->437 439->437 440->410 479 789cef-789cfb 452->479 480 789d00-789d15 452->480 481 789480-7894bc call 78949a 453->481 482 7894c1-7894ce call 7894cf 453->482 476 77fa0f 473->476 476->407 483 789ff1 479->483 484 789d28-789d47 480->484 485 789d17-789d23 480->485 486 789d49-789d55 484->486 487 789d5a-789d6c 484->487 485->483 486->483 490 789d6e-789d7a 487->490 491 789d7f-789de8 487->491 490->483 496 789dee-789e38 491->496 497 789fe5-789feb 491->497 498 789e49-789e5a 496->498 497->483 499 789efb-789f4c 498->499 500 789e60-789e70 498->500 502 789f5a-789fb1 499->502 503 789f4e-789f58 499->503 500->499 501 789e76-789ec7 500->501 507 789ec9-789eeb 501->507 508 789eed 501->508 505 789fbf 502->505 506 789fb3-789fbd 502->506 504 789fc9-789fd0 503->504 509 789fe0 504->509 510 789fd2-789fde 504->510 505->504 506->504 507->508 511 789ef4 507->511 508->498 509->497 510->483 511->499
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0077F9FA
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: <8I@$E$L$L$L$L$P$W$W$a$a$a$a$b$b$c$d$d$e$i$i$i$j@h$o$o$o$r$r$r$r$r$s$s$t$x$y$y
                • API String ID: 4275171209-3097042741
                • Opcode ID: 0bcd373811692b9c53ba05288a44e3e24032068d770e0722ea261a86ddbc33bd
                • Instruction ID: 3dfa709f472e930b03fa9681e4fe60c152b1d0734059f38c2d8dc45fe5b65245
                • Opcode Fuzzy Hash: 0bcd373811692b9c53ba05288a44e3e24032068d770e0722ea261a86ddbc33bd
                • Instruction Fuzzy Hash: 1742E3B1E042A89AEB24CB24CC58BEABBB5EF55304F0480F9D54DA7281D67D5FC58F12

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 513 73b09c-73b897 call 73b3c7 call 73b886 521 73c195-73c87a 513->521 522 73b89d-73ba24 call 73b94e 513->522 543 73c880-73c89b LoadLibraryW 521->543 531 73ba26-73ba30 522->531 532 73ba35-73ba80 522->532 534 73bcdc-73bd15 531->534 536 73ba82-73ba8c 532->536 537 73ba91-73bb90 call 73bb92 532->537 538 73bd17-73bd53 call 73bd3f 534->538 539 73bd58-73bdb6 call 73bd73 call 73bd86 534->539 536->534 537->534 538->543 560 73bdc9-73bdde 539->560 561 73bdb8-73bdc4 539->561 547 73c8f8-73cd73 call 73c926 call 73cc95 call 73cca8 call 73cd74 543->547 548 73c89d-73c8b8 LoadLibraryW 543->548 548->547 551 73c8ba-73c8d5 548->551 551->547 565 73c8d7-73c8f2 551->565 562 73bdf1-73be10 560->562 563 73bde0-73bdec 560->563 566 73c0ba-73c0c1 561->566 567 73be23-73be35 562->567 568 73be12-73be1e 562->568 563->566 565->547 579 73dc54-73e229 call 73dd5c call 73ddcb call 73e20f call 73e22a 565->579 566->521 570 73c0c7-73c0da call 73c0db 566->570 572 73be37-73be43 567->572 573 73be48-73beb1 567->573 568->566 570->543 572->566 581 73beb7-73bf01 573->581 582 73c0ae-73c0b4 573->582 586 73bf12-73bf23 581->586 582->566 589 73bfc4-73c015 586->589 590 73bf29-73bf39 586->590 604 73c023-73c07a 589->604 605 73c017-73c021 589->605 590->589 594 73bf3f-73bf90 call 73bf5f 590->594 607 73bf92-73bfb4 594->607 608 73bfb6 594->608 613 73c088 604->613 614 73c07c-73c086 604->614 612 73c092-73c099 605->612 607->608 609 73bfbd 607->609 608->586 609->589 617 73c09b-73c0a7 612->617 618 73c0a9 612->618 613->612 614->612 617->566 618->582
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$E$L$L$L$L$P$W$W$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
                • API String ID: 1029625771-4009114861
                • Opcode ID: 1a43e311990051fb2355f972c6f017fb52e0ceac2311ba783246b59fad3e87df
                • Instruction ID: 4483da4b0211b37748290d9c30e41fe79eedeb64eab2e1529f0b212326655bd6
                • Opcode Fuzzy Hash: 1a43e311990051fb2355f972c6f017fb52e0ceac2311ba783246b59fad3e87df
                • Instruction Fuzzy Hash: 4E32B151D186A8CAFB218B24DC447EAB675EF61300F0490F9C18CAB291E67E5FC5CF66

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 629 7727ea-7729ab 634 7729ad-7729b7 629->634 635 7729bc-772a07 629->635 636 772c78-772cb1 634->636 637 772a09-772a13 635->637 638 772a18-772a1e 635->638 643 772cb7-772e3d 636->643 644 7735c3-7735d0 call 7735d1 636->644 637->636 640 772a24-772a7c 638->640 641 772a83-772b4a call 772a9f 640->641 655 772b64-772b74 641->655 656 772b4c-772b62 641->656 650 772e3f-772e49 643->650 651 772e4e-772e99 643->651 654 773cc2-773ce1 VirtualProtect 644->654 653 77310a-773143 650->653 657 772e9b-772ea5 651->657 658 772eaa-772eb0 651->658 665 773186-7731e4 653->665 666 773145-773181 653->666 661 773ce3-773d1f call 773d11 654->661 662 773d21-773d27 654->662 655->641 663 772b7a-772b8d 655->663 660 772bc7-772bce 656->660 657->653 664 772eb6-7730fa call 772ece 658->664 670 772c10-772c5c 660->670 671 772bd0-772c0e 660->671 672 773d2d-773d34 661->672 662->672 663->641 669 772b93-772ba3 663->669 694 773100 664->694 681 7731f7-77320c 665->681 682 7731e6-7731f2 665->682 666->654 677 772ba5-772baf 669->677 678 772bb1 669->678 673 772c6e 670->673 674 772c5e-772c68 670->674 671->636 679 773d36-773d48 call 773d4a 672->679 680 773d6d-773d9e call 773d9f 672->680 673->636 674->640 674->673 688 772bbb-772bc1 677->688 678->688 684 77321f-77323e 681->684 685 77320e-77321a 681->685 690 7734e8-7734ef 682->690 692 773251-773263 684->692 693 773240-77324c 684->693 685->690 688->660 690->644 696 7734f5-773566 call 77355b 690->696 698 773276-7732df 692->698 699 773265-773271 692->699 693->690 694->653 696->644 704 7732e5-77332f 698->704 705 7734dc-7734e2 698->705 699->690 707 773340-773351 704->707 705->690 708 773357-773367 707->708 709 7733f2-7734d5 call 773407 707->709 708->709 711 77336d-7733be 708->711 709->690 713 7733e4 711->713 714 7733c0-7733e2 711->714 713->707 714->713 716 7733eb 714->716 716->709
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                • API String ID: 0-2457314740
                • Opcode ID: e7dcbd269d77a3b2a7558c782f689d32117e03524c26433dd1440a336c4a3442
                • Instruction ID: bfcea859e7a94283d89223d536081dbcf4893b2c1c753b5e552cd23918380708
                • Opcode Fuzzy Hash: e7dcbd269d77a3b2a7558c782f689d32117e03524c26433dd1440a336c4a3442
                • Instruction Fuzzy Hash: D3F1F5B1D042A98AFB248B24DC587EAB775EF51300F1481F9D54DA7281D6BE4FC58F22

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 722 77ec4c-77eceb 723 77ed05-77ed15 722->723 724 77eced-77ed03 722->724 726 77ec24-77ec4b call 77ec4c 723->726 727 77ed1b-77ed2e 723->727 725 77ed68-77ed6f 724->725 728 77edb1-77edfd 725->728 729 77ed71-77edaf call 77ed84 725->729 741 77ee19-77ee90 call 77ee30 call 77ee47 726->741 727->726 731 77ed34-77ed44 727->731 733 77ee0f 728->733 734 77edff-77ee09 728->734 729->741 736 77ed46-77ed50 731->736 737 77ed52 731->737 733->741 734->733 740 77ebc5-77ec1d 734->740 738 77ed5c-77ed62 736->738 737->738 738->725 740->726 752 77f9d2-77fa0d VirtualAllocEx 741->752 753 77fa0f-788ce6 752->753 755 788ce8-788cf2 753->755 756 788cf7-788d42 753->756 759 788fb3-788fec call 788fd0 call 788fe1 755->759 757 788d53-788d73 call 788d75 756->757 758 788d44-788d4e 756->758 757->759 758->759 769 7898fe-789ced 759->769 770 788ff2-78947e call 7890b9 759->770 782 789cef-789cfb 769->782 783 789d00-789d15 769->783 784 789480-7894bc call 78949a 770->784 785 7894c1-7894ce call 7894cf 770->785 786 789ff1 782->786 787 789d28-789d47 783->787 788 789d17-789d23 783->788 789 789d49-789d55 787->789 790 789d5a-789d6c 787->790 788->786 789->786 793 789d6e-789d7a 790->793 794 789d7f-789de8 790->794 793->786 799 789dee-789e38 794->799 800 789fe5-789feb 794->800 801 789e49-789e5a 799->801 800->786 802 789efb-789f4c 801->802 803 789e60-789e70 801->803 805 789f5a-789fb1 802->805 806 789f4e-789f58 802->806 803->802 804 789e76-789ec7 803->804 810 789ec9-789eeb 804->810 811 789eed 804->811 808 789fbf 805->808 809 789fb3-789fbd 805->809 807 789fc9-789fd0 806->807 812 789fe0 807->812 813 789fd2-789fde 807->813 808->807 809->807 810->811 814 789ef4 810->814 811->801 812->800 813->786 814->802
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0077F9FA
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: <8I@$E$L$L$P$W$a$a$b$c$d$e$i$i$j@h$o$o$r$r$r$s$s$t$x$y
                • API String ID: 4275171209-266970051
                • Opcode ID: 190273423703327b4d04cf023b15ae8de329cff38361cbdc07aaec45b8d95fb4
                • Instruction ID: b6832b04fa110ba3c9819a68e62167eea748330e9af84fd46f071e4cd7b7a3af
                • Opcode Fuzzy Hash: 190273423703327b4d04cf023b15ae8de329cff38361cbdc07aaec45b8d95fb4
                • Instruction Fuzzy Hash: 8CF104B1D082A88AEB208B24DC587EA7B75EF55300F1480FAD54D67281D6BD4FC5CF62

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 816 77ee47-77ee52 817 77ee95-77eef3 816->817 818 77ee54-77ee90 816->818 824 77ef06-77ef1b 817->824 825 77eef5-77ef01 817->825 821 77f9d2-77fa0d VirtualAllocEx 818->821 823 77fa0f-788ce6 821->823 832 788ce8-788cf2 823->832 833 788cf7-788d42 823->833 828 77ef2e-77ef4d 824->828 829 77ef1d-77ef29 824->829 827 77f1f7-77f1fe 825->827 830 77f204-77f28f 827->830 831 77f2d2-77f9cc call 77f354 827->831 834 77ef60-77ef72 828->834 835 77ef4f-77ef5b 828->835 829->827 830->831 862 77f291-77f2cd call 77f2bf 830->862 831->821 839 788fb3-788fec call 788fd0 call 788fe1 832->839 836 788d53-788d73 call 788d75 833->836 837 788d44-788d4e 833->837 841 77ef85-77efee 834->841 842 77ef74-77ef80 834->842 835->827 836->839 837->839 873 7898fe-789ced 839->873 874 788ff2-78947e call 7890b9 839->874 848 77eff4-77f03e 841->848 849 77f1eb-77f1f1 841->849 842->827 854 77f04f-77f060 848->854 849->827 860 77f066-77f076 854->860 861 77f101-77f1e4 call 77f120 854->861 860->861 865 77f07c-77f0cd 860->865 861->827 862->821 880 77f0f3 865->880 881 77f0cf-77f0f1 865->881 897 789cef-789cfb 873->897 898 789d00-789d15 873->898 899 789480-7894bc call 78949a 874->899 900 7894c1-7894ce call 7894cf 874->900 880->854 881->880 886 77f0fa 881->886 886->861 901 789ff1 897->901 902 789d28-789d47 898->902 903 789d17-789d23 898->903 904 789d49-789d55 902->904 905 789d5a-789d6c 902->905 903->901 904->901 908 789d6e-789d7a 905->908 909 789d7f-789de8 905->909 908->901 914 789dee-789e38 909->914 915 789fe5-789feb 909->915 916 789e49-789e5a 914->916 915->901 917 789efb-789f4c 916->917 918 789e60-789e70 916->918 920 789f5a-789fb1 917->920 921 789f4e-789f58 917->921 918->917 919 789e76-789ec7 918->919 925 789ec9-789eeb 919->925 926 789eed 919->926 923 789fbf 920->923 924 789fb3-789fbd 920->924 922 789fc9-789fd0 921->922 927 789fe0 922->927 928 789fd2-789fde 922->928 923->922 924->922 925->926 929 789ef4 925->929 926->916 927->915 928->901 929->917
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0077F9FA
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$j@h$o$o$r$r$r$s$s$t$x$y
                • API String ID: 4275171209-410011414
                • Opcode ID: afa986527c84f1645bc79b0d6fa37fff6f867f8d9a061dbac9b7a2de743f2dc8
                • Instruction ID: a119884afc635dbb444a80f051f7eeaabbcfbc0c5312f6b41c4b3b43c63fd802
                • Opcode Fuzzy Hash: afa986527c84f1645bc79b0d6fa37fff6f867f8d9a061dbac9b7a2de743f2dc8
                • Instruction Fuzzy Hash: C422CEB1E052688BEB24CB24CC58BEABBB5EB85304F1481FAD40D67281D6795FC5CF52
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00784F4B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID: E$L$L$P$W$_W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 3559483778-1762996778
                • Opcode ID: 2eb74568783af71e0c5f44e95373f637b824b178062607dbc5bd6ee8ad160a42
                • Instruction ID: 6693b1801fdcca74b44b4842d096f5449417cf0fb89c3686ef42d799305e6dc6
                • Opcode Fuzzy Hash: 2eb74568783af71e0c5f44e95373f637b824b178062607dbc5bd6ee8ad160a42
                • Instruction Fuzzy Hash: DF22F171E081A98BEB24DB24CC98BEABBB5AF55304F1440FAC44D67282D6B95FC5CF11

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1266 786bde-786c07 1267 786c09-786c45 1266->1267 1268 786c4a-786ca8 1266->1268 1269 787787-7877ad Wow64SetThreadContext 1267->1269 1272 786caa-786cb6 1268->1272 1273 786cbb-786cd0 1268->1273 1274 7877b4-788ce6 1269->1274 1275 786fac-786fb3 1272->1275 1276 786cd2-786cde 1273->1276 1277 786ce3-786d02 1273->1277 1283 788ce8-788cf2 1274->1283 1284 788cf7-788d42 1274->1284 1279 786fb9-787044 call 786fcd 1275->1279 1280 787087-7870ae call 7870af 1275->1280 1276->1275 1281 786d04-786d10 1277->1281 1282 786d15-786d27 1277->1282 1279->1280 1313 787046-787082 1279->1313 1280->1269 1281->1275 1289 786d29-786d35 1282->1289 1290 786d3a-786da3 1282->1290 1291 788fb3-788fec call 788fd0 call 788fe1 1283->1291 1285 788d53-788d73 call 788d75 1284->1285 1286 788d44-788d4e 1284->1286 1285->1291 1286->1291 1289->1275 1299 786da9-786e15 1290->1299 1300 786fa0-786fa6 1290->1300 1319 7898fe-789ced 1291->1319 1320 788ff2-78947e call 7890b9 1291->1320 1305 786e1b-786e2b 1299->1305 1306 786eb6-786f07 1299->1306 1300->1275 1305->1306 1309 786e31-786e5d call 786e5f 1305->1309 1311 786f09-786f13 1306->1311 1312 786f15-786f6c 1306->1312 1309->1306 1316 786f84-786f8b 1311->1316 1328 786f7a 1312->1328 1329 786f6e-786f78 1312->1329 1313->1269 1322 786f9b 1316->1322 1323 786f8d-786f99 1316->1323 1338 789cef-789cfb 1319->1338 1339 789d00-789d15 1319->1339 1340 789480-7894bc call 78949a 1320->1340 1341 7894c1-7894ce call 7894cf 1320->1341 1322->1300 1323->1275 1328->1316 1329->1316 1342 789ff1 1338->1342 1343 789d28-789d47 1339->1343 1344 789d17-789d23 1339->1344 1345 789d49-789d55 1343->1345 1346 789d5a-789d6c 1343->1346 1344->1342 1345->1342 1349 789d6e-789d7a 1346->1349 1350 789d7f-789de8 1346->1350 1349->1342 1355 789dee-789e38 1350->1355 1356 789fe5-789feb 1350->1356 1357 789e49-789e5a 1355->1357 1356->1342 1358 789efb-789f4c 1357->1358 1359 789e60-789e70 1357->1359 1361 789f5a-789fb1 1358->1361 1362 789f4e-789f58 1358->1362 1359->1358 1360 789e76-789ec7 1359->1360 1366 789ec9-789eeb 1360->1366 1367 789eed 1360->1367 1364 789fbf 1361->1364 1365 789fb3-789fbd 1361->1365 1363 789fc9-789fd0 1362->1363 1368 789fe0 1363->1368 1369 789fd2-789fde 1363->1369 1364->1363 1365->1363 1366->1367 1370 789ef4 1366->1370 1367->1357 1368->1356 1369->1342 1370->1358
                APIs
                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00787795
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 983334009-215400123
                • Opcode ID: d4af79fcc55e2d06a94efce8fc39b630b092735f345ba270443234d268e862b1
                • Instruction ID: 59b580bf49cd4f83bc44e40b90f8224a6104d234d457fb694d721c003fb31da7
                • Opcode Fuzzy Hash: d4af79fcc55e2d06a94efce8fc39b630b092735f345ba270443234d268e862b1
                • Instruction Fuzzy Hash: 7C12FEB1D041A89AEB248B24DC98BEABBB5EB80304F1441F9D94D67281D77D9FC1CF52

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1372 7872ac-7872b9 1373 7872bb-7872d1 1372->1373 1374 7872d3-7872e3 1372->1374 1375 787336-78733d 1373->1375 1376 7872e9-7872fc 1374->1376 1377 7871f2-787294 call 787295 1374->1377 1379 78737f-7873cb 1375->1379 1380 78733f-78737d 1375->1380 1376->1377 1378 787302-787312 1376->1378 1377->1372 1383 787320 1378->1383 1384 787314-78731e 1378->1384 1389 7873dd 1379->1389 1390 7873cd-7873d7 1379->1390 1385 7873e7-787477 call 7873fd call 787450 1380->1385 1388 78732a-787330 1383->1388 1384->1388 1398 787479-787485 1385->1398 1399 78748a-78749f 1385->1399 1388->1375 1389->1385 1390->1389 1392 787193-7871eb 1390->1392 1392->1377 1400 78777b-787781 1398->1400 1401 7874a1-7874ad 1399->1401 1402 7874b2-7874d1 1399->1402 1403 787787-7877ad Wow64SetThreadContext 1400->1403 1401->1400 1404 7874d3-7874df 1402->1404 1405 7874e4-7874f6 1402->1405 1409 7877b4-788ce6 1403->1409 1404->1400 1406 7874f8-787504 1405->1406 1407 787509-787572 1405->1407 1406->1400 1410 787578-7875c2 1407->1410 1411 78776f-787775 1407->1411 1414 788ce8-788cf2 1409->1414 1415 788cf7-788d42 1409->1415 1413 7875d3-7875e4 1410->1413 1411->1400 1418 7875ea-7875fa 1413->1418 1419 787685-7876a3 call 7876a6 1413->1419 1420 788fb3-788fec call 788fd0 call 788fe1 1414->1420 1416 788d53-788d73 call 788d75 1415->1416 1417 788d44-788d4e 1415->1417 1416->1420 1417->1420 1418->1419 1422 787600-787651 1418->1422 1419->1411 1438 7898fe-789ced 1420->1438 1439 788ff2-78947e call 7890b9 1420->1439 1426 787653-787675 1422->1426 1427 787677 1422->1427 1426->1427 1431 78767e 1426->1431 1427->1413 1431->1419 1451 789cef-789cfb 1438->1451 1452 789d00-789d15 1438->1452 1453 789480-7894bc call 78949a 1439->1453 1454 7894c1-7894ce call 7894cf 1439->1454 1455 789ff1 1451->1455 1456 789d28-789d47 1452->1456 1457 789d17-789d23 1452->1457 1458 789d49-789d55 1456->1458 1459 789d5a-789d6c 1456->1459 1457->1455 1458->1455 1462 789d6e-789d7a 1459->1462 1463 789d7f-789de8 1459->1463 1462->1455 1468 789dee-789e38 1463->1468 1469 789fe5-789feb 1463->1469 1470 789e49-789e5a 1468->1470 1469->1455 1471 789efb-789f4c 1470->1471 1472 789e60-789e70 1470->1472 1474 789f5a-789fb1 1471->1474 1475 789f4e-789f58 1471->1475 1472->1471 1473 789e76-789ec7 1472->1473 1479 789ec9-789eeb 1473->1479 1480 789eed 1473->1480 1477 789fbf 1474->1477 1478 789fb3-789fbd 1474->1478 1476 789fc9-789fd0 1475->1476 1481 789fe0 1476->1481 1482 789fd2-789fde 1476->1482 1477->1476 1478->1476 1479->1480 1483 789ef4 1479->1483 1480->1470 1481->1469 1482->1455 1483->1471
                APIs
                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00787795
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 983334009-215400123
                • Opcode ID: e1172734129b6dc0e1b99b42b0bd49df3696b6a03c0ef73e2da620bd3084eb4d
                • Instruction ID: b96ea5ddb8692e7fb64a2b59314a3c62fbc953b555b4b62939732a3511687307
                • Opcode Fuzzy Hash: e1172734129b6dc0e1b99b42b0bd49df3696b6a03c0ef73e2da620bd3084eb4d
                • Instruction Fuzzy Hash: 8AF1E0B1D082A89AEB248B24DC58BEABBB5EF90304F1440F9D54D66281D67D5EC5CF12

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1485 777414-777431 1487 777433-777449 1485->1487 1488 77744b-77745b 1485->1488 1489 7774ae-7774b5 1487->1489 1490 777461-777474 1488->1490 1491 77736a-777413 call 77737f call 777414 1488->1491 1494 7774f7-77750b call 77750c 1489->1494 1495 7774b7-7774f5 call 7774db 1489->1495 1490->1491 1493 77747a-77748a 1490->1493 1499 77748c-777496 1493->1499 1500 777498 1493->1500 1506 77755f-787477 call 777570 call 7873fd call 787450 1494->1506 1495->1506 1504 7774a2-7774a8 1499->1504 1500->1504 1504->1489 1521 787479-787485 1506->1521 1522 78748a-78749f 1506->1522 1523 78777b-787781 1521->1523 1524 7874a1-7874ad 1522->1524 1525 7874b2-7874d1 1522->1525 1526 787787-7877ad Wow64SetThreadContext 1523->1526 1524->1523 1527 7874d3-7874df 1525->1527 1528 7874e4-7874f6 1525->1528 1532 7877b4-788ce6 1526->1532 1527->1523 1529 7874f8-787504 1528->1529 1530 787509-787572 1528->1530 1529->1523 1533 787578-7875c2 1530->1533 1534 78776f-787775 1530->1534 1537 788ce8-788cf2 1532->1537 1538 788cf7-788d42 1532->1538 1536 7875d3-7875e4 1533->1536 1534->1523 1541 7875ea-7875fa 1536->1541 1542 787685-7876a3 call 7876a6 1536->1542 1543 788fb3-788fec call 788fd0 call 788fe1 1537->1543 1539 788d53-788d73 call 788d75 1538->1539 1540 788d44-788d4e 1538->1540 1539->1543 1540->1543 1541->1542 1545 787600-787651 1541->1545 1542->1534 1561 7898fe-789ced 1543->1561 1562 788ff2-78947e call 7890b9 1543->1562 1549 787653-787675 1545->1549 1550 787677 1545->1550 1549->1550 1554 78767e 1549->1554 1550->1536 1554->1542 1574 789cef-789cfb 1561->1574 1575 789d00-789d15 1561->1575 1576 789480-7894bc call 78949a 1562->1576 1577 7894c1-7894ce call 7894cf 1562->1577 1578 789ff1 1574->1578 1579 789d28-789d47 1575->1579 1580 789d17-789d23 1575->1580 1581 789d49-789d55 1579->1581 1582 789d5a-789d6c 1579->1582 1580->1578 1581->1578 1585 789d6e-789d7a 1582->1585 1586 789d7f-789de8 1582->1586 1585->1578 1591 789dee-789e38 1586->1591 1592 789fe5-789feb 1586->1592 1593 789e49-789e5a 1591->1593 1592->1578 1594 789efb-789f4c 1593->1594 1595 789e60-789e70 1593->1595 1597 789f5a-789fb1 1594->1597 1598 789f4e-789f58 1594->1598 1595->1594 1596 789e76-789ec7 1595->1596 1602 789ec9-789eeb 1596->1602 1603 789eed 1596->1603 1600 789fbf 1597->1600 1601 789fb3-789fbd 1597->1601 1599 789fc9-789fd0 1598->1599 1604 789fe0 1599->1604 1605 789fd2-789fde 1599->1605 1600->1599 1601->1599 1602->1603 1606 789ef4 1602->1606 1603->1593 1604->1592 1605->1578 1606->1594
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: 57d5dce7b450a18ec50dd41d8ca64e5baf1b35d0a54b99e31d433e7f024414b5
                • Instruction ID: 7257b1ebe6ba37db89f8290bc2677012cdbf0fd316b3f820d026e20143d41b33
                • Opcode Fuzzy Hash: 57d5dce7b450a18ec50dd41d8ca64e5baf1b35d0a54b99e31d433e7f024414b5
                • Instruction Fuzzy Hash: E8F116B1D086A88AEB249B24CC587EABB75EF51304F1480F9D54D67282D67D4FC5CF22

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1608 786e5f-786e82 1609 786ea8 1608->1609 1610 786e84-786ea6 1608->1610 1614 786eb6-786f07 1609->1614 1615 786e1b-786e2b 1609->1615 1610->1609 1611 786eaf 1610->1611 1611->1614 1616 786f09-786f13 1614->1616 1617 786f15-786f6c 1614->1617 1615->1614 1618 786e31-786e5d call 786e5f 1615->1618 1619 786f84-786f8b 1616->1619 1631 786f7a 1617->1631 1632 786f6e-786f78 1617->1632 1618->1614 1623 786f9b-786fa6 1619->1623 1624 786f8d-786f99 1619->1624 1627 786fac-786fb3 1623->1627 1624->1627 1629 786fb9-787044 call 786fcd 1627->1629 1630 787087-7870ae call 7870af 1627->1630 1629->1630 1641 787046-787082 1629->1641 1638 787787-7877ad Wow64SetThreadContext 1630->1638 1631->1619 1632->1619 1640 7877b4-788ce6 1638->1640 1643 788ce8-788cf2 1640->1643 1644 788cf7-788d42 1640->1644 1641->1638 1647 788fb3-788fec call 788fd0 call 788fe1 1643->1647 1645 788d53-788d73 call 788d75 1644->1645 1646 788d44-788d4e 1644->1646 1645->1647 1646->1647 1657 7898fe-789ced 1647->1657 1658 788ff2-78947e call 7890b9 1647->1658 1670 789cef-789cfb 1657->1670 1671 789d00-789d15 1657->1671 1672 789480-7894bc call 78949a 1658->1672 1673 7894c1-7894ce call 7894cf 1658->1673 1674 789ff1 1670->1674 1675 789d28-789d47 1671->1675 1676 789d17-789d23 1671->1676 1677 789d49-789d55 1675->1677 1678 789d5a-789d6c 1675->1678 1676->1674 1677->1674 1681 789d6e-789d7a 1678->1681 1682 789d7f-789de8 1678->1682 1681->1674 1687 789dee-789e38 1682->1687 1688 789fe5-789feb 1682->1688 1689 789e49-789e5a 1687->1689 1688->1674 1690 789efb-789f4c 1689->1690 1691 789e60-789e70 1689->1691 1693 789f5a-789fb1 1690->1693 1694 789f4e-789f58 1690->1694 1691->1690 1692 789e76-789ec7 1691->1692 1698 789ec9-789eeb 1692->1698 1699 789eed 1692->1699 1696 789fbf 1693->1696 1697 789fb3-789fbd 1693->1697 1695 789fc9-789fd0 1694->1695 1700 789fe0 1695->1700 1701 789fd2-789fde 1695->1701 1696->1695 1697->1695 1698->1699 1702 789ef4 1698->1702 1699->1689 1700->1688 1701->1674 1702->1690
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: d4a39bfe16b11c7f6b0feef259fa541ef98292d2378902ded36a5f9c5bfc0f2d
                • Instruction ID: 4e80c658da95f874ba6eaf48909303bef3eba885105b63241bacdf0b86363b3f
                • Opcode Fuzzy Hash: d4a39bfe16b11c7f6b0feef259fa541ef98292d2378902ded36a5f9c5bfc0f2d
                • Instruction Fuzzy Hash: 09D124B2D081A89AEB249B28DC58BEA7BB5EF51304F0440F9D54D67282D6BD4FC4CF52

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 2157 7aaca1-7ac4c7 call 7ab16f call 7abdd5 call 7abe2e call 7ac120 VirtualAlloc 2185 7b78b8-7b79a4 call 7b79a7 2157->2185 2186 7ac4cd-7ac87c call 7ac505 call 7ac563 call 7ac853 call 7ac865 2157->2186 2203 7ad18e-7ad8b5 call 7ad1a4 call 7ad1b4 call 7ad54a ReadFile 2186->2203 2204 7ac882-7aca08 call 7ac9ef 2186->2204 2203->2185 2217 7aca0a-7aca14 2204->2217 2218 7aca19-7aca64 2204->2218 2221 7accd5-7acd0e call 7accf5 2217->2221 2240 7aca66-7aca70 2218->2240 2241 7aca75-7aca7b 2218->2241 2231 7acd10-7acd22 call 7acd23 2221->2231 2232 7acd51-7acdaf 2221->2232 2237 7acdc2-7acdd7 2232->2237 2238 7acdb1-7acdbd 2232->2238 2244 7acdea-7ace09 2237->2244 2245 7acdd9-7acde5 2237->2245 2243 7ad0b3-7ad0ba 2238->2243 2240->2221 2247 7aca81-7acad9 2241->2247 2243->2203 2248 7ad0c0-7ad0e7 call 7ad0d7 2243->2248 2249 7ace0b-7ace17 2244->2249 2250 7ace1c-7ace2e 2244->2250 2245->2243 2252 7acae0-7acba7 call 7acb02 2247->2252 2249->2243 2255 7ace30-7ace3c 2250->2255 2256 7ace41-7aceaa 2250->2256 2266 7acba9-7acbbf 2252->2266 2267 7acbc1-7acbd1 2252->2267 2255->2243 2262 7aceb0-7acefa 2256->2262 2263 7ad0a7-7ad0ad 2256->2263 2265 7acf0b-7acf1c 2262->2265 2263->2243 2269 7acfbd-7ad00e 2265->2269 2270 7acf22-7acf32 2265->2270 2271 7acc24-7acc2b 2266->2271 2267->2252 2268 7acbd7-7acbea 2267->2268 2268->2252 2272 7acbf0-7acc00 2268->2272 2273 7ad01c-7ad029 call 7ad02b 2269->2273 2274 7ad010-7ad01a 2269->2274 2270->2269 2275 7acf38-7acf89 call 7acf66 2270->2275 2276 7acc6d-7accb9 call 7acc9b 2271->2276 2277 7acc2d-7acc6b 2271->2277 2280 7acc0e 2272->2280 2281 7acc02-7acc0c 2272->2281 2282 7ad08b-7ad092 2273->2282 2274->2282 2295 7acf8b-7acfad 2275->2295 2296 7acfaf 2275->2296 2297 7acccb 2276->2297 2298 7accbb-7accc5 2276->2298 2277->2221 2289 7acc18-7acc1e 2280->2289 2281->2289 2287 7ad0a2 2282->2287 2288 7ad094-7ad0a0 2282->2288 2287->2243 2288->2243 2289->2271 2295->2296 2299 7acfb6 2295->2299 2296->2265 2297->2221 2298->2247 2298->2297 2299->2269
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$L$L$R$W$W$a$a$a$a$b$b$d$d$i$i$o$o$r$r$r$r$y$y
                • API String ID: 4275171209-3125122428
                • Opcode ID: 3097514b869e3eff5e9ada57ae7500aa9f5b33fc991b9547c625da666e7054bb
                • Instruction ID: 5505c352f440650809d181dc37479d3b32929a34c444ff13c14f6ceb5d9fc9ea
                • Opcode Fuzzy Hash: 3097514b869e3eff5e9ada57ae7500aa9f5b33fc991b9547c625da666e7054bb
                • Instruction Fuzzy Hash: 6102F1A1D042A89BE7208B24DC487DABB75EF95300F0441FAD44CA7282D7BE5FC58F26

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 2345 73b809-73b842 2346 73b854 2345->2346 2347 73b844-73b84e 2345->2347 2349 73b85e-73b897 call 73b886 2346->2349 2347->2346 2348 73b61f-73b7f4 call 73b69d call 73b71b 2347->2348 2348->2349 2355 73c195-73c87a 2349->2355 2356 73b89d-73ba24 call 73b94e 2349->2356 2385 73c880-73c89b LoadLibraryW 2355->2385 2369 73ba26-73ba30 2356->2369 2370 73ba35-73ba80 2356->2370 2373 73bcdc-73bd15 2369->2373 2375 73ba82-73ba8c 2370->2375 2376 73ba91-73bb90 call 73bb92 2370->2376 2379 73bd17-73bd53 call 73bd3f 2373->2379 2380 73bd58-73bdb6 call 73bd73 call 73bd86 2373->2380 2375->2373 2376->2373 2379->2385 2405 73bdc9-73bdde 2380->2405 2406 73bdb8-73bdc4 2380->2406 2390 73c8f8-73cd73 call 73c926 call 73cc95 call 73cca8 call 73cd74 2385->2390 2391 73c89d-73c8b8 LoadLibraryW 2385->2391 2391->2390 2395 73c8ba-73c8d5 2391->2395 2395->2390 2410 73c8d7-73c8f2 2395->2410 2407 73bdf1-73be10 2405->2407 2408 73bde0-73bdec 2405->2408 2411 73c0ba-73c0c1 2406->2411 2412 73be23-73be35 2407->2412 2413 73be12-73be1e 2407->2413 2408->2411 2410->2390 2424 73dc54-73e229 call 73dd5c call 73ddcb call 73e20f call 73e22a 2410->2424 2411->2355 2415 73c0c7-73c0da call 73c0db 2411->2415 2417 73be37-73be43 2412->2417 2418 73be48-73beb1 2412->2418 2413->2411 2415->2385 2417->2411 2426 73beb7-73bf01 2418->2426 2427 73c0ae-73c0b4 2418->2427 2431 73bf12-73bf23 2426->2431 2427->2411 2434 73bfc4-73c015 2431->2434 2435 73bf29-73bf39 2431->2435 2449 73c023-73c07a 2434->2449 2450 73c017-73c021 2434->2450 2435->2434 2439 73bf3f-73bf90 call 73bf5f 2435->2439 2452 73bf92-73bfb4 2439->2452 2453 73bfb6 2439->2453 2458 73c088 2449->2458 2459 73c07c-73c086 2449->2459 2457 73c092-73c099 2450->2457 2452->2453 2454 73bfbd 2452->2454 2453->2431 2454->2434 2462 73c09b-73c0a7 2457->2462 2463 73c0a9 2457->2463 2458->2457 2459->2457 2462->2411 2463->2427
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-3996198472
                • Opcode ID: 842df7f15a63082bf1acedd84bf3ab58ce6f177d051e17ba2e403f3d717db766
                • Instruction ID: 053422dbe94e80324b0b4a0d88e4dfa4b5ca1b29323aeaeb57454d67709043c4
                • Opcode Fuzzy Hash: 842df7f15a63082bf1acedd84bf3ab58ce6f177d051e17ba2e403f3d717db766
                • Instruction Fuzzy Hash: 56F1A1A1D042688BFB218B24CC847EA7775EF95300F1481FAD54DA7242EA395FC5CB66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-3996198472
                • Opcode ID: d0654651439897cd51ee6b937fa434b8e9814b29b6c8a441179a4deced1e8a1f
                • Instruction ID: 4c4fd799cee3f173a4e0a824b66f88589c7c49f554aee6f9de50231d1c36dcaf
                • Opcode Fuzzy Hash: d0654651439897cd51ee6b937fa434b8e9814b29b6c8a441179a4deced1e8a1f
                • Instruction Fuzzy Hash: 3FE1A2A1D052688AFB218B24CC847EA77B5FF95300F1080EAD58DA7242EA395FC5CF56
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-3996198472
                • Opcode ID: 56d8989a38e245f0d533e5b2010a686bd9ffcb2b0e139dc22d146a70d395a9f6
                • Instruction ID: 425575b44015cad0617775defd6329f144726f7a03262ce8c595655c5c8bff08
                • Opcode Fuzzy Hash: 56d8989a38e245f0d533e5b2010a686bd9ffcb2b0e139dc22d146a70d395a9f6
                • Instruction Fuzzy Hash: 8EE1A561D05268CAFB218B24CC447EA7775FF95300F1481EAD58DA7242EB395FC5CB62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-3996198472
                • Opcode ID: 77e41d47abbb3b28f9a248eb3f31f7bd1662ab9a9810ad188d565535c9a0d30e
                • Instruction ID: 4c6c480d51e9e168e51a16d1dbcb6e2341e542f218bd0dc4a6683fbe2d84bb6b
                • Opcode Fuzzy Hash: 77e41d47abbb3b28f9a248eb3f31f7bd1662ab9a9810ad188d565535c9a0d30e
                • Instruction Fuzzy Hash: 20E1A3A1D052688AFB218B24CC847EA7775FF95300F1480EAD58DA7242EB395FC5CF66
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 1029625771-3996198472
                • Opcode ID: 322be1a34f4d81431aa03b1047b515092f4120325e75a70f322153ae512ad36f
                • Instruction ID: cc56b5b46be8da1257bb98a3f9a7d4e79ea67f0cee09e0595ee0db1e0ddf8c0a
                • Opcode Fuzzy Hash: 322be1a34f4d81431aa03b1047b515092f4120325e75a70f322153ae512ad36f
                • Instruction Fuzzy Hash: BAD1B561D052688BF7218B24CC847EA77B5FF91310F1580FAD58DA7242DA395FC5CB92
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 1029625771-3996198472
                • Opcode ID: fb95ae2f67c642d2c630daf0b9350bb78da5051131dba3b8aa3d02c782c8acb9
                • Instruction ID: 9dcb040cf5a6b89e753583f2b2ca3c6907778319a202767d6e1eea99fb034137
                • Opcode Fuzzy Hash: fb95ae2f67c642d2c630daf0b9350bb78da5051131dba3b8aa3d02c782c8acb9
                • Instruction Fuzzy Hash: 19C19261D052688BFB218B24CC847EA77B5FF91310F1481EAD58DA7242DA3A5FC5CB92
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 1029625771-3996198472
                • Opcode ID: b60ce4421ad9eb535f2829ac4cd7594511d94f45f84ee696c053257134959745
                • Instruction ID: 1663d05f68eda37a854f23a134d3974bc3f0619d482abc9c644ce9cc6f03f881
                • Opcode Fuzzy Hash: b60ce4421ad9eb535f2829ac4cd7594511d94f45f84ee696c053257134959745
                • Instruction Fuzzy Hash: 12C1BFA2D052688BF7218B24CC84BEAB7B5EF91310F1480EAD58DA7242D7395F85CF56
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 1029625771-3996198472
                • Opcode ID: 4bae9e28324d64047e6b0ad8c330f3fe3cc61ad4e59d2dbc25d5287e7b91ba18
                • Instruction ID: c188c6679401bbd54f9536556c94c05a544be3712d4b5fb48e1fb787ee028e94
                • Opcode Fuzzy Hash: 4bae9e28324d64047e6b0ad8c330f3fe3cc61ad4e59d2dbc25d5287e7b91ba18
                • Instruction Fuzzy Hash: A4C1B362D052688BF7218B24CC847EA77B5FF91310F1480EAD58DA7242DA3A5FC5CF92
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 1029625771-3996198472
                • Opcode ID: b3cc4a0784e3c32cfa14634f2a7adc362d6519384c53d5bf94efe743124d46b3
                • Instruction ID: 7cfb4c1f024de21070f5dc2570f8e4c4c150fe9061903f87102a70e6b3a31795
                • Opcode Fuzzy Hash: b3cc4a0784e3c32cfa14634f2a7adc362d6519384c53d5bf94efe743124d46b3
                • Instruction Fuzzy Hash: 2CB1A362D052688BF7218B24CC847EA77B5FF91300F1480EAD58DA7242DA7A5FC5CF92
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 58ddfe5abf8c4c3572a2c679f54013033417a53b165b61fc4359651a8f62c3f1
                • Instruction ID: 8cb7a953034a1068f6ec57bd2d6e50ed2cab1a1acb9e326495e80aef3d5947d2
                • Opcode Fuzzy Hash: 58ddfe5abf8c4c3572a2c679f54013033417a53b165b61fc4359651a8f62c3f1
                • Instruction Fuzzy Hash: 7CE100B1D045689AEB248B24CC44BEAB775FF91300F1482FAD80D6B281E77D5EC58F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$P$P$c$e$i$o$r$s$s$t$x
                • API String ID: 0-1626331376
                • Opcode ID: 38923482a2c856a4b248278af1c69e7fbdd98e8c59b93b29966d66e5c2eb1665
                • Instruction ID: 74f75f26f35cabe01101ca4b33a532f107f68c72e358220e927b16a6a71ef71f
                • Opcode Fuzzy Hash: 38923482a2c856a4b248278af1c69e7fbdd98e8c59b93b29966d66e5c2eb1665
                • Instruction Fuzzy Hash: 04E171B1D052689FEB24CB14CD94BEABBB5FB85300F1442EAD44967341DA785EC1CF91
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: df3203f4556b521416e035291e508ac6a69f9e6c0079bcac238b0c1ad96f7397
                • Instruction ID: d7b6a8a9f638f7e268d138fb55a2ca4d5bd4dbfb712961a6c873d4d21ca670d5
                • Opcode Fuzzy Hash: df3203f4556b521416e035291e508ac6a69f9e6c0079bcac238b0c1ad96f7397
                • Instruction Fuzzy Hash: C8C102A1D082698EFB248B24DC49BFAB774EF50310F1481FAD54DA7281E67D5FC58B22
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: cbc952824749a2c7c19d00f5a6b4a4cdb7fb3ca91f3fa89a1fcb75c59dfd2723
                • Instruction ID: f86a6d49e3430d3b8287b02f9840dc6a2ee4c5a11f83ce717414c70dcb146ff6
                • Opcode Fuzzy Hash: cbc952824749a2c7c19d00f5a6b4a4cdb7fb3ca91f3fa89a1fcb75c59dfd2723
                • Instruction Fuzzy Hash: 6EB125A1D082698EFB308B24CC897FAB775EF50314F1481F9D44DA6681E67D4FC59B22
                APIs
                • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 007AD8AB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: FileRead
                • String ID: E$P$P$c$e$i$o$r$s$s$t$x
                • API String ID: 2738559852-1626331376
                • Opcode ID: cbae7d4ac969f35bbd9b881effaa80ac46ee9489e14c847f6b39496ff107396e
                • Instruction ID: dc8a479bc0088f52ec6a401a00ea1bee2bead982650bf81805002e83c3e9fdb0
                • Opcode Fuzzy Hash: cbae7d4ac969f35bbd9b881effaa80ac46ee9489e14c847f6b39496ff107396e
                • Instruction Fuzzy Hash: 2C61D3B1C042549EFB388B24DD48FEABBB5AB95310F0442FAD40E56681DA7D6EC4CF61
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: FE?^$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-1587576117
                • Opcode ID: ca1e9b969d9eb84d235cdb7c530f011c6786524cdc09d3b8ddaa4ea44986d27a
                • Instruction ID: 1ef87cb2d53fb56464a19797147b8b207a51e315bef7dcecc5751a707742e038
                • Opcode Fuzzy Hash: ca1e9b969d9eb84d235cdb7c530f011c6786524cdc09d3b8ddaa4ea44986d27a
                • Instruction Fuzzy Hash: F8D1C1B2E052689BF724CA24DC45BAABB79EB85310F1040FAD50DA7680D77D5FC18F52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: 843A$L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-3932493382
                • Opcode ID: 1d6c25055469e45a61440516a60af798f69cf407dd0718fee1cb7b95e162e015
                • Instruction ID: a7978934b7f26b921f3754a1440eafd2407c19cda24d8e147896ada08fe3ae9d
                • Opcode Fuzzy Hash: 1d6c25055469e45a61440516a60af798f69cf407dd0718fee1cb7b95e162e015
                • Instruction Fuzzy Hash: C0B100B0D042A89FE7248B24CC48BEA7B75EF81310F1441FAD54DA7282D6BD5EC58F62
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: 9B5A$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-1063467930
                • Opcode ID: 191be81c19ffc2051f6efd660d8d6cafe5b66d617245423f574154a499352287
                • Instruction ID: 62be306be1aff5f21bd305b26a1945f3c002284690a02585cbc4e3163955851b
                • Opcode Fuzzy Hash: 191be81c19ffc2051f6efd660d8d6cafe5b66d617245423f574154a499352287
                • Instruction Fuzzy Hash: F2C1E3A1E052689BEB25CB24DC45BAABB75EF85310F1081FAD10DA7680D7BD5FC08F52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 2e3e585cef6aeb9599288c0271d1b243796cd9d3adbdffe4a946dcb84dbec19c
                • Instruction ID: d5feead25dc1952e2abbd9a349c1f0dde323b5d8c028d2867dd11a9aa1c92b84
                • Opcode Fuzzy Hash: 2e3e585cef6aeb9599288c0271d1b243796cd9d3adbdffe4a946dcb84dbec19c
                • Instruction Fuzzy Hash: 4052ABB1E052688BEB24CB14CC84BEABB75FB85304F2081EAD80DA7281D7795EC1CF51
                APIs
                • VirtualAlloc.KERNELBASE(00000000,3A3646D4,00003000,00000004), ref: 007AC4B4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-2756691126
                • Opcode ID: 2a674859cd59c49979f144918c303a8e0df89dba96b6b5a5b37bee3632418993
                • Instruction ID: 4259d096eb9a0cdcc675594ae83aaec48426b5d6cae01c18f2ca87d8fc8f8155
                • Opcode Fuzzy Hash: 2a674859cd59c49979f144918c303a8e0df89dba96b6b5a5b37bee3632418993
                • Instruction Fuzzy Hash: CD32BFB1D042689FEB248B24CC84BEAB7B5EF85310F1481EAD44D67282DB795EC5CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 7cae29aab83ca7edc0f1f3035cdfb21b69b066c6281e4ff667e85936b395aab9
                • Instruction ID: 3c5836aa4fa15b29d14f1568df4018d14f2f4d7a3c77cafa4ead867cc0269ca5
                • Opcode Fuzzy Hash: 7cae29aab83ca7edc0f1f3035cdfb21b69b066c6281e4ff667e85936b395aab9
                • Instruction Fuzzy Hash: 3902D0A2E052689BFB24CB24DC44BEABB75EF85310F1481FAD40DA6680D77D5EC18F52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 973501270aa56ae09ae4039e66a32f4e90c47beeb6a310f96686219012d44591
                • Instruction ID: 065a0cb9b40003bb8a4876cb8ecdd1be0383b141e4e56ffb6289b76dd4d486ff
                • Opcode Fuzzy Hash: 973501270aa56ae09ae4039e66a32f4e90c47beeb6a310f96686219012d44591
                • Instruction Fuzzy Hash: C4F1A0A2E052689BEB24CB24DC45BEABB75EF85310F1080FAD50DA7680D7795FC18F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: c582d787e7e418989103487e7d59c6094514cae46e9312cde05629bb193e2fb5
                • Instruction ID: 26e6fec73e4b0124cf5920a6bc520e9b945c1003381d0e038349ac1f18ddc90f
                • Opcode Fuzzy Hash: c582d787e7e418989103487e7d59c6094514cae46e9312cde05629bb193e2fb5
                • Instruction Fuzzy Hash: CEF1A0A2E042689BE7248A24DC45BEABB75EF85310F1081FAD50DA7680D77D5FC18F52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: d70cdd623c6ff5e5c5f3c2617df1ffd67bce2bd6a30c3c08aa36ead5a732ae6a
                • Instruction ID: 886896064b09aa9868e5244b0042c8c3dc4361480adbe7f9f1ff2b3c7a5368a0
                • Opcode Fuzzy Hash: d70cdd623c6ff5e5c5f3c2617df1ffd67bce2bd6a30c3c08aa36ead5a732ae6a
                • Instruction Fuzzy Hash: 8CE1F2A2E042689BF724CA24DC45BEBBB79EB85310F1041FAD50DA6680D77D5FC18F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 4e4d1ee5c33cc016d71e406a0160c54334961762eee94a0bf079849d6fc80f5e
                • Instruction ID: 01c0c44d6b0703c459fce57a171e751d280e2042653f6d8b5347e7a9130d96c7
                • Opcode Fuzzy Hash: 4e4d1ee5c33cc016d71e406a0160c54334961762eee94a0bf079849d6fc80f5e
                • Instruction Fuzzy Hash: A2D105A1E052A88BEB20CB24DC44BAABB75EF85310F1481FAD50DA7681D77D5FC18F52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 1042fea36150735a5688563958fe4ad885375868a46bd49ba5a67a205c0985af
                • Instruction ID: a0bcfdf831e3f4f8abaf99108a0daec7e823588e27000e10bafcbd26ea812a88
                • Opcode Fuzzy Hash: 1042fea36150735a5688563958fe4ad885375868a46bd49ba5a67a205c0985af
                • Instruction Fuzzy Hash: DFD1C2B2E042689BE724CA24DC45BEABB75EB85310F1081FAD50DA7680D77D5FC18F62
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: e2b6fd0e1abf24e3d9e3ebf01d249daa5363595202a6f5185868d2facf3b5262
                • Instruction ID: df28b533fe4b9a231a0df01d588dbf8388530c8a530601da840780956def337a
                • Opcode Fuzzy Hash: e2b6fd0e1abf24e3d9e3ebf01d249daa5363595202a6f5185868d2facf3b5262
                • Instruction Fuzzy Hash: 63D1D2A2E042689BF724CA24DC45BEABB75EB85310F1081FAD50DA7680D7BD5FC18F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 9dd34207d8338eac8f9fb93acb16d361cffbfec9adbeb446276a27f31b009c98
                • Instruction ID: 143ab8b82ee3ba96859f4c815a36f8d1522cfaca2655a01f85787facbfe7b55e
                • Opcode Fuzzy Hash: 9dd34207d8338eac8f9fb93acb16d361cffbfec9adbeb446276a27f31b009c98
                • Instruction Fuzzy Hash: 6EC1E2A2E042689BF724CA24DC45BEABB75EF85310F1041FAD50DA6680D7BD5FC08F62
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 37494907c12288564357288a9b0a2a49502afdaf2ecb55d2816ef6cd98043490
                • Instruction ID: 16e0217a6f34eaec416a22a879a53093b3ab5e1ea2fd5c076085b03b1cf2f4be
                • Opcode Fuzzy Hash: 37494907c12288564357288a9b0a2a49502afdaf2ecb55d2816ef6cd98043490
                • Instruction Fuzzy Hash: ADC1D2A2E042689BE724CA24DC45BEABB75EB85310F1041FAD50DA7680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 5f68f5fc2a20ac95c794faa6edf58880e5bd9c6e18ca42f21a44040ed45339dc
                • Instruction ID: 175a212b62397ca0c33a812f994856c676c0af654e0ceedc6b549c2cc20eff92
                • Opcode Fuzzy Hash: 5f68f5fc2a20ac95c794faa6edf58880e5bd9c6e18ca42f21a44040ed45339dc
                • Instruction Fuzzy Hash: 16C1D3A2E042689BE724CA24DC45BEABB75EF85310F1041FAD50DA7680D77D5FC18F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: c2f327989373934171bfdec5517d1a18ba96226f64c644abddf5354155f70278
                • Instruction ID: df195f9482eedc8443c546ee9d703cc45470cc034b90ba357330e90e5382a27e
                • Opcode Fuzzy Hash: c2f327989373934171bfdec5517d1a18ba96226f64c644abddf5354155f70278
                • Instruction Fuzzy Hash: 98C1D2A2E052689BE724CB24DC45BEABB75EF85310F1041FAD50DA6680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 058d6447977b868ab0dc489698eb5c9e4e4a0f744056732a771e9df646101d64
                • Instruction ID: 3e0ba6ae27131c71296d1ffcb997ff4160cb11e08a17fef837848529519ca563
                • Opcode Fuzzy Hash: 058d6447977b868ab0dc489698eb5c9e4e4a0f744056732a771e9df646101d64
                • Instruction Fuzzy Hash: 32C117A2E042589BF724CB24DC45BEA7B79EB85310F1481FAD50DA6680D7BD5FC08F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: ccc21b4abfacf610edcd0b307c051cf76c308747f4bee5885a11fb257302fd0d
                • Instruction ID: 912295d988c8d7dea8febdb720497b3602e32489257b686e5ba85f35487397dd
                • Opcode Fuzzy Hash: ccc21b4abfacf610edcd0b307c051cf76c308747f4bee5885a11fb257302fd0d
                • Instruction Fuzzy Hash: C0C1F3A2E052689BE721CB24DC45BEABB79EF85310F1440FAD10DA6680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 7fd75649bd94031705b386f364834656433c3651bb8e6fb4efe4a46d20b4e2ab
                • Instruction ID: 5a7a624f9db314bf5b3f50d56593991f15c8c0d88ab29c5398a639b0c5eb160d
                • Opcode Fuzzy Hash: 7fd75649bd94031705b386f364834656433c3651bb8e6fb4efe4a46d20b4e2ab
                • Instruction Fuzzy Hash: 5DB1F4A2E052689BF724CB24DC45BAA7B79EF85310F1481FAD10DA6680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 7c41e0ce4fd8e3bc84b018321328c9ad3adc79975dc7ea8fae0c964eaf59cf11
                • Instruction ID: 111349374371b2f3a2bd749e634b3ea124b9b6fc4457bb176af46941c8235178
                • Opcode Fuzzy Hash: 7c41e0ce4fd8e3bc84b018321328c9ad3adc79975dc7ea8fae0c964eaf59cf11
                • Instruction Fuzzy Hash: 4CC1F3A1E052688BEB21CB24DC45BAABB75EF85310F1081FAD10DA7680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 3be8b5769921a0cc48d0f4db4314990560c0bfe6d66a159d7c5bf376edf4e6d6
                • Instruction ID: 10f3b688e0f20c1c76682856d6a2c9f60a4b04b0a71f7dc90945826c8c6ccaea
                • Opcode Fuzzy Hash: 3be8b5769921a0cc48d0f4db4314990560c0bfe6d66a159d7c5bf376edf4e6d6
                • Instruction Fuzzy Hash: EBB104A2E052689BF724CB24DC45BAA7B79EF85310F1081FAD10DA6680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 0df2ed6db5846c7791f78cf44373eda3ba58a6ab84ec8c8689043ee228c389ce
                • Instruction ID: 44f5b9a7b71c002a0ec70021a7f8e3e5f016bfce8f4b1d2dd572a967a6b11414
                • Opcode Fuzzy Hash: 0df2ed6db5846c7791f78cf44373eda3ba58a6ab84ec8c8689043ee228c389ce
                • Instruction Fuzzy Hash: 11B1E3A1E052689BEB25CB24DC45BAABB75EF85310F1041FAD10DA7680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,?,?,?,?,?,0073FAE5,?,?,?,?,?,0073FA55), ref: 00740629
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-4069139063
                • Opcode ID: 108f6cad63c1af9b5bdb1ea0f0e5207ce858bb0c7a7d26f8d7f4734a060fe4b7
                • Instruction ID: e8788e8a4d5d21c9ca403aeacbb4bae245b1457db898395fb07bad8eb5761752
                • Opcode Fuzzy Hash: 108f6cad63c1af9b5bdb1ea0f0e5207ce858bb0c7a7d26f8d7f4734a060fe4b7
                • Instruction Fuzzy Hash: 9CA1E2A2E052689BE725CB24DC05BAABB75EF95310F1081FAD10DA6680D7BD5FC08F52
                APIs
                • VirtualAlloc.KERNELBASE(00000000,3A3646D4,00003000,00000004), ref: 007AC4B4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-2756691126
                • Opcode ID: 0d5f8edfd1e033f6d9d081d1bd345ceb3d76d614d8c06da33463d9ec5a6ffa5d
                • Instruction ID: 7333ca75afcf5120e03cd0c0e2a3d1d453da9215cffabbed621afc641574e330
                • Opcode Fuzzy Hash: 0d5f8edfd1e033f6d9d081d1bd345ceb3d76d614d8c06da33463d9ec5a6ffa5d
                • Instruction Fuzzy Hash: 68A1E2A1C042A8DBEB318B64CC487DA7B75EF91310F1441FAD44DA7282D77D5AC6CB62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-2756691126
                • Opcode ID: b45bca3c18b8e26a939dcd03d75f24c1a54a8a9fc1d17548d88bbecef47c6c62
                • Instruction ID: 213573c96664e74ced76b6d6bee85e10e71faf2fed0dd29bbce066a38cc0c4e5
                • Opcode Fuzzy Hash: b45bca3c18b8e26a939dcd03d75f24c1a54a8a9fc1d17548d88bbecef47c6c62
                • Instruction Fuzzy Hash: B8911360C082E8DBEB318B64CC487DA7B74EF52310F1401FAD54DA7292D6BE5AC5CB62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: a3833399d696baba5925ae65bb34a2ac1f86f8e0c8dd2363374f28492a0a4c00
                • Instruction ID: 91c03bf4449fcee68e37a6fab38efa5ee55035bc8de98192bf48c0e7242de6b0
                • Opcode Fuzzy Hash: a3833399d696baba5925ae65bb34a2ac1f86f8e0c8dd2363374f28492a0a4c00
                • Instruction Fuzzy Hash: 00F1C2B1E042689FE7208A24DC44BEABB75EF95310F1481FAD50DAA680D77D5EC1CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 626286dc3145a9ceb373ec54416ee02e9362e85d65e9bd09d9c3b5e6838d890c
                • Instruction ID: 3e95d2feeb67176d6891962c2642164ed711a586097a5058acfc4353a387060d
                • Opcode Fuzzy Hash: 626286dc3145a9ceb373ec54416ee02e9362e85d65e9bd09d9c3b5e6838d890c
                • Instruction Fuzzy Hash: C0B1E4A1D092688AEB208B20DC44BFAB775EF95310F1440FAD54DAA681D7BD5FC1CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 332b3e6430d19420b1ee0080fd6fc520b97be395d3ae14560607965414a2d83c
                • Instruction ID: 1b0a70c3558b94bba71acbc3aebf28e1e6776e57268d0af5a61c9b0945094ea8
                • Opcode Fuzzy Hash: 332b3e6430d19420b1ee0080fd6fc520b97be395d3ae14560607965414a2d83c
                • Instruction Fuzzy Hash: D981C3A2E092689BF7218B24DC05BAA7B75EF95310F1480F9D14DA7680D7BD5FC08F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 12c25f12408f7817a32ae4db1752b6294e1cd68d6914459cb0563eff8df6a94d
                • Instruction ID: 938d5cd6c0785070137a1bb85ac6eee8042acb15e855e67a7211da13fcf1564f
                • Opcode Fuzzy Hash: 12c25f12408f7817a32ae4db1752b6294e1cd68d6914459cb0563eff8df6a94d
                • Instruction Fuzzy Hash: C481F5A1E19268DAFB218B24DC05BAA7B75EF94310F1040F9D50DAB680D7BD5FC18F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: b1f61200e529b8c7f4376567ac66b02105bde492e96273f1b940a1884bbd18fb
                • Instruction ID: d67c4e7773017f27fc068196d63f2775f2993fe5483f3efcb7a5b8b083ecee16
                • Opcode Fuzzy Hash: b1f61200e529b8c7f4376567ac66b02105bde492e96273f1b940a1884bbd18fb
                • Instruction Fuzzy Hash: C181C461E05268DAEB21CB24DC04BAA7B75EF95310F1040F9D10DA7680D7BD5FC18F66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: cc4925b0cf0388dc3c652625eea76bab694f73e0d50806dce0be33916bdec234
                • Instruction ID: ae5fac36a3d8756d0595e89914bcbe1abdf3a7d60fab5592ebd2c89f72cd2efd
                • Opcode Fuzzy Hash: cc4925b0cf0388dc3c652625eea76bab694f73e0d50806dce0be33916bdec234
                • Instruction Fuzzy Hash: CA71E561E09268DAFB21CA20DC45BAA7B75EF55310F1080F9D10DAB681D7BE5FC08F66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: b48c769832a94e32108240dc1840d14c81d1ea0f691112e3d8d0c1baef4c5d8a
                • Instruction ID: 8c901ed2447b4971717ed865aaf92fc6d8846e4490bd08138d13c1deabf96139
                • Opcode Fuzzy Hash: b48c769832a94e32108240dc1840d14c81d1ea0f691112e3d8d0c1baef4c5d8a
                • Instruction Fuzzy Hash: 8971B161E092688BEB21CA20DC45BAABB75EF55310F1080F9D10DAB680D7BD5FC18F66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: c46c570d5446a2d5467e1f42c2a2ce5184b1b281cab986c7b8fd1b9a6c231fcd
                • Instruction ID: e5a1adc3b0aa78e973c0d867801080ee3ebd39684ccda421f37ab1743ea3fc7a
                • Opcode Fuzzy Hash: c46c570d5446a2d5467e1f42c2a2ce5184b1b281cab986c7b8fd1b9a6c231fcd
                • Instruction Fuzzy Hash: 7E71D261E092A8CAFB21CA20DC45BAA7B75EF55310F1440F9D10DAB681D7BE5FC08F66
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 8$9O2H$YQ$n$n$x
                • API String ID: 544645111-3304744247
                • Opcode ID: 69386a36971a658fc630513184ed7c099aa3821ad6824479479b6fcbaebe94e8
                • Instruction ID: cb88efaade75dabd8b740292696c45642fcd359fbe7cfcb11178af818f32e39b
                • Opcode Fuzzy Hash: 69386a36971a658fc630513184ed7c099aa3821ad6824479479b6fcbaebe94e8
                • Instruction Fuzzy Hash: 3492E3B2D052299FE768CB24DD95BEABB79EB80304F1481FAD80D67280D7385EC5CE51
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;$>I=8
                • API String ID: 1029625771-155885316
                • Opcode ID: 35e1ac0cfd89fe0ec794b65637f3b9deb7f65578e6540b6b36b4b01e1dad12aa
                • Instruction ID: b320641c0bd27183c3a75f6ce39be74e726d2c5e446dafe692a99fe533720aab
                • Opcode Fuzzy Hash: 35e1ac0cfd89fe0ec794b65637f3b9deb7f65578e6540b6b36b4b01e1dad12aa
                • Instruction Fuzzy Hash: B5A1A1B2D052288BF7258B24DC54BEA7775FF95310F1081FAD44DA7282EA395F818F92
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 6P5J$:6G4$V
                • API String ID: 544645111-4136328420
                • Opcode ID: 41ab6318d1e11c53fb6b31b663cc187aabf6f52d288538c19d9329ccb153bc5e
                • Instruction ID: febd65453732466fbf5ca646489f53238adb67ca22337f6a11c9ea493e5c7f10
                • Opcode Fuzzy Hash: 41ab6318d1e11c53fb6b31b663cc187aabf6f52d288538c19d9329ccb153bc5e
                • Instruction Fuzzy Hash: 3691A0B1D146689FEB64CB24EC94AEAB7B5EF84310F1041FAD40DA7280D7785AC18F51
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 6P5J$:6G4$V
                • API String ID: 0-4136328420
                • Opcode ID: aefc00fab04364c5526d428b14c983b1f0945961f141436e2c9f42166c4c0ad6
                • Instruction ID: 6ee9c9a22a86a8d8e347f1806e2f7aa75200fbc60cb5693f5cd8324ae2fa9533
                • Opcode Fuzzy Hash: aefc00fab04364c5526d428b14c983b1f0945961f141436e2c9f42166c4c0ad6
                • Instruction Fuzzy Hash: 9981E1B1D141299EEB248B65EC54AFAB7B5FF84310F1081FAE44DA6280D7785EC2CF51
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: cc2e511995be5be34fab9666ca07c63b00c2c3c7d2036cbbed0b7bd9617dc367
                • Instruction ID: 18070a0604987fb18975157e194508ab14a65b23ab7d0a6502eae1af4869d82a
                • Opcode Fuzzy Hash: cc2e511995be5be34fab9666ca07c63b00c2c3c7d2036cbbed0b7bd9617dc367
                • Instruction Fuzzy Hash: 32E1C2B2D046688BE724CB24CC547EAB7B1FF95310F1481EAD549A7282E7395EC1CB52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;
                • API String ID: 0-1097885115
                • Opcode ID: e313e241e25a06ed6e75e972cb07b4dd85bdb7d140b035caedc03ab4db9f7bc6
                • Instruction ID: f4b8b14da449403928a062ac6ce8f6783e7785ccbe94bf7a728c56328dbc77d0
                • Opcode Fuzzy Hash: e313e241e25a06ed6e75e972cb07b4dd85bdb7d140b035caedc03ab4db9f7bc6
                • Instruction Fuzzy Hash: 3AB1CEB2D052688BFB218B24DC44BEAB775EF95310F1480FAD44DA7282E6395EC1CF56
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;
                • API String ID: 0-1097885115
                • Opcode ID: 22ca3381ebd58f7cb10a37d7fd096ac8d21137ad97239cc4f3eca2fc889d32ba
                • Instruction ID: d02923b8f9ae7b42144835983af51eba7d92ed260cfda2af45ca078d2e7330df
                • Opcode Fuzzy Hash: 22ca3381ebd58f7cb10a37d7fd096ac8d21137ad97239cc4f3eca2fc889d32ba
                • Instruction Fuzzy Hash: AEB1B0B2D052688BFB218B24DC44BEAB7B5FF95300F1480EAD54DA7242E6395EC1CF56
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 58;;
                • API String ID: 0-1097885115
                • Opcode ID: b58c26a595d89cbe3261a6ae415f4e93fe19bb261545e45a9169b1c0276ddc4e
                • Instruction ID: 39c51a42e9e760cf594c0e2a09296b85a2f73111fa6fe0564da26817b26be279
                • Opcode Fuzzy Hash: b58c26a595d89cbe3261a6ae415f4e93fe19bb261545e45a9169b1c0276ddc4e
                • Instruction Fuzzy Hash: 26B1AEB1D052688BFB218B24DC44BEAB7B5EF95310F1481EAD44DA7282E6395EC1CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 48c925df8cf96d39180aa67d21354ed0d431ea75e16f728e69d16fbd790784c4
                • Instruction ID: c2a7d60a5c0c25486132e72d5554ee3e2472c3f822110bf07deb58917a2c8a0a
                • Opcode Fuzzy Hash: 48c925df8cf96d39180aa67d21354ed0d431ea75e16f728e69d16fbd790784c4
                • Instruction Fuzzy Hash: FA81C2B2D052688BFB218B24CC547EA77B5FF95310F1481EAD44DA7242EA395EC1CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 02116d4912179def992d5bf33905613bc785c13a830d5d32e930fbe84121da88
                • Instruction ID: edb2fbe157f6ea86a03df50fc6aa9ee59e50eb3fc52754648f6d8c54efc65555
                • Opcode Fuzzy Hash: 02116d4912179def992d5bf33905613bc785c13a830d5d32e930fbe84121da88
                • Instruction Fuzzy Hash: 7181B2B2D052688BFB218B24DC447EA77B5FF95310F1481FAD44DA7242EA395E81CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 46284f666c03a09767970508c6776837150aa35730913134bccddb1521d6f27d
                • Instruction ID: 88a09555114d0416dc4d9dcf47828b235de19887a1d43686a4e5f916c4883113
                • Opcode Fuzzy Hash: 46284f666c03a09767970508c6776837150aa35730913134bccddb1521d6f27d
                • Instruction Fuzzy Hash: 8C81AEB2D052688BFB218B24DC547EA7775FF95300F1081FAD44DA7282EA399E85CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 9O2H
                • API String ID: 0-1121337113
                • Opcode ID: 0c07162519cacff6acc55bec96d5c2d631f534974b0ae796fa17a3ab91ce2f0f
                • Instruction ID: c35ba289bfe4ffc3897377801fd3e9cb326d7e83a01990c87a365b8f0143b7d9
                • Opcode Fuzzy Hash: 0c07162519cacff6acc55bec96d5c2d631f534974b0ae796fa17a3ab91ce2f0f
                • Instruction Fuzzy Hash: AEE16CB1D092689FEB28CB24DD94BEABBB6EB84310F1481E9D80D67241D7395EC1CE51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 655e6a42d58379f49f5ea78439d7a84d37b54a89369f73c65b207491431b7d99
                • Instruction ID: 1d360dd1b2e8f4d02345483563c3ed339bebf4e083711e8bed504d86e3dd888f
                • Opcode Fuzzy Hash: 655e6a42d58379f49f5ea78439d7a84d37b54a89369f73c65b207491431b7d99
                • Instruction Fuzzy Hash: 5B91C2B2D051299BE7248B64DD85BFA7B79EF84310F1580B9E80D67280E73C5EC5CB61
                APIs
                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 0043025C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: DefaultLocaleQuery
                • String ID: ;AEG
                • API String ID: 2949231068-310388792
                • Opcode ID: e283daf0454460f5befa1cdcb6e6f51ea6255e925627109cc1915e2f62c0574b
                • Instruction ID: 5887eae4052711c59592a9dd49dea0a6b65758c7c71c3e36ac2cc2c32c1e17ed
                • Opcode Fuzzy Hash: e283daf0454460f5befa1cdcb6e6f51ea6255e925627109cc1915e2f62c0574b
                • Instruction Fuzzy Hash: 92818B70D086688FDB24CB14DCA0BAAB7B5FF89301F1482EAD80967742D7396E85CF05
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 5c7c7533aa67f86da7fb4516ab1ececff61193c8d85efa719629fb0566206397
                • Instruction ID: 3b63e4ba873f4637a53727b973c6e1a6d5a3331fc8f31467f7eabef3a2659cb8
                • Opcode Fuzzy Hash: 5c7c7533aa67f86da7fb4516ab1ececff61193c8d85efa719629fb0566206397
                • Instruction Fuzzy Hash: 5B0267B1E042288BEB24CB24DC84BEAB7B5EB85344F1481EAD94D66280D6786FC1DF51
                APIs
                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 0043025C
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: DefaultLocaleQuery
                • String ID:
                • API String ID: 2949231068-0
                • Opcode ID: f94a0ba367229d31413a577a058c824ef2d1d0ea4ae30b261ca976f27c157ad5
                • Instruction ID: 5e4d2b6425af27c640fa6e31b4d31ca192e23736c938c5ceb0006c0e2512c2fe
                • Opcode Fuzzy Hash: f94a0ba367229d31413a577a058c824ef2d1d0ea4ae30b261ca976f27c157ad5
                • Instruction Fuzzy Hash: 47E1E0B1E042648BEB24CA14DC90AEBBBB5EB85314F9481FAD84D67641D3395EC6CF41
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5288a0ab1f91f2708ca991f54d850724edcf9b27b6adea1d629f01fa0a91c480
                • Instruction ID: 0e9a293c695e4e5f57e59800716da3ca0fc1567abbf6fe8e343fe4de015f1378
                • Opcode Fuzzy Hash: 5288a0ab1f91f2708ca991f54d850724edcf9b27b6adea1d629f01fa0a91c480
                • Instruction Fuzzy Hash: 12D19FB1D005698FEB24CF14CC94BEABB75EB86310F1482EAD94E67641D6385EC5CF41
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 453253ba8c23715a24c4985ade3d381c976caa0aa89c4be394ddd4ffd2e6fb24
                • Instruction ID: 4a67290f9ed1b184878f4b0c4b8ade873aa1fe7ce3345835d39bed0c45c19792
                • Opcode Fuzzy Hash: 453253ba8c23715a24c4985ade3d381c976caa0aa89c4be394ddd4ffd2e6fb24
                • Instruction Fuzzy Hash: 238103F2C04964DAE7248B20DC55BFA7776FBD5301F1482FAE90AA6681E73C5EC18E11
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 377c7df89d80da11ef3d092481d2acc270e8805a47df935d931cb81bec5ee1bc
                • Instruction ID: 132e9914ea113e4d8b5022472a6d7401beea8cf73d49ef6df81c4ba0e97e9409
                • Opcode Fuzzy Hash: 377c7df89d80da11ef3d092481d2acc270e8805a47df935d931cb81bec5ee1bc
                • Instruction Fuzzy Hash: 4E7136B1C045269AE7248B21DC50BFAB775EF59310F1091FBE94EA6280E63C5EC2CF56
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 0abf808ab98f5123bd96dde9f6d3a1ef5512c6c6c3905857d5311dcd95ed2cd4
                • Instruction ID: 21ef686bcfc5122675b2b0fc923d629dee9d324572514eb40ba44f2ad95b7b6d
                • Opcode Fuzzy Hash: 0abf808ab98f5123bd96dde9f6d3a1ef5512c6c6c3905857d5311dcd95ed2cd4
                • Instruction Fuzzy Hash: A27112B2D00A298FE7248B24CC84AEAB771EF85311F1482FDD90D67240E6389EC5CF52
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 78f0b983962653205e1cbcb56935746c48326087a18a860e347ff1286413efe6
                • Instruction ID: 556411ea49806bbdc1e8866b0e3f0db7b72a811e16907259a2658e6189752600
                • Opcode Fuzzy Hash: 78f0b983962653205e1cbcb56935746c48326087a18a860e347ff1286413efe6
                • Instruction Fuzzy Hash: 3361FFB2D04954DEEB248A20DC55BFA7775EBD5301F1482FAE50EAA681E73C5AC08E12
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 52a954b9bdf0ddbb811c70d31640052fbf532a653c5ebe18fe769b0858905ff1
                • Instruction ID: 117547384976ce7bd6d77f4e0a7deb75a96e20341bc361802c9e6f6e7c19d0a9
                • Opcode Fuzzy Hash: 52a954b9bdf0ddbb811c70d31640052fbf532a653c5ebe18fe769b0858905ff1
                • Instruction Fuzzy Hash: A071F6B1D009298ADB248F24CC84AFAB775EF95311F1482FDE94E67644E6384EC5CF51
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 68dc788df5f1fccde9be20d50e46d84b31ddcb8dc2f3f2c3b06feae6ebb5e13f
                • Instruction ID: 4daaebef2b5fb0ad50d04981375063e23a21d00829eff6e35d2e14305338b352
                • Opcode Fuzzy Hash: 68dc788df5f1fccde9be20d50e46d84b31ddcb8dc2f3f2c3b06feae6ebb5e13f
                • Instruction Fuzzy Hash: BB513AB1E041745AE720CA24EC90BEBBBB8AF82314F9881FBC88D56141D2395FC9CF51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: fea2c02335a52256f84b58949ca89b17a4f4db96b40d5418258d7a742afcf12a
                • Instruction ID: 20c33d57d93e9cb41971b9ca3ddbb228179f7a4c3bcc4c3c1952b43d6a8410e5
                • Opcode Fuzzy Hash: fea2c02335a52256f84b58949ca89b17a4f4db96b40d5418258d7a742afcf12a
                • Instruction Fuzzy Hash: 85518FB1E181689FEB64CA24DD54BEBB7B5FBC5314F1081FAD40DA6280C7786EC18E51
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: ccc6a2e0f4554f6a7b5c9d051f6f8a7a4235b4900a9c32c1935092db39baacd6
                • Instruction ID: 64a3db4b89848d1a65bba6de4cdb3000778e15d514005d0fed740433e0662e8f
                • Opcode Fuzzy Hash: ccc6a2e0f4554f6a7b5c9d051f6f8a7a4235b4900a9c32c1935092db39baacd6
                • Instruction Fuzzy Hash: FD4182B1E181289FEB24CA24ED54BBB7775FBC5314F1081FAE50D96280C7785EC28E61
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 6ceec2c104d6f5eec4ea6a1cd2d7c810db73bf5cbb5903ac98f7262051a28be4
                • Instruction ID: 0526c7e4ac0d0a4dbf31b0c1b14f489e2664552e88457ce6240d38aa7e4c6b17
                • Opcode Fuzzy Hash: 6ceec2c104d6f5eec4ea6a1cd2d7c810db73bf5cbb5903ac98f7262051a28be4
                • Instruction Fuzzy Hash: 944181B1E181289FEB24CA24DD54BBB7775FBC5314F1081FAE50D96280C7785EC28E61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: e6dbbbd7735032f95aeee03a1d506fbb5f674d50d8fb0a533bbcff43bbe4cd61
                • Instruction ID: 88b3bad35b67e07099f44c40bf991a56ab9bd8cf1b9148cc01271472f2d4d77e
                • Opcode Fuzzy Hash: e6dbbbd7735032f95aeee03a1d506fbb5f674d50d8fb0a533bbcff43bbe4cd61
                • Instruction Fuzzy Hash: C7410671D042289FE7208B65DC94BEBB779EB85311F1040FAD84D56181E67C1EC5CE51
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: e04ebaee61accc9e54c64cd157f1275efcae64d39b36e5f2e98e3628de4a937c
                • Instruction ID: ddd69a03a29d2f5070ef9fc189dbdae3163a784b6d3017cd12a79556344dc716
                • Opcode Fuzzy Hash: e04ebaee61accc9e54c64cd157f1275efcae64d39b36e5f2e98e3628de4a937c
                • Instruction Fuzzy Hash: AC41A1B1E182289FEB24CA24DD54AFB7779FBC5314F1081FAE50D96280C7785EC28E61
                APIs
                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 0043025C
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: DefaultLocaleQuery
                • String ID:
                • API String ID: 2949231068-0
                • Opcode ID: fc2c7cf506ee0b7218e6718aa60b809288b12ec73738e03229235574524ce91d
                • Instruction ID: a73b48649596a081ff00b43c8662d84fff5c9f01465cc5fb8c965ebb436d6dc1
                • Opcode Fuzzy Hash: fc2c7cf506ee0b7218e6718aa60b809288b12ec73738e03229235574524ce91d
                • Instruction Fuzzy Hash: 3E4139B2E042645FF3208625ED94AD77F78EF81310F5581FBD80D56641E33D5ACACA62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 0d38eb02bf5988aadbaa3aff9ad3af785d0c4f9826c025fc20400dc4bfc70604
                • Instruction ID: 21f0e5c78ed097ec5022694784ac529f56c1a63904319ba8dc2fba17b2c4a10b
                • Opcode Fuzzy Hash: 0d38eb02bf5988aadbaa3aff9ad3af785d0c4f9826c025fc20400dc4bfc70604
                • Instruction Fuzzy Hash: EB4115B1D042689FE7208B64DC94BFBB7B9EB84301F1040FAE84996281EA7C1EC5CF51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 83acba34f04cc2e89f03197099f351d246db45fdf87ac217c6749198d40e5b94
                • Instruction ID: cd41aad4cf639320e1cbba948c71665a1015a1d2b7dcb40bb968993dcdd043fe
                • Opcode Fuzzy Hash: 83acba34f04cc2e89f03197099f351d246db45fdf87ac217c6749198d40e5b94
                • Instruction Fuzzy Hash: 4341F6B1D042589FE7208B64DC94BEBBB75EB85311F1041EAD90957281DB781EC5CF51
                APIs
                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 0043025C
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: DefaultLocaleQuery
                • String ID:
                • API String ID: 2949231068-0
                • Opcode ID: a51b0ff87929bae328d2f8dfdbd0b84845f71c2d5384a653341606a2255ee195
                • Instruction ID: bbe5f3d4508f6bb491e922783528a55be6d3a3b751996fe41539b1e95ef27311
                • Opcode Fuzzy Hash: a51b0ff87929bae328d2f8dfdbd0b84845f71c2d5384a653341606a2255ee195
                • Instruction Fuzzy Hash: FB316872D041748BE7208A15EC54BEB7BB4AF41324F9481FBC80D62141D77D5ACACF92
                APIs
                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 0043025C
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: DefaultLocaleQuery
                • String ID:
                • API String ID: 2949231068-0
                • Opcode ID: 77eeeeca6e4505cd6c0c4391d730fecbee5df49174bae7b5a293fae14be33c88
                • Instruction ID: a47955e0fcfd996dd0e357a395fa4fdfc108ce78eaeab6f8da54b42659e62769
                • Opcode Fuzzy Hash: 77eeeeca6e4505cd6c0c4391d730fecbee5df49174bae7b5a293fae14be33c88
                • Instruction Fuzzy Hash: 3F21B0B19046688EEB288A50DCA57FF77B5BB48310F1492EAC51A62641D7395FC1CF05
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: DefaultLocaleQuery
                • String ID:
                • API String ID: 2949231068-0
                • Opcode ID: 8b6194b5d2dc29d37a14f1a9645cca6bcbe631424eeaac79b12cf9236199033b
                • Instruction ID: 69483c8c6523136a5aeb5f6ba826a63d120030070d2f74067f832d172a7b1f8f
                • Opcode Fuzzy Hash: 8b6194b5d2dc29d37a14f1a9645cca6bcbe631424eeaac79b12cf9236199033b
                • Instruction Fuzzy Hash: E501B170D082688FDB25CB10DCA07DF77B4AF49304F0041DAC51922641D7396E82CF46
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 94dfbe9b256fa97ba2459b2ee9c3c4fd51ff0f7198f95132a686f4466021b58e
                • Instruction ID: d4b6c5abf897764c0482ab14e57cbdd635c4a26fa385276dc1e8b97dc2ff293f
                • Opcode Fuzzy Hash: 94dfbe9b256fa97ba2459b2ee9c3c4fd51ff0f7198f95132a686f4466021b58e
                • Instruction Fuzzy Hash: F77117B2E04264DFEB649A61DC84BFB7778EB41310F1081BAEA4D66180D77C9DC1CEA1

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1704 787450-787477 1706 787479-787485 1704->1706 1707 78748a-78749f 1704->1707 1708 78777b-787781 1706->1708 1709 7874a1-7874ad 1707->1709 1710 7874b2-7874d1 1707->1710 1711 787787-7877ad Wow64SetThreadContext 1708->1711 1709->1708 1712 7874d3-7874df 1710->1712 1713 7874e4-7874f6 1710->1713 1717 7877b4-788ce6 1711->1717 1712->1708 1714 7874f8-787504 1713->1714 1715 787509-787572 1713->1715 1714->1708 1718 787578-7875c2 1715->1718 1719 78776f-787775 1715->1719 1722 788ce8-788cf2 1717->1722 1723 788cf7-788d42 1717->1723 1721 7875d3-7875e4 1718->1721 1719->1708 1726 7875ea-7875fa 1721->1726 1727 787685-7876a3 call 7876a6 1721->1727 1728 788fb3-788fec call 788fd0 call 788fe1 1722->1728 1724 788d53-788d73 call 788d75 1723->1724 1725 788d44-788d4e 1723->1725 1724->1728 1725->1728 1726->1727 1730 787600-787651 1726->1730 1727->1719 1746 7898fe-789ced 1728->1746 1747 788ff2-78947e call 7890b9 1728->1747 1734 787653-787675 1730->1734 1735 787677 1730->1735 1734->1735 1739 78767e 1734->1739 1735->1721 1739->1727 1759 789cef-789cfb 1746->1759 1760 789d00-789d15 1746->1760 1761 789480-7894bc call 78949a 1747->1761 1762 7894c1-7894ce call 7894cf 1747->1762 1763 789ff1 1759->1763 1764 789d28-789d47 1760->1764 1765 789d17-789d23 1760->1765 1766 789d49-789d55 1764->1766 1767 789d5a-789d6c 1764->1767 1765->1763 1766->1763 1770 789d6e-789d7a 1767->1770 1771 789d7f-789de8 1767->1771 1770->1763 1776 789dee-789e38 1771->1776 1777 789fe5-789feb 1771->1777 1778 789e49-789e5a 1776->1778 1777->1763 1779 789efb-789f4c 1778->1779 1780 789e60-789e70 1778->1780 1782 789f5a-789fb1 1779->1782 1783 789f4e-789f58 1779->1783 1780->1779 1781 789e76-789ec7 1780->1781 1787 789ec9-789eeb 1781->1787 1788 789eed 1781->1788 1785 789fbf 1782->1785 1786 789fb3-789fbd 1782->1786 1784 789fc9-789fd0 1783->1784 1789 789fe0 1784->1789 1790 789fd2-789fde 1784->1790 1785->1784 1786->1784 1787->1788 1791 789ef4 1787->1791 1788->1778 1789->1777 1790->1763 1791->1779
                APIs
                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00787795
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 983334009-215400123
                • Opcode ID: ca5e0b8f7e157f099901af6257e78c32a8a9a12234d9cc70c4ef8c38be5d2f87
                • Instruction ID: c6b7e0b16ea7cb59a4b1f8fb6ba0f741cd212477f2d7079355c92b9957e756e8
                • Opcode Fuzzy Hash: ca5e0b8f7e157f099901af6257e78c32a8a9a12234d9cc70c4ef8c38be5d2f87
                • Instruction Fuzzy Hash: 91F1AF71D086A88BEB28CB28CC98BEABBB5AF44314F1440E9C54D67252D7799FC1CF51
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,?,00000004,?), ref: 00784F4B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 3559483778-215400123
                • Opcode ID: 126753f64f13b8183b2f92366cd8efd58da03e11ea34f0e2f22f8956ad762388
                • Instruction ID: ca27f6fcbb70321fec2cf439c35bb904fc22061690871138ab9f6310448d00b8
                • Opcode Fuzzy Hash: 126753f64f13b8183b2f92366cd8efd58da03e11ea34f0e2f22f8956ad762388
                • Instruction Fuzzy Hash: 5EB1E3B1D096A88AFB248A24DC987EA7B75AF51304F0440F9C54D67282D6BD4FC5CF62

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 2082 7876a6-7876d6 2084 7876d8-7876e2 2082->2084 2085 7876e4-78773b 2082->2085 2086 787753-78775a 2084->2086 2088 787749 2085->2088 2089 78773d-787747 2085->2089 2090 78776a 2086->2090 2091 78775c-787768 2086->2091 2088->2086 2089->2086 2092 78777b-7877ad Wow64SetThreadContext 2090->2092 2091->2092 2094 7877b4-788ce6 2092->2094 2096 788ce8-788cf2 2094->2096 2097 788cf7-788d42 2094->2097 2100 788fb3-788fec call 788fd0 call 788fe1 2096->2100 2098 788d53-788d73 call 788d75 2097->2098 2099 788d44-788d4e 2097->2099 2098->2100 2099->2100 2110 7898fe-789ced 2100->2110 2111 788ff2-78947e call 7890b9 2100->2111 2123 789cef-789cfb 2110->2123 2124 789d00-789d15 2110->2124 2125 789480-7894bc call 78949a 2111->2125 2126 7894c1-7894ce call 7894cf 2111->2126 2127 789ff1 2123->2127 2128 789d28-789d47 2124->2128 2129 789d17-789d23 2124->2129 2130 789d49-789d55 2128->2130 2131 789d5a-789d6c 2128->2131 2129->2127 2130->2127 2134 789d6e-789d7a 2131->2134 2135 789d7f-789de8 2131->2135 2134->2127 2140 789dee-789e38 2135->2140 2141 789fe5-789feb 2135->2141 2142 789e49-789e5a 2140->2142 2141->2127 2143 789efb-789f4c 2142->2143 2144 789e60-789e70 2142->2144 2146 789f5a-789fb1 2143->2146 2147 789f4e-789f58 2143->2147 2144->2143 2145 789e76-789ec7 2144->2145 2151 789ec9-789eeb 2145->2151 2152 789eed 2145->2152 2149 789fbf 2146->2149 2150 789fb3-789fbd 2146->2150 2148 789fc9-789fd0 2147->2148 2153 789fe0 2148->2153 2154 789fd2-789fde 2148->2154 2149->2148 2150->2148 2151->2152 2155 789ef4 2151->2155 2152->2142 2153->2141 2154->2127 2155->2143
                APIs
                • Wow64SetThreadContext.KERNEL32(?,?), ref: 00787795
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 983334009-215400123
                • Opcode ID: 9f754cca3fa4fecd03466178994652d2d1e957b76111d15332c3c8577acd41e2
                • Instruction ID: 47dec3a3a6574aeecb98cf08dd1314104b3605a5dbaec0a88b507baeed1c9073
                • Opcode Fuzzy Hash: 9f754cca3fa4fecd03466178994652d2d1e957b76111d15332c3c8577acd41e2
                • Instruction Fuzzy Hash: E7B10571D086A88AEB248B28DC48BEABB75AF51314F1440F9D54D67282D7BE4FC5CF12

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 2301 435e2b-435ea7 2302 435eba-435ecf 2301->2302 2303 435ea9-435eb5 2301->2303 2304 435ee2-435f01 2302->2304 2305 435ed1-435edd 2302->2305 2306 4361ab-4361d6 VirtualProtect 2303->2306 2308 435f03-435f0f 2304->2308 2309 435f14-435f26 2304->2309 2305->2306 2310 436216-436229 2306->2310 2311 4361d8-4361f0 call 4361f1 2306->2311 2308->2306 2312 435f39-435fa2 2309->2312 2313 435f28-435f34 2309->2313 2317 436262-4363dc call 436290 call 436364 2310->2317 2318 43622b-43625d 2310->2318 2320 435fa8-435ff2 2312->2320 2321 43619f-4361a5 2312->2321 2313->2306 2336 4367ab-436825 call 43681f 2317->2336 2318->2336 2324 436003-436014 2320->2324 2321->2306 2326 4360b5-4360c2 call 4360c3 2324->2326 2327 43601a-43602a 2324->2327 2326->2321 2327->2326 2330 436030-436081 2327->2330 2334 436083-4360a5 2330->2334 2335 4360a7 2330->2335 2334->2335 2340 4360ae 2334->2340 2335->2324 2340->2326
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 2$2$E$P$c$e$e$e$i$o$p$r$s$s$t$x$r
                • API String ID: 544645111-3542425195
                • Opcode ID: d48b1c4c2420593176b7fe14f744cf7842dccbc861e74eaed4eeeee5f28972e7
                • Instruction ID: 8c09bbc06d67063911a941368d3e86a3ea25b69c4aba8842cf887f8d291f28e9
                • Opcode Fuzzy Hash: d48b1c4c2420593176b7fe14f744cf7842dccbc861e74eaed4eeeee5f28972e7
                • Instruction Fuzzy Hash: 1EC1D0B1D045698FEB24CB18CC84BEABBB5AF85304F0481EAD44D67342D6399EC5CF96
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 544645111-4069139063
                • Opcode ID: fb2ba0efecea7db14b6dd6849b04040b9c6e8b4452ccbf34d24f7eec3b932639
                • Instruction ID: 082fd786da55e59bb153809c56df76d3838a748f21d23d6a37e8b75aab8c19c9
                • Opcode Fuzzy Hash: fb2ba0efecea7db14b6dd6849b04040b9c6e8b4452ccbf34d24f7eec3b932639
                • Instruction Fuzzy Hash: CC8123A1D08698DAF7248A60DC48BEE7775EF91300F1481FAD50D9B281E67E1EC58F22
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: e301f1136dc23ec5ce86bf0f8d293c34fe5df37ee4a0c7d11b99a051b81f3c27
                • Instruction ID: a341748f1072460607fa389d0fbd38a221604d2dac8176ca28acbbb127d98821
                • Opcode Fuzzy Hash: e301f1136dc23ec5ce86bf0f8d293c34fe5df37ee4a0c7d11b99a051b81f3c27
                • Instruction Fuzzy Hash: 3A71F2A1D08598DAF7208A64DC48BEAB775EF91300F1441FAD40D9B681E37E5EC58F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: ba0045aee4632bf9f8288e9925f62b17b9cf83d8b6bbbd32d169f0babc749d3f
                • Instruction ID: 165551ebf0232232370e60078183ab8368fe265fc85f9238b2e0b02b810decc8
                • Opcode Fuzzy Hash: ba0045aee4632bf9f8288e9925f62b17b9cf83d8b6bbbd32d169f0babc749d3f
                • Instruction Fuzzy Hash: 0A7102A1D08598DAF7208A64DC08BEEBB75EF91300F1481FAD40D9B681E77D5EC58F62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 544645111-4069139063
                • Opcode ID: 3e7ea7915b77e74ec114da7d28928eeb795c2bb2c5ef6738da8ef8d118d50073
                • Instruction ID: d500fc50ea667b36d773fb2e74b0b8421acb3aa50fb96ddf4c01ed7c5d1a52ca
                • Opcode Fuzzy Hash: 3e7ea7915b77e74ec114da7d28928eeb795c2bb2c5ef6738da8ef8d118d50073
                • Instruction Fuzzy Hash: D36136A2D08298DEFB258710DC59BF6BB74EF50314F1480FAD90D5A281D2BD1FC59B22
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: e5a4b85ea5a6be067f73c1e94c9d68c04e61ea7dd56f0f0532603cbb6aea7878
                • Instruction ID: c9fc0d68f32e1ee6581885e2dae5b5c8753e86c8bc5287c9e8953941d04b01f7
                • Opcode Fuzzy Hash: e5a4b85ea5a6be067f73c1e94c9d68c04e61ea7dd56f0f0532603cbb6aea7878
                • Instruction Fuzzy Hash: BD61E3A1D08598DAF7208A64DC48BEE7776EF91300F1441FAD00D9B681E77E5EC58B62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 544645111-4069139063
                • Opcode ID: 642a1af1fcf2b58c0a8525e3b11f31f7ef6ffe949ec2bffe79e0e69e5e4e4d29
                • Instruction ID: 6a8b90d9fbb2e8fd9ae59fbe98e3c332322341df174983c851370ed06bb2e3d5
                • Opcode Fuzzy Hash: 642a1af1fcf2b58c0a8525e3b11f31f7ef6ffe949ec2bffe79e0e69e5e4e4d29
                • Instruction Fuzzy Hash: 7C51F491D08598DAF720CA64DC48BEE7776EF91300F1481FAD00D9B681E67E5EC58F62
                APIs
                • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 007AD8AB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: FileRead
                • String ID: E$P$P$c$e$i$o$r$s$s$t$x
                • API String ID: 2738559852-1626331376
                • Opcode ID: 3e72bb9798662fa481e6530410fad883156ba7cca27b4b9449738612a224e42f
                • Instruction ID: 1cf37f143d3c699016037e77d9daef8429a60ea7085cc8bc658c8c0ffba05bc3
                • Opcode Fuzzy Hash: 3e72bb9798662fa481e6530410fad883156ba7cca27b4b9449738612a224e42f
                • Instruction Fuzzy Hash: 403191A1C18294DAFB28CB24DC58FEABBB4AB55340F1442FDD44D56381CABD1FC48B61
                APIs
                • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 007AD8AB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: FileRead
                • String ID: E$P$P$c$e$i$o$r$s$s$t$x
                • API String ID: 2738559852-1626331376
                • Opcode ID: 8cd0d9e3ed0116a9a13a4f2452192258fc80ca4e159d23464f1896fa4a06989b
                • Instruction ID: 9260e8fb1d35a113b4a9daa13f69cea1a3528ce0acef0a658faba072b0231db2
                • Opcode Fuzzy Hash: 8cd0d9e3ed0116a9a13a4f2452192258fc80ca4e159d23464f1896fa4a06989b
                • Instruction Fuzzy Hash: 943191A1C18294DAFB28CB28DC58FEABBB4AB51340F1442FDD44D56381CA7D1FC48B61
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-2756691126
                • Opcode ID: ad22f7a5fc6880c8a938bf4d1b4f05adfce84bbf4b2aee45719cc094c677c9eb
                • Instruction ID: ff3e9c616d10fc43799fd3d64133e9a53e5d06b43f1d64c3e93d39e0bc935d44
                • Opcode Fuzzy Hash: ad22f7a5fc6880c8a938bf4d1b4f05adfce84bbf4b2aee45719cc094c677c9eb
                • Instruction Fuzzy Hash: 10711560D086E8DBEB318B64CC487DA7B71EF52300F1401EAD54DA7292D6BD5AC5CF62
                APIs
                • VirtualAlloc.KERNELBASE(00000000,3A3646D4,00003000,00000004), ref: 007AC4B4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-2756691126
                • Opcode ID: 7a0e986797fe8be70a53c8d75e9f2133af24dff39dfd4117e879840c3747c346
                • Instruction ID: 079b173dcf2649a4d90b12f3862f9874f9d7ae721be5e74754951c154bfdefc5
                • Opcode Fuzzy Hash: 7a0e986797fe8be70a53c8d75e9f2133af24dff39dfd4117e879840c3747c346
                • Instruction Fuzzy Hash: B5710260C086E8DBEB318B64CC487DA7B70EF56300F1401EAD54DA7292D6BE4AC1CF22
                APIs
                • VirtualAlloc.KERNELBASE(00000000,3A3646D4,00003000,00000004), ref: 007AC4B4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID: L$L$R$W$a$a$b$d$i$o$r$r$y
                • API String ID: 4275171209-2756691126
                • Opcode ID: 0d658a1d663a213cc5b873d5e5c3ef55b12fb0cb0b72e8c99989827ef75ab136
                • Instruction ID: bcb3ea38a79552ef052a3d67517354089d699fc6a97788664583f9249a2fdd89
                • Opcode Fuzzy Hash: 0d658a1d663a213cc5b873d5e5c3ef55b12fb0cb0b72e8c99989827ef75ab136
                • Instruction Fuzzy Hash: 5E710260D086E8DBEB318B64CC487DABB70EF51300F0401EAD54DA7292D6BE4AC1CB22
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: b8ed670910e48b1cd923b9b23e3c17c838ec54ab52195adc5b0e51f69df6c554
                • Instruction ID: a76c52df711db2a865e37f4b3f8f0093df3e873337bd76e26b633f115282f5e7
                • Opcode Fuzzy Hash: b8ed670910e48b1cd923b9b23e3c17c838ec54ab52195adc5b0e51f69df6c554
                • Instruction Fuzzy Hash: 4371D3A2D052688BF7218B24CC44BEB7775FF91310F1481FAD48DA7242EB395E85CB92
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 9ff62d0ceb1d617914253a463338e46208648b397788c278fede4c932cf5d433
                • Instruction ID: 1e64a44be552b36ed41f3ec75d125e28b6be97b316ad4ce4b86440ac0bf30794
                • Opcode Fuzzy Hash: 9ff62d0ceb1d617914253a463338e46208648b397788c278fede4c932cf5d433
                • Instruction Fuzzy Hash: A7719271D152688BFB218B24CC547EAB7B5FF95300F1181EAD44DA7242EA395F81CF51
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 44591e135d2e938b324670346e4ef4558aed97279433adc8dbe786ffff309c62
                • Instruction ID: 4025cec91ea179ba21b2ac314a54794924b606da44dcab435ebd27a19675a9e6
                • Opcode Fuzzy Hash: 44591e135d2e938b324670346e4ef4558aed97279433adc8dbe786ffff309c62
                • Instruction Fuzzy Hash: 9E719271D052688BFB218B24CC547EA7775FF95310F1481EAD44DA7282EA395F81CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 3707b5ba113dae2f78811f2a89ec793918a6d13b09fca59d224acd02e083523f
                • Instruction ID: bcc0cb7d4e6999da8a298200e000ac4e97c97e38966b1b2e94fec69a6fa3d66e
                • Opcode Fuzzy Hash: 3707b5ba113dae2f78811f2a89ec793918a6d13b09fca59d224acd02e083523f
                • Instruction Fuzzy Hash: 537192B1D152688BFB218B24CC54BEA7775FF95300F1081EAD44DA7282EA395F81CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: cb2aafa1792e6a6b0d3747024c696feec48425b0c1bc133ff381c413b26ff3df
                • Instruction ID: abb385915fd5777371ddc56796e903f2a41caf1bf43e88b40e4261404ef65c9e
                • Opcode Fuzzy Hash: cb2aafa1792e6a6b0d3747024c696feec48425b0c1bc133ff381c413b26ff3df
                • Instruction Fuzzy Hash: 097192B1D152688BFB258B24CC547EA7775FF95300F1081EAD44DA7242EA395F81CF51
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: c6d90fafbbec18ad18b76b9a988f244fb8c406e6d656d5cd253e83cd57e05951
                • Instruction ID: 790f60ad2a242277efc6af9a9756530e8839c6257f60d6767942eedc99b0d525
                • Opcode Fuzzy Hash: c6d90fafbbec18ad18b76b9a988f244fb8c406e6d656d5cd253e83cd57e05951
                • Instruction Fuzzy Hash: 92517E71D052688BEB258B24CC547EAB7B5FF95310F1081EAD48DA7242EB399F81CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 985532e63487c4f0a5e936d07e76499b7e29c3379a434531da89983e781102a8
                • Instruction ID: 70da0c8fa16938a088e9e401105bd9fec8418eb45c72a82af4396d4cbba22e3d
                • Opcode Fuzzy Hash: 985532e63487c4f0a5e936d07e76499b7e29c3379a434531da89983e781102a8
                • Instruction Fuzzy Hash: 78517E71D052688BEB218B24CC547EAB7B5FF95300F1481EAD48DA7242EA399F81CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 69948beb4d4ad9715b3e605e1304bbefa273ac0226e55267eedef0e508671697
                • Instruction ID: 0bd04e569dae62e6794f91421bf64a324aacfa91b94053ef28916aa1ccc71b6b
                • Opcode Fuzzy Hash: 69948beb4d4ad9715b3e605e1304bbefa273ac0226e55267eedef0e508671697
                • Instruction Fuzzy Hash: 26519072D052688BFB218B24CC547EA77B5FF95300F1481EAD48DA7242EA399F85CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: fb87f9978bdec9c467ae54f6df17890c4fc0bce8711336370e7a5e5d53a70201
                • Instruction ID: 7359458fa39bae26cc520411c07742f14569ea5b2ceab830705930babaeac581
                • Opcode Fuzzy Hash: fb87f9978bdec9c467ae54f6df17890c4fc0bce8711336370e7a5e5d53a70201
                • Instruction Fuzzy Hash: FB518171D052688BFB218B24CC547EAB7B5FF95300F1481EAD48DA7242EA399F85CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: c0e2001137d6a89b5375591dacab80e24bb2f066a3f6ef447729503261bb7643
                • Instruction ID: f48a28556df73f733be866f799a6cd1d3f372aa7f58481201fb4d94a38b78b53
                • Opcode Fuzzy Hash: c0e2001137d6a89b5375591dacab80e24bb2f066a3f6ef447729503261bb7643
                • Instruction Fuzzy Hash: 1D518F71D052688BEB218B24CC547EAB7B5FF95300F1481EAD48DA7242EA399F81CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 878d7a5ffbac7f2dd0610c0c0e4547966783c36ddfb1b182340bb6a8dbbd837a
                • Instruction ID: a1b1ba125c67810afb20ac69a6406b43ca29fb5efb7d5024eee96bb918235485
                • Opcode Fuzzy Hash: 878d7a5ffbac7f2dd0610c0c0e4547966783c36ddfb1b182340bb6a8dbbd837a
                • Instruction Fuzzy Hash: D9518F71D052688BEB218B24CC547EAB7B5FF95300F1481EAD48DA7242EA399F81CF52
                APIs
                • LoadLibraryW.KERNELBASE(?), ref: 0073C893
                • LoadLibraryW.KERNELBASE(?), ref: 0073C8B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID: 58;;
                • API String ID: 1029625771-1097885115
                • Opcode ID: 2a329bda6ca58ad140441f0f457bcf9b0bb4093a2500383b1c4bf27bb91ecddc
                • Instruction ID: ac4a08e0122a83ad59733db33bbd2cf29426f465f2e62e5231f51c7784e534d9
                • Opcode Fuzzy Hash: 2a329bda6ca58ad140441f0f457bcf9b0bb4093a2500383b1c4bf27bb91ecddc
                • Instruction Fuzzy Hash: 9A518F71D052688BEB218B24CC547EAB7B5FF95300F1481EAD48DA7242EA399F81CF52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID: $F98?
                • API String ID: 1263568516-1440876813
                • Opcode ID: 552561242c1a6ae30a1b4291c2fe744d23cac329fcd8199b480aa094051707c7
                • Instruction ID: 8bde43e68748d6aea33799c96b4c93b950d0b16a24ba7456b280195cb44351e5
                • Opcode Fuzzy Hash: 552561242c1a6ae30a1b4291c2fe744d23cac329fcd8199b480aa094051707c7
                • Instruction Fuzzy Hash: 209145B4E012288BDB24DB14CC94BAAB7B5FF89310F6441EAE84D67641D739AEC1CF41
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: cf56a9f6e7759ea040a31eb20fed56c766cfa975107237a415020d470c3b35c5
                • Instruction ID: 7cb256cb3a02b8dd87beb9e829124e7554c0eff7ab526aebed3ee1fb023e208f
                • Opcode Fuzzy Hash: cf56a9f6e7759ea040a31eb20fed56c766cfa975107237a415020d470c3b35c5
                • Instruction Fuzzy Hash: 7851DFF2E051249FF7648A14DD84BEAB77AEB84310F1580BAE80DA7640D73D5EC5CEA1
                APIs
                • ExitProcess.KERNEL32(00000000), ref: 00437BB7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-399585960
                • Opcode ID: 2e8118cdc50f5d351fe33459cd3b8273b82f876e9ba5937ff4cb4b849af37bb3
                • Instruction ID: 9351e294da0ece2dc520d47319c66cfebc14c14efee24f5d9ebff56c84192ef1
                • Opcode Fuzzy Hash: 2e8118cdc50f5d351fe33459cd3b8273b82f876e9ba5937ff4cb4b849af37bb3
                • Instruction Fuzzy Hash: 3D612BB4A091298FEB34CF04DC80BA9B7B5FB89318F1481EAD98D67341D735AE918F45
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 9O2H
                • API String ID: 0-1121337113
                • Opcode ID: e4e648fa9f4888c863b5791d0aa12999f00aa44d567df66d17054dd4268fc8d9
                • Instruction ID: 1d713c85a9b00874cd21f346f0f0a2f157811740236f7dae536b8d671931e9af
                • Opcode Fuzzy Hash: e4e648fa9f4888c863b5791d0aa12999f00aa44d567df66d17054dd4268fc8d9
                • Instruction Fuzzy Hash: 7E5198F2D08119DBE7248A10DD49BFB7779EB84310F2045B9E80A96240D73D5FC5DE61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 8c03c944d69e425cbe220fba62acaaa82f9426fd63005df155c1abc65d0f874c
                • Instruction ID: 01a81b62be8cd75832667d067d47cd3fd06c2b9c030199666a1041c047852d7c
                • Opcode Fuzzy Hash: 8c03c944d69e425cbe220fba62acaaa82f9426fd63005df155c1abc65d0f874c
                • Instruction Fuzzy Hash: B841D5F2D48119AFE7288A10DD45FBB7769EB80310F1041B9E90E96240D33D9EC1DE62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: bc50ab9c017d1eafcdef50acd92d5a0463ae73c3f8e55bd500042cad3cdbd4b3
                • Instruction ID: 53b0eea548b879a7bbf809244022612908310d8b4209cb3daa956fe50921e9bb
                • Opcode Fuzzy Hash: bc50ab9c017d1eafcdef50acd92d5a0463ae73c3f8e55bd500042cad3cdbd4b3
                • Instruction Fuzzy Hash: FC41DDB2E04125AFF7248A14DD84FEB7679EB80310F1581BAE80DA7240E73D5EC5CEA1
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 90fb8ce6614a2addeb708ab90d971453479231314e71260a11099331319b945a
                • Instruction ID: 787ea721ca52ab26fee62754b6d1bc13836d6fef60f80d3161a8ad2d46455a3c
                • Opcode Fuzzy Hash: 90fb8ce6614a2addeb708ab90d971453479231314e71260a11099331319b945a
                • Instruction Fuzzy Hash: 0E3181F2D48119ABE7248A10DD85FBB7769EB84310F2045B9E90E96640D33D9EC1DEA1
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 06dc8b1714d2e5ae77aa7fb5f06350cb683ee2f9da4dbf9714449ddf35623771
                • Instruction ID: fcfff4d95c255c5b696dcacad29a6ad3f4ab9c6eb87882c22e0340c9c1298ab9
                • Opcode Fuzzy Hash: 06dc8b1714d2e5ae77aa7fb5f06350cb683ee2f9da4dbf9714449ddf35623771
                • Instruction Fuzzy Hash: CE31C5E2D48115ABF7288610ED49FBB362DE784310F2485BAE90E96240D73D9FD1DA62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 944b60e9610741ee08a6ea2ba3d7ee3871c2e5efab3a2efe1820de2230564ad3
                • Instruction ID: 2caa464b18b8a6825cc2c75e9847b3438dbe87526e382e07a9b6db958ffa46c2
                • Opcode Fuzzy Hash: 944b60e9610741ee08a6ea2ba3d7ee3871c2e5efab3a2efe1820de2230564ad3
                • Instruction Fuzzy Hash: C431A1B1D191559BE7288A10DD85FAE773AEBC1310F1481FAE40EA6240D73D5EC1CF61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: b2cb5affcb086c98b8070ff832818624cfbc5a6597fe3c3d45ec0310fd0f1343
                • Instruction ID: 3b75104a44b17625cbcf062b177c013bca36d864a87a7a9d6b26d17fe2019e47
                • Opcode Fuzzy Hash: b2cb5affcb086c98b8070ff832818624cfbc5a6597fe3c3d45ec0310fd0f1343
                • Instruction Fuzzy Hash: 9A31D6E2D08155ABF7284620ED49FFB367DEBC4310F1445B9E90E96240D33D9EC1DA61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: aa00a5f8f4a056513e97a5a888dfc95de03465119ec3727a95f76969005b2ef6
                • Instruction ID: cfb65fc432552a0867a4095cbea70a2c6eaca5952e5feb4fee43780d74995f18
                • Opcode Fuzzy Hash: aa00a5f8f4a056513e97a5a888dfc95de03465119ec3727a95f76969005b2ef6
                • Instruction Fuzzy Hash: 4931C1E3D48115ABF7284A10ED89FBB766DEBC4310F1085BAE90E96240D33C9EC1DE61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 627f2ba7e1069881ddc5ed6ac4272a2238c2da8a1adfc6a78abb2301fd666e3d
                • Instruction ID: 7137fe177295b99b219d35a2f8e08a1c9e3f29c0fbe5612be9a30d195b4e0545
                • Opcode Fuzzy Hash: 627f2ba7e1069881ddc5ed6ac4272a2238c2da8a1adfc6a78abb2301fd666e3d
                • Instruction Fuzzy Hash: 0F31A4B1D091589BEB748A50DD85BBF7779EB84310F1085EAE80EA6240D73C5EC1CF61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 27b8aabd37ce37fa5cc78aa9822660137c28a04007d7431e947209e9bbdde4f0
                • Instruction ID: 6474d3d27b88d924a2eeb991f642ad1f6685f0083f0f9a4fe178d328d87f0e5b
                • Opcode Fuzzy Hash: 27b8aabd37ce37fa5cc78aa9822660137c28a04007d7431e947209e9bbdde4f0
                • Instruction Fuzzy Hash: EA21C4E2E48154ABF7288610ED85FBB767DEBC4310F1485BAE90E96240D33C9EC1DE61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: e608ff6675905be3f86befd7375c2a8f84afbcbbca6aa75d83c66ec31456cb6a
                • Instruction ID: 272cccc4b44db5dd49ace2b24c35be8d0dc775552e941ca80ad614fc15aa798d
                • Opcode Fuzzy Hash: e608ff6675905be3f86befd7375c2a8f84afbcbbca6aa75d83c66ec31456cb6a
                • Instruction Fuzzy Hash: 9B3191B1D091689BE7688A10DD85FAF7779EB84310F1085FAE80EA6240D73C5EC1CF61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 1a0bab5b0235c78caf704215ae26be017f33521990cdd3c9bce2cdbaa3fc44f4
                • Instruction ID: d2aefd701413a036dd2d44af9952bc96dc912e686677e6bf995fdcd09b225ce2
                • Opcode Fuzzy Hash: 1a0bab5b0235c78caf704215ae26be017f33521990cdd3c9bce2cdbaa3fc44f4
                • Instruction Fuzzy Hash: E62190F2D08155ABF7288A11DD45FBB766DEBC4310F1085BAE90E96240D33DAEC1CE61
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 3e17fd8a11cc2163752be482bd5ff6ea870efba4256083a77bfde9b8f6aaa7d4
                • Instruction ID: 8a6344f0471d06c328bfcf540e1fcc62ebbfd48cee288d2a319ee799c02044e7
                • Opcode Fuzzy Hash: 3e17fd8a11cc2163752be482bd5ff6ea870efba4256083a77bfde9b8f6aaa7d4
                • Instruction Fuzzy Hash: 0B21C5F2D18154ABF7248A10DD85FBB766DEB84310F1085B9E90E96240D73D9E85CE62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: JO:O
                • API String ID: 544645111-1843474368
                • Opcode ID: cc622721f8eb61bb87798297dbf9a65fd1373cd824a5df6eb8d1eeb48ceb78b9
                • Instruction ID: c9da7f5392e37c3b0ebf75e0b4d210bb3f992094d6fea09a9bb5baa0270a0d47
                • Opcode Fuzzy Hash: cc622721f8eb61bb87798297dbf9a65fd1373cd824a5df6eb8d1eeb48ceb78b9
                • Instruction Fuzzy Hash: AB21F372E041789BE7258A95CC44BDBBF78AB44311F0441F7EC0D67240C1796F868FA1
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 3eda1ad6ce26faef71310ec3546604ec31c30de9b369b448077f54b05d22b492
                • Instruction ID: e599629c92aedd83a2bc456b3edec76d4bd98bc2597ef57451fd0fd8df1deb40
                • Opcode Fuzzy Hash: 3eda1ad6ce26faef71310ec3546604ec31c30de9b369b448077f54b05d22b492
                • Instruction Fuzzy Hash: 4121C3F2D08115ABF7248A10DD85FBB767DEB84310F1085B6E80EA6240D33D9E81CE62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 8c792e3d15da30d511550a3b99d280c7c3eabfaa3ca94790b9af3f122209e1ec
                • Instruction ID: 464d849b89e9f50cb5f35fcc4a914921de3277d821c5b2afa6e654aff54a974e
                • Opcode Fuzzy Hash: 8c792e3d15da30d511550a3b99d280c7c3eabfaa3ca94790b9af3f122209e1ec
                • Instruction Fuzzy Hash: D511D0F2E04115ABE7648A10DD89FBB773DEB80310F1085B6E90EA6240D33C9E81CE61
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,00000001,?,?,00747648,00000000,00000000), ref: 00747C7D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655703230.0000000000747000.00000040.00000001.01000000.00000003.sdmp, Offset: 00747000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_747000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID: 9O2H
                • API String ID: 544645111-1121337113
                • Opcode ID: 62e01d10164888bcb26ac2ce6c3b3304ee9abc7b0054b4e222bb62b347a8ed91
                • Instruction ID: 3a3fee1cbb77bdf2fdbe021c51b5d9e358e70b083562c2b82e046fe2903e2d66
                • Opcode Fuzzy Hash: 62e01d10164888bcb26ac2ce6c3b3304ee9abc7b0054b4e222bb62b347a8ed91
                • Instruction Fuzzy Hash: 191181F2D04155ABE7648A10DD89FBB767DEB84310F1085BAE90EA6240D73D9E81CE61
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID: F>>Y
                • API String ID: 1263568516-3804029514
                • Opcode ID: 2cb1a38f518f79bad95764dea54afa966b6b600605c4eb63979dfa95428d231d
                • Instruction ID: 8d6360cd7d7b2c7731b12bd33b3238aedf6105d80ab4ac5700e3e521bcaf4c5c
                • Opcode Fuzzy Hash: 2cb1a38f518f79bad95764dea54afa966b6b600605c4eb63979dfa95428d231d
                • Instruction Fuzzy Hash: 2161B0B1E002689BDB209B14CC54BEAB775EF85300F5481E9E44DA7240E7399EC2CF52
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: f0cb9e2adf6cc7d32943055cbd9e43c96e1426ccadce342165f7a0016762b089
                • Instruction ID: ec9e9038f7ab93d26261df9c69b86886f34eef5c2cc0f9d927c4fe7b2a439789
                • Opcode Fuzzy Hash: f0cb9e2adf6cc7d32943055cbd9e43c96e1426ccadce342165f7a0016762b089
                • Instruction Fuzzy Hash: BCC1BEB1D055688FEF28CB14CC98BAAB7B5FB44305F2482EAD80D66241DA396FC5CF51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: f59b94e9e6dc21921b930ba4c9917ba92cd5ebd5fead7ddbbf6ea4963d8466e4
                • Instruction ID: 91cbccf9d9e25bacf7879ab5c12bd8268676dbe940acc2f1e24680d6a888bf0c
                • Opcode Fuzzy Hash: f59b94e9e6dc21921b930ba4c9917ba92cd5ebd5fead7ddbbf6ea4963d8466e4
                • Instruction Fuzzy Hash: B161ADB1D146299BE7288B14DC80BFBB374FB48310F1451FAE50AA6640E7389EC28F59
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 703d65518f6f4cd6ace79f861387efd95c8185adf54921794eb342e10e7b6a9e
                • Instruction ID: 616e8e057f723c4a695999f8346f97917ac1d850d9acc0c30ace4e6039c8491a
                • Opcode Fuzzy Hash: 703d65518f6f4cd6ace79f861387efd95c8185adf54921794eb342e10e7b6a9e
                • Instruction Fuzzy Hash: D761D4B1C046299AD7348B10DC80BFB77B4EB48314F1491FAE44AA6681E67C4FC1CF65
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: e9de6c2abe7fbb2aac2a792d08398fdc3786435641532ef419f2c06c20c47f05
                • Instruction ID: 46aec5cb5d22e46cbd197e6e969d373f77f2d1c162a9df03e7215e99c6fe1e8b
                • Opcode Fuzzy Hash: e9de6c2abe7fbb2aac2a792d08398fdc3786435641532ef419f2c06c20c47f05
                • Instruction Fuzzy Hash: 9C61F1B0D051688BDB28CB14DCE4BEEB7B5EF41301F2481EAD90A66251D6786E85CF80
                APIs
                • ExitProcess.KERNEL32(00000000), ref: 00437BB7
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 4959961c1b2a01c01821f9607b8b9a9a2471c8d62bcd9766451292aad51a870e
                • Instruction ID: 4c080fd25a2bd41151171a91d41dccf31b163b1619eb7e8d8b8db0ddb789dadd
                • Opcode Fuzzy Hash: 4959961c1b2a01c01821f9607b8b9a9a2471c8d62bcd9766451292aad51a870e
                • Instruction Fuzzy Hash: 2561C0F1D051258BEB248B15CD44BFEB7B9EB84310F1081FAE94D66280EB785EC1DE55
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: ef587606c47cc96a9f471e3146cb557a18d3a9c3d4bf7f88a42c6799cc5ed2e9
                • Instruction ID: 55703bbbae01038c02166c20b3de40533ed10c19449d20e6f5f95399f203b609
                • Opcode Fuzzy Hash: ef587606c47cc96a9f471e3146cb557a18d3a9c3d4bf7f88a42c6799cc5ed2e9
                • Instruction Fuzzy Hash: FE51AEB19146199BE7249B24DC80BFBB778EF54314F0052FAE90AA6640E7385FC28F56
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 062d8f7a52edb7f1ccb9c5d291f345050266809fe1fa5a0fd1b5d4814f973f77
                • Instruction ID: 093a07493b33b45c168093b1e20649bc6a40a61944bfccf0b18b39fbdf759aed
                • Opcode Fuzzy Hash: 062d8f7a52edb7f1ccb9c5d291f345050266809fe1fa5a0fd1b5d4814f973f77
                • Instruction Fuzzy Hash: 6E5116F2D046599EE7208B24CC99BEB7B34EB81310F0442FAD94967681DB3D9EC58E52
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 82cf0483e3ce4e7ad954030b9a852cbc99b1a573508b164578d75b763d74f08c
                • Instruction ID: 9159665fddcd59adc79f99c8ff4973c85f7fb5dbc35fef60490c194b8e9bb998
                • Opcode Fuzzy Hash: 82cf0483e3ce4e7ad954030b9a852cbc99b1a573508b164578d75b763d74f08c
                • Instruction Fuzzy Hash: F85163B2C046269BE7248B24DC51BFAB775EF49310F1091FFE50E92241E63C5AC28F56
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: b6763edfb5dd3f07a59377b5909d9c4ec55c984dd4dd1288abac75bb1d9c27d3
                • Instruction ID: 61fe03940254707d59e5ac818799b38ccd97edc63c5c6680851863f037ad1aca
                • Opcode Fuzzy Hash: b6763edfb5dd3f07a59377b5909d9c4ec55c984dd4dd1288abac75bb1d9c27d3
                • Instruction Fuzzy Hash: 0641B4B2D046188FE7249B14DD84BEBB778EB45324F0086FAD90E96640D73C9FC18E55
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 532d98b5c9bd2ccd0aaccb02dbcd4a2d957f85f35cd67ab4be671fe8e5c367ef
                • Instruction ID: bd7a7670f3320a834b319b56c95738b3b48140d92cf4ad51283824ea215dce28
                • Opcode Fuzzy Hash: 532d98b5c9bd2ccd0aaccb02dbcd4a2d957f85f35cd67ab4be671fe8e5c367ef
                • Instruction Fuzzy Hash: D041D4F2D046699FE7208B10CC84BEABB75EBD2310F1482FAD84956641D7399EC68F52
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: d9a041a507fd986f6ae144073d9271a5da766805ce2f9390ae1f5a7e30ba5b3c
                • Instruction ID: 89d80d593e6210b81d2c70f0222c04977e3bf9344c05a079f57406efd42e5bf9
                • Opcode Fuzzy Hash: d9a041a507fd986f6ae144073d9271a5da766805ce2f9390ae1f5a7e30ba5b3c
                • Instruction Fuzzy Hash: 0B41C5B1E045789BEB258A55CC44AEBBFB8AB85312F1441F7EC0D67240D1786FC58FA1
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 1e807a458c3dd8f6fb004da3a07fef09fe53521b798c95b1355f20eb9f923659
                • Instruction ID: f395d517504bf352fcb6d63cffcab5935d6a8c80beb3075bc498cc4d874de211
                • Opcode Fuzzy Hash: 1e807a458c3dd8f6fb004da3a07fef09fe53521b798c95b1355f20eb9f923659
                • Instruction Fuzzy Hash: C5419DB1D151298AEB288B24CD15BFEB774EF88310F1081FAD94E66381EA785EC1CE55
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: d721933132e9c7ef6471857d9aac76fcf910c3b6f543e4b9017f488f3fc52114
                • Instruction ID: 8b146d7c654ea3fbb740fcb538b4ee7d7eebee9c3ef24f8efedbb33d67ceca9e
                • Opcode Fuzzy Hash: d721933132e9c7ef6471857d9aac76fcf910c3b6f543e4b9017f488f3fc52114
                • Instruction Fuzzy Hash: 9A41D771E045789BE7298A55CC44AEABBB5AB45311F1442FBDC0DA7240C1786FC5CF91
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: ce0e16ba3f0795cdf1c8bc26b54f552288570dab2df6c98ad5ea9cb03042f256
                • Instruction ID: 5f33d2b7e755043fb26a3f0d0542f4314552e21de2198dffa540b123174bb60c
                • Opcode Fuzzy Hash: ce0e16ba3f0795cdf1c8bc26b54f552288570dab2df6c98ad5ea9cb03042f256
                • Instruction Fuzzy Hash: 2441D4B1E045789BEB258A55CC44BEABFB8AB85312F1441F7EC0D67240D2786FC58FA1
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?), ref: 004201B8
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 5f2835000de9c3daab481ce8ed2c5e026aac589888598740c5d67dbcc5fd40cc
                • Instruction ID: e400065f6857abaa178c0966eea005ecabff4a4ba90655605491290b5f59ed6d
                • Opcode Fuzzy Hash: 5f2835000de9c3daab481ce8ed2c5e026aac589888598740c5d67dbcc5fd40cc
                • Instruction Fuzzy Hash: 8641C2B1E051389BEB248A14DC94AFAB7B4EF81301F1081EBD40D63641D63D6FC5DE56
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?), ref: 004201B8
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 597c1c35a0c4d769df8eb8758e78d365707a90189048371236036dfa69c5d33a
                • Instruction ID: bf84e2b94d511eb6579173506e8b5dd4eb5c12a8ac80803ca02686515e484eba
                • Opcode Fuzzy Hash: 597c1c35a0c4d769df8eb8758e78d365707a90189048371236036dfa69c5d33a
                • Instruction Fuzzy Hash: 2641D171E091789BEB248A24DC94AFAB7B5EB81300F1081EAD44D63282D6396FC5DF52
                APIs
                • ExitProcess.KERNEL32(00000000), ref: 00437BB7
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: ca1be9d631d2602c4dc8d89f7b21a27934f0e6dd74a26dd47c3f3f49b10f3698
                • Instruction ID: f8200e12950d757160bee6e163f143d7160e377103b1dba0b0748f43467179e6
                • Opcode Fuzzy Hash: ca1be9d631d2602c4dc8d89f7b21a27934f0e6dd74a26dd47c3f3f49b10f3698
                • Instruction Fuzzy Hash: CF31C0F1D19114AFF7288B25DC45BEBBBB4EB48310F1041FBD84E56680C63D9E868E52
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: c55daf31d7d9a0d895b4a0d002668c42aab4560cc82c313457db0d86564410fb
                • Instruction ID: a2e3f5e94a0b1f2de2dc98f0c24c36e529571cb1996e6999aad7f0cf392e53a9
                • Opcode Fuzzy Hash: c55daf31d7d9a0d895b4a0d002668c42aab4560cc82c313457db0d86564410fb
                • Instruction Fuzzy Hash: 0E3107F2E051589FFB248A14CC98BEB7768EF44304F2481FAE90D56240D27D6FC19E62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 26a54706db0fccdab48d747b9fc8bd881d9f8d45b4d79c8745d6cc9d1c23cdd9
                • Instruction ID: 87834bccbc5b05aed12bed6806fc4236cec88d9931b439765765285f76fd376d
                • Opcode Fuzzy Hash: 26a54706db0fccdab48d747b9fc8bd881d9f8d45b4d79c8745d6cc9d1c23cdd9
                • Instruction Fuzzy Hash: 0F319BB2818256AFE720CA20DC95BEB7728EF05314F10A6BAE84986141C63C8DC28B52
                APIs
                • ExitProcess.KERNEL32(00000000), ref: 00437BB7
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 60bfd2e2d39d6bbdf27a08aae07ea945d0ac587fe441608abd3b54598ecda18d
                • Instruction ID: e1d7ac14d3dffd2269d94b55983f595c9d34729798fb5cb106ec7ebad50024a1
                • Opcode Fuzzy Hash: 60bfd2e2d39d6bbdf27a08aae07ea945d0ac587fe441608abd3b54598ecda18d
                • Instruction Fuzzy Hash: 4F31C0F2D052249BF7288B24DC49BEB7778EB84310F1042FED94E66780DA799EC18E55
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: f0fd98ac37145f98bea26308a918bee84d2cd7a7fff634225bbcb225d36ad991
                • Instruction ID: 0c27f95ad5fec0c5c8f53958719a2941e653b162bf760de622145fe3c70f35e0
                • Opcode Fuzzy Hash: f0fd98ac37145f98bea26308a918bee84d2cd7a7fff634225bbcb225d36ad991
                • Instruction Fuzzy Hash: 3631E371D042689FE7208B60DC98BEBB7B5FF85301F1041EAD9495A181D7785EC6CF51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?), ref: 004201B8
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: bf228d8aa83f4e8b32544523133e5518885e0e63ca17b1508f5db441f6132744
                • Instruction ID: bf68594441c63b1c533a5d8a3490404c08d265d56b5f4f0cafceff8ec4d8c438
                • Opcode Fuzzy Hash: bf228d8aa83f4e8b32544523133e5518885e0e63ca17b1508f5db441f6132744
                • Instruction Fuzzy Hash: 8131DFB1E091389BEB248A14DC94AFAB7B5EF80300F1081EAD80D63641D63D6FC5DF62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: d72052a1e748016a1cbcb9ffdd9d7c0f6437225ba617ca355c55f55eef19cb4b
                • Instruction ID: 75e75d54defc8f96f29013b08105033901dad84c58849f3807d3ed03f589505e
                • Opcode Fuzzy Hash: d72052a1e748016a1cbcb9ffdd9d7c0f6437225ba617ca355c55f55eef19cb4b
                • Instruction Fuzzy Hash: 412168F2D05014AEFF248A60DCA9FF63728EF40354F24C1AEE60E58181D67D1FC65622
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 049a38f2c41877552dab4f06af937065a8eb189a31cb42e5c580da08e9c72d0f
                • Instruction ID: 90248d00d4e5c5dfb73f5e2d3ad6cb69d4a2b53d67901a375c7731379bf62a66
                • Opcode Fuzzy Hash: 049a38f2c41877552dab4f06af937065a8eb189a31cb42e5c580da08e9c72d0f
                • Instruction Fuzzy Hash: FB2178F2C186556FF3209A24DC95BF73B28DF16314F10A5BBE88E81181D63C89C18B52
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 09b9064e96741eb4a0e9d6449bbf139cb24913e0995dea9da59b8b79fba71c9e
                • Instruction ID: 73a051b13941b43758f70f8e117ebe8316c1ede497d3136c2aceac1e88909372
                • Opcode Fuzzy Hash: 09b9064e96741eb4a0e9d6449bbf139cb24913e0995dea9da59b8b79fba71c9e
                • Instruction Fuzzy Hash: 052127F2E05014AEFB244650DCA9FF66768EB80314F2881BAE50E94180D67D5FC55522
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 5c23362cb8469639f5d5bd61aebfc892ea548f9a92186d90c44e0e8066b3aa9b
                • Instruction ID: 5f624f5acea9ae170fee3a13fe51118281f452659dac730433ee42acddfcf6dc
                • Opcode Fuzzy Hash: 5c23362cb8469639f5d5bd61aebfc892ea548f9a92186d90c44e0e8066b3aa9b
                • Instruction Fuzzy Hash: 6C210EF2D00544AFF7244610EC59FFB7329EBD1311F0981BEE9095A681D63C5AC58E52
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: feecfd2df1c7ac606b2235d02184f71da5a7a8fa0882f8d9d932bd46452c240d
                • Instruction ID: 2f0c331eeb904785fccf5adfd9af8a912cba7c8be4c4ecd4d795a272fe138e45
                • Opcode Fuzzy Hash: feecfd2df1c7ac606b2235d02184f71da5a7a8fa0882f8d9d932bd46452c240d
                • Instruction Fuzzy Hash: 7931D1F2E051589FEB348A14CD98BEA7768EF40304F2481EAEA0D56240D67D6FC59E62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: d477d49dd728a228c4c6f57eb723cc1920f8865288ad5b6d7daceb052f8e7474
                • Instruction ID: 4664fc711cbdfb4ec489dcb58f9e3dfd7df2ef4cc1493acbb02faba5274715ac
                • Opcode Fuzzy Hash: d477d49dd728a228c4c6f57eb723cc1920f8865288ad5b6d7daceb052f8e7474
                • Instruction Fuzzy Hash: 3531E4B1D081688AEF208A64CC98BEA7BB4FF01344F2482EAD54D661C0D7788FC19F52
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 3614ee1d9f30a89307c03fa6a440f521eec006d734804339a3e8f0b4f7117b85
                • Instruction ID: 579df47b45c9004fc2652c92d5ef38fb51abd9872b71a81358e62d769867bd25
                • Opcode Fuzzy Hash: 3614ee1d9f30a89307c03fa6a440f521eec006d734804339a3e8f0b4f7117b85
                • Instruction Fuzzy Hash: 753104F1D0426A9BE7219F10CC95BEAB734EF92310F0482FEDC4916646D7399A85CF92
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: feecd30f8c9319be8d215601a563091ec49ec056e870c57d9e2d0486de4fc5c8
                • Instruction ID: 424cc5b9e6cad0e10f730e573be125930dae4134b9fc97f156dc922930d87ad3
                • Opcode Fuzzy Hash: feecd30f8c9319be8d215601a563091ec49ec056e870c57d9e2d0486de4fc5c8
                • Instruction Fuzzy Hash: 713191B2E045789BE7258B55CC44ADABF79AB84311F0442FBEC0DA7240D2796F85CFA1
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 39e275ec1c35cfc0fc8c2dfb902d0e47c153de596d32667f82fa5f950f90a53d
                • Instruction ID: 94b295f344223a285ced5dd52dbcc5cc4716c864928060ce38db524017d572cb
                • Opcode Fuzzy Hash: 39e275ec1c35cfc0fc8c2dfb902d0e47c153de596d32667f82fa5f950f90a53d
                • Instruction Fuzzy Hash: 84318075E182689FEB24CA24DD54AEBBB75FBC5310F1081FAE90D67280D7781E818E50
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 00773CD9
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 672a6e9c398127390f159aa9a0a8a6dfc5638d474e8ee1d35211bc8b70eb8a28
                • Instruction ID: c8835926f6d796029f77ad5c753e3ea6f81012312edc9733c033b79208f10157
                • Opcode Fuzzy Hash: 672a6e9c398127390f159aa9a0a8a6dfc5638d474e8ee1d35211bc8b70eb8a28
                • Instruction Fuzzy Hash: BC2146B3F041989AEF344624CC1CBEB7A69EF81304F1881EAE54E56180D6BD5F958A23
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 243c03d28fefc7bfc76e5f9d67ecd0aee0ae9c6300cbf9d61b4aec04f09c4b68
                • Instruction ID: e685fcaec7639e152abd2c0db4721adcde6ad1eccf28977c9dd053634b64aa60
                • Opcode Fuzzy Hash: 243c03d28fefc7bfc76e5f9d67ecd0aee0ae9c6300cbf9d61b4aec04f09c4b68
                • Instruction Fuzzy Hash: ED31B2B09095688EEB34DA10CC54BFEBB75BF86306F18C0EBD88956241C6385EC18F85
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: a1da692fd9409898eedd0dff31bffa48d17f43ddad8d6db234594d823d53869f
                • Instruction ID: 45bb296a48f302e4603e322565e2c1125d3d68e2dc59f32590fab2fc83ae72c0
                • Opcode Fuzzy Hash: a1da692fd9409898eedd0dff31bffa48d17f43ddad8d6db234594d823d53869f
                • Instruction Fuzzy Hash: 8E216F75E182689EEB24CA64DD54AEBBB75FBC5315F1081FAE40D67280C7381E818E50
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: a0fbac005d1cd0a976140bc5e8a70ac1720e3fa486696c24fe5a4858d817a595
                • Instruction ID: 13d144791b41c64ff85181670863189da0003a33227410f599357e05549cce11
                • Opcode Fuzzy Hash: a0fbac005d1cd0a976140bc5e8a70ac1720e3fa486696c24fe5a4858d817a595
                • Instruction Fuzzy Hash: DF217175E182689FEF24CA64DD54AEBBB75FBC5314F1081FAE40D67280C7381E818E50
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: f4dd04b85583fab945b4c70269a50a500312e9b4f735aaf1b2f4673d1c0b9df2
                • Instruction ID: 002258847cac7cc5c0396e5cde8aa0ba8063bf28b2bd4b75348f9bba97cd477a
                • Opcode Fuzzy Hash: f4dd04b85583fab945b4c70269a50a500312e9b4f735aaf1b2f4673d1c0b9df2
                • Instruction Fuzzy Hash: 51217175E182689FEF24CA64DD54AEBBB75FBC5314F1081FAE40DA7280C7381E818E60
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 2b9ee5b93113c9ecd1c533ca0ff79ca34461b2feea62dc68b74a3e5aba595e76
                • Instruction ID: 48f3cc865a0984af165a92f16e2fd60287389934402a623581960ad95f799c97
                • Opcode Fuzzy Hash: 2b9ee5b93113c9ecd1c533ca0ff79ca34461b2feea62dc68b74a3e5aba595e76
                • Instruction Fuzzy Hash: BF2120B1D04929ABEB30CA15CC84BEB7BB5AB85305F1481FAD94D66241C63C5EC2CF84
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?), ref: 004201B8
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: cc13985adc761a46429428e5bd474307ea7958b409a345780647d696ba53012f
                • Instruction ID: 9671d37d4a75ce5aa1982cfdab36205b5de45d335f6f2501c1c3db36624401c9
                • Opcode Fuzzy Hash: cc13985adc761a46429428e5bd474307ea7958b409a345780647d696ba53012f
                • Instruction Fuzzy Hash: F831C2B1E0A2259BE724CA14DC94AFAB7B9EF84300F1041EAD40D63681D63D6FC1DE62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?), ref: 004201B8
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 37948ab762802ce7f557aa99ed7308f9b85f52108a0519ab78828b44e4f3cb4a
                • Instruction ID: 45216ff5e39a4ce5787e80d90b860c832f48a82df623d6b95750821e27953b44
                • Opcode Fuzzy Hash: 37948ab762802ce7f557aa99ed7308f9b85f52108a0519ab78828b44e4f3cb4a
                • Instruction Fuzzy Hash: 6921E7B1E0A1349BE7248A14DD54AFAB7B9EF80300F1481F6D40D63685D63D6FC6DE62
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 6d643d96f4e8432022d1308e396aced8aabc9cc9f7284635b128964820ef658d
                • Instruction ID: 3cc8ede69fe2f45060b56daf5c69da5546aaa454d50bc43abd812abceaf9202b
                • Opcode Fuzzy Hash: 6d643d96f4e8432022d1308e396aced8aabc9cc9f7284635b128964820ef658d
                • Instruction Fuzzy Hash: 7611BDF3D082566FE3209A24DC91BE77B28DF56310F1095BBE58EC2041D53C99C18B53
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007906CB
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: bc16e440c8a43cd813293962f44e32bb2fb2b21321650d273e94f524e1eafcce
                • Instruction ID: 088ad30a03d76802c3dd1bb101c31d20a925d9e036b40da3ef66bc8181f001ca
                • Opcode Fuzzy Hash: bc16e440c8a43cd813293962f44e32bb2fb2b21321650d273e94f524e1eafcce
                • Instruction Fuzzy Hash: 2B219275A18228DFEF24CA24DD94ABBB775FFC5314F1041FAE54D56280C7381E818E50
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 007A6093
                Memory Dump Source
                • Source File: 00000000.00000002.1655969725.0000000000790000.00000040.00000001.01000000.00000003.sdmp, Offset: 00790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_790000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 9ee1d9d3e21e9ebdd4bc5b49d3b426aee428698af9715a4c11122f147b3e7827
                • Instruction ID: 5fbe71f9b562c14f4b651b296a2d851ffabf6aeb7db5d3f58efc23f51546c1ba
                • Opcode Fuzzy Hash: 9ee1d9d3e21e9ebdd4bc5b49d3b426aee428698af9715a4c11122f147b3e7827
                • Instruction Fuzzy Hash: E3112CE3C00545AFF7244510EC59FFB732ADBD5311F08C1BAE90A9AA84D63C5AC58E62
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 95dd215d890fe885fa150a14f9c9722c30204adc5fcefd90c24751f7340a85c7
                • Instruction ID: 5536b51baad34215fd5c76938a89e049e4e95c9d0a4340a867dee740062a741e
                • Opcode Fuzzy Hash: 95dd215d890fe885fa150a14f9c9722c30204adc5fcefd90c24751f7340a85c7
                • Instruction Fuzzy Hash: 27116BF3E096557EE7204624EC5AFE77F2CDB96310F25A6BAE14E82001C63D49C1CB46
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 25e74c388fa7a7e88b2ecd8b6fcaabb371e689bd8cbe02c10dae0738072a69a2
                • Instruction ID: a87fb8c256cbfaf492003045d29e730c9a3264ecf22d51df8e91cf6fa4c01a75
                • Opcode Fuzzy Hash: 25e74c388fa7a7e88b2ecd8b6fcaabb371e689bd8cbe02c10dae0738072a69a2
                • Instruction Fuzzy Hash: 2B117270C082699FDB209B60DC94BEAB7B4FF45301F1005DED9499A141EB745ED5CF51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: bc82d6c4e5de0e4fda556e01048f724bd24922641a901bbfa2146e59aaa4c273
                • Instruction ID: 9ec71293e648626ecb06b5f6d8358b843d766d68b70a88a5e0b6db413746d7a3
                • Opcode Fuzzy Hash: bc82d6c4e5de0e4fda556e01048f724bd24922641a901bbfa2146e59aaa4c273
                • Instruction Fuzzy Hash: E61102B08082689FDB208B20CC94BEA7BB4FF45300F1004EEE9898A141EA785ED5CF52
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 9cdb46649e74b6b53f6801e46e80e1337b946775cee847cca3996799c167538f
                • Instruction ID: 57266d96aa99ce48471ab05f0c0f63b8d84fe28dac3fed63003291f55c0d2162
                • Opcode Fuzzy Hash: 9cdb46649e74b6b53f6801e46e80e1337b946775cee847cca3996799c167538f
                • Instruction Fuzzy Hash: 31112970C082585FD7348B20CC94BEA7BB4FF45301F1000DEE9898A141EA745ED5CF51
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?,00000000), ref: 0075056A
                Memory Dump Source
                • Source File: 00000000.00000002.1655851065.0000000000750000.00000040.00000001.01000000.00000003.sdmp, Offset: 00750000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_750000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: b1be6c4d46a960bcc2112b684d7c987132ba4a067c3d7d0b86ffbb358d3843f7
                • Instruction ID: fe97c7363b7159a6411f8d56bf93e2ce82b3f315435f36dfff5454c326b253fd
                • Opcode Fuzzy Hash: b1be6c4d46a960bcc2112b684d7c987132ba4a067c3d7d0b86ffbb358d3843f7
                • Instruction Fuzzy Hash: 081125B0C082689FDB308B20CC94BEA7BB4FF45300F1000EEE9898A141EA785ED5CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 42c93baf4070484f13d089ffc83ab4da4b35897c421f14b76e6d27722148d3e7
                • Instruction ID: 5fe10c216cf4a406662e61a95994e36344518a921cf7da17be4e8a4416b16a14
                • Opcode Fuzzy Hash: 42c93baf4070484f13d089ffc83ab4da4b35897c421f14b76e6d27722148d3e7
                • Instruction Fuzzy Hash: FE0197F38182566FE3209A24EC92BEB7B28DF12310F10D6BEE14DD2041C63C98C08B42
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d98b82a50202d422e1af75421f975d3c86a5aceabcc997772b742eb659ab353e
                • Instruction ID: ae0b5a06d765750e357403d60e05315a843ef829dc1cb2663708cddc86062fed
                • Opcode Fuzzy Hash: d98b82a50202d422e1af75421f975d3c86a5aceabcc997772b742eb659ab353e
                • Instruction Fuzzy Hash: 12C179B1E052688BDB24DB14CC94BEAB7B5FB89304F1441EAD94DA7640D778AEC1CF41
                APIs
                • ExitProcess.KERNEL32(00000000), ref: 00437BB7
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: bbdb90d4407b46d2c1b832b54fce1d66b7e83cd754db7be85bc30d66364d682a
                • Instruction ID: 99e904b4e45fc7381ced3f6e9169a336d433f8c69120edf2f3dfe36c29199b86
                • Opcode Fuzzy Hash: bbdb90d4407b46d2c1b832b54fce1d66b7e83cd754db7be85bc30d66364d682a
                • Instruction Fuzzy Hash: BDF028B2E095145AF3218625DC99FEB7F399FA4315F1040BAD8CE05181E5395EC28953
                APIs
                • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 004361CE
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ProtectVirtual
                • String ID:
                • API String ID: 544645111-0
                • Opcode ID: 2a11129f93112974b40c117dc6a5eed0e49cc2b5055afc2da0ac258e8b3d5c0e
                • Instruction ID: 6c65e6ad35efbc4107222c4597b6c7b02d5a308d8a5d8f977557f5c832672d48
                • Opcode Fuzzy Hash: 2a11129f93112974b40c117dc6a5eed0e49cc2b5055afc2da0ac258e8b3d5c0e
                • Instruction Fuzzy Hash: 3AE09BF1E04329ABD7209A519C85BA77768DF06310F11D2EAE14E51541DA389DD1CF45
                APIs
                • ExitProcess.KERNEL32(00000000), ref: 00437BB7
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 5cbc8bff280397d290591dc35fb931c4a52dc0fcdb094183cadf7f59c42a2a09
                • Instruction ID: b4d24c3e71b8a3f2ce30f3cd99ead40135bc4153975daa31cbcca6fc72cc340a
                • Opcode Fuzzy Hash: 5cbc8bff280397d290591dc35fb931c4a52dc0fcdb094183cadf7f59c42a2a09
                • Instruction Fuzzy Hash: 71B092F080916486FB209A24D80A78CB6786B04315F0440D2D88A6418192B41A868E53
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 81b9175138d064cbe8514ff69128a571d3c3537b2349093e1ff45c85aa333420
                • Instruction ID: 88bbc58f46e9594961a231a864012493d37141237c9bb713e1ce02110987d481
                • Opcode Fuzzy Hash: 81b9175138d064cbe8514ff69128a571d3c3537b2349093e1ff45c85aa333420
                • Instruction Fuzzy Hash: 3A91B1B1E002289BDB24DB14DC54BEAB775FF85310F6481E9E44EA6680E7399EC1CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 4d9eefcb1c121f6b349f5017002b301e71892c5be41a08f43bbc4ece59988358
                • Instruction ID: 6645da0ce26d3ec828cfecd020b23d731687af968562588a2728801fedefb5d4
                • Opcode Fuzzy Hash: 4d9eefcb1c121f6b349f5017002b301e71892c5be41a08f43bbc4ece59988358
                • Instruction Fuzzy Hash: 6F719EB1E012289AEB209B14DC54BEAB775EF85310F6481E9D44EA7240E7799EC2CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 0b1abdbac71ed57a34b8f49b90b3292d408a6bf6e740e50c9d844205e478291d
                • Instruction ID: 0932692355c5cee861d5766fa9698f759dd3eeff6490d4d258ec9929341fe752
                • Opcode Fuzzy Hash: 0b1abdbac71ed57a34b8f49b90b3292d408a6bf6e740e50c9d844205e478291d
                • Instruction Fuzzy Hash: 8151C0B1E012689BDB209B64CC54BEAB775FF85300F5481E9E44DA7281E7399EC2CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 1a3200bfdcbefc8b51f82879edfaab495cc5f605efb2dbb851726f0f8959a707
                • Instruction ID: 2fc0505a88e59deb3183f52c164a7c3ba29e7c8d83fe5b28cf710cd01be66aba
                • Opcode Fuzzy Hash: 1a3200bfdcbefc8b51f82879edfaab495cc5f605efb2dbb851726f0f8959a707
                • Instruction Fuzzy Hash: 7051B0B0E002689BDB209F64CC54BEAB774FF89700F5481E9E44DA6240E7399EC2CF42
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 0925f77a6da70ae3da8bd181c94ca3fe72a159606b045054065648ea56ce8a90
                • Instruction ID: 2dfc7dc29483b80391f58e6b8e1f9a60dd18ab27194ad75d8a704dfffee87c4a
                • Opcode Fuzzy Hash: 0925f77a6da70ae3da8bd181c94ca3fe72a159606b045054065648ea56ce8a90
                • Instruction Fuzzy Hash: D851BDB1E002289ADB209F24CC54BEAB774FF89700F5481E9E44DA6240E7399EC2CF52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: f6b89791b1e15ff5d9db1e54540f8bad7b52b12140d8cb73cf40e5364af87102
                • Instruction ID: 619de2ad2842bf67e86be81ad8208f156673dc3e84e132ff1e22d003ab5dff92
                • Opcode Fuzzy Hash: f6b89791b1e15ff5d9db1e54540f8bad7b52b12140d8cb73cf40e5364af87102
                • Instruction Fuzzy Hash: E351C3B2F017249BEB209A24DC44BEA7BB8FB45310F5440F9E44DA6640D7799EC1CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 97320e44d2cdbcc5f58ae3a63f497a3d5b3d55806fa68093d8190bfb91d4e0f7
                • Instruction ID: b82870f320400fde16790052eb1677ac0189ba8014f6b55925daf6df2842b3c0
                • Opcode Fuzzy Hash: 97320e44d2cdbcc5f58ae3a63f497a3d5b3d55806fa68093d8190bfb91d4e0f7
                • Instruction Fuzzy Hash: 0E419EB1E013289BEB209A24CC84BEA7BB4FB49710F5440E9E44DA6680D7799EC1CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 441e4a7bebd09ff1cdc8ab623c669177aec614b71a8f88893249150e4077e423
                • Instruction ID: 4d8389e477096b0c0db5a1921425b056df11c9706f767ef0d1dac353a07f11b6
                • Opcode Fuzzy Hash: 441e4a7bebd09ff1cdc8ab623c669177aec614b71a8f88893249150e4077e423
                • Instruction Fuzzy Hash: F241CD70F156A88BDB24DB64CC94BAE77B5BF85301F2841EDE409A7681D738AAC1CF01
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: aef7b698cdee24740f46e4733f1751d036a78a6b8cdd3bd90d0d8a72f46668e2
                • Instruction ID: cc5a5c0ae4ddf00befdbb759fb74890ee1dd6ee7ad4d0ed8df746f7fb408fea3
                • Opcode Fuzzy Hash: aef7b698cdee24740f46e4733f1751d036a78a6b8cdd3bd90d0d8a72f46668e2
                • Instruction Fuzzy Hash: 7F41A1B1E013289FEB209E24DC84BEA7B74FB49310F5440E9E44DA6680D779AEC1CF52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 648545379ed0f1f849cc57c346b0963ec341509c6abb5432bbd95b6ab03da2e0
                • Instruction ID: 235a66c9c274d051459556325c1785dadeaea0c0cee448c100f533049bff8237
                • Opcode Fuzzy Hash: 648545379ed0f1f849cc57c346b0963ec341509c6abb5432bbd95b6ab03da2e0
                • Instruction Fuzzy Hash: 4C31B6A2E053749FFB605A60CC49BAB7B78FB41310F1485F9E50DA6580CA7D9EC18F52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: b872f80706f6457f1f1e7af29127957bb8f070d874272688760c44bfa99c5d42
                • Instruction ID: 2475de9e0f6b98f71a348776a8bcd61fb1e41a0096fccc879c16a7dc0929241e
                • Opcode Fuzzy Hash: b872f80706f6457f1f1e7af29127957bb8f070d874272688760c44bfa99c5d42
                • Instruction Fuzzy Hash: 2531E9A2E05264EFF7605A60CC49BAB7B78FB41320F1085B9E50DA6580C77D9EC08F52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 85bb247874ef7f02b70f0ca4a876b7aa756b770141e350b27b24caef7533848d
                • Instruction ID: 984925514939fd2eac24dd6c02176424087509e7382f1fb2ee421ef25db63559
                • Opcode Fuzzy Hash: 85bb247874ef7f02b70f0ca4a876b7aa756b770141e350b27b24caef7533848d
                • Instruction Fuzzy Hash: EC31A0B1F013689BDB319B60CC44BAA7B74BF4A710F5440E9E44DA6240D7799EC1CF52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: fef0fbcd7a3e1340b87cae4410dd82bc07972f2bef6726015c260b5ab0d54209
                • Instruction ID: cd30d48e7f9f3db5536bf351494663a0b418fa7612ea9e15b2f74db99430ddf5
                • Opcode Fuzzy Hash: fef0fbcd7a3e1340b87cae4410dd82bc07972f2bef6726015c260b5ab0d54209
                • Instruction Fuzzy Hash: AF21EA72E053749BEB706A60CC49BAB7B74FB45310F1085F9E50DA6180C67C9EC18F52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: c8ff0523d8b038c7ba6977a299b258ec78e05f0c6ead94dec9e3788d957a9e2a
                • Instruction ID: 2c51021321b1fe9c7b5de0338bb4266ed42250d9905d62b8a65027c3941cbebe
                • Opcode Fuzzy Hash: c8ff0523d8b038c7ba6977a299b258ec78e05f0c6ead94dec9e3788d957a9e2a
                • Instruction Fuzzy Hash: E021E7A2E052649BEB606A60CC49BAB7B78FB45310F1085F9E50DA6180CB7C9EC18F52
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 9cae5113acdeb109d791446b709f4876876f6535aecbbd542b9d24482030d08c
                • Instruction ID: baf7d6b04d07e42006ec1f20669eada6fc7959e9d406d204f98bf1686290beb8
                • Opcode Fuzzy Hash: 9cae5113acdeb109d791446b709f4876876f6535aecbbd542b9d24482030d08c
                • Instruction Fuzzy Hash: 0E216DB5B012589FEB64DB60CC95BAEB7B5BF85300F2481D9E449A7680C7789EC1CF11
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 7b1601389a92a27b050bb48bd2393205c576265dbd07c15091d0f0da73f91c7f
                • Instruction ID: 1cbabdc7598e3008c264ab3e80aac19a7b084144a072689e1219738eb471181c
                • Opcode Fuzzy Hash: 7b1601389a92a27b050bb48bd2393205c576265dbd07c15091d0f0da73f91c7f
                • Instruction Fuzzy Hash: 05218D71F012689BEB249B61CC58BAA7BB5BB85311F5481D9E04DA7280D7789AC1CF01
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 587d0e872766ac1c7dfe180a9ad2b0ab2af09c4c97915807a39e8f4c0b2617a2
                • Instruction ID: 7276f170164bc5dc42fc9ac2ecbe61cafe82a82f689aac914cb6d24b939e5966
                • Opcode Fuzzy Hash: 587d0e872766ac1c7dfe180a9ad2b0ab2af09c4c97915807a39e8f4c0b2617a2
                • Instruction Fuzzy Hash: A7216D75F023689BEB609B60DC88B9A7B74BF49710F1441E9E44DA6280D7789EC0CF51
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: ff140497cad864ac5820ae1a1052148fdde1c01e4a06244e19cdb2d370ffe35d
                • Instruction ID: b41bc08c2369b32424c03f9f9dd115fbdfc69591f87a271759e5c7e08036e259
                • Opcode Fuzzy Hash: ff140497cad864ac5820ae1a1052148fdde1c01e4a06244e19cdb2d370ffe35d
                • Instruction Fuzzy Hash: 5111E771F01354ABEB609B60CC49BAA7778FB85711F1081E9E54DA6280DA789EC18F11
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 73677266912bed33cec91d8f722307a17b2618802c8c1814beb24076b01b14b6
                • Instruction ID: 1d7dd790af9ae25551127c459e71bb214f133b437bec9cc690d487355ef668c7
                • Opcode Fuzzy Hash: 73677266912bed33cec91d8f722307a17b2618802c8c1814beb24076b01b14b6
                • Instruction Fuzzy Hash: 92119875B01364DBDB709B60CC49B9A7778FB85710F1444EDE54DA6280D7789EC08F51
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: af4d10150298fbd7cade4d3fcc808cc664dd86ad2de384bedcbf567147faac37
                • Instruction ID: e9947c38542fdc0fcaff1bd74a8745e248486ec53b261e87251e9ef425fb17aa
                • Opcode Fuzzy Hash: af4d10150298fbd7cade4d3fcc808cc664dd86ad2de384bedcbf567147faac37
                • Instruction Fuzzy Hash: C8115E75B023649BEB619F708C49B6A7774BF45710F1481D9E149B6280DB749EC08F11
                APIs
                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 007419B4
                Memory Dump Source
                • Source File: 00000000.00000002.1655533962.000000000073B000.00000040.00000001.01000000.00000003.sdmp, Offset: 0073B000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73b000_an_api.jbxd
                Similarity
                • API ID: FreeVirtual
                • String ID:
                • API String ID: 1263568516-0
                • Opcode ID: 39db208bd6bd02f5e992d123cda50fda0d60b9b28162078fca57276da439f46a
                • Instruction ID: 21c98912029fd0c6aee7d13a71e502cdc865b7122b65b25765b7f014a7037dbb
                • Opcode Fuzzy Hash: 39db208bd6bd02f5e992d123cda50fda0d60b9b28162078fca57276da439f46a
                • Instruction Fuzzy Hash: 50116175B01354DBEB60AF60CC49B6A7774BB85710F1485D8E04DA6280DBB8DEC18F01
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GI4<$L$L$L$L$P$Q$W$W$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
                • API String ID: 0-1574106720
                • Opcode ID: 4819f6461652e69d8136e211b1e0f20dfc6bb49b754162460943383fd4545b60
                • Instruction ID: 16c51922a6d1ab23c271106ea1ea81363e1878e191bf9cdb27cb861539186743
                • Opcode Fuzzy Hash: 4819f6461652e69d8136e211b1e0f20dfc6bb49b754162460943383fd4545b60
                • Instruction Fuzzy Hash: B022D1B1D082A88AE7249B24DC58BEABB75EF90300F1480F9D54D67281D7BD4FC5CB62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GI4<$L$L$L$L$P$Q$W$W$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
                • API String ID: 0-1574106720
                • Opcode ID: 838f9b6b9db24443cc8c3d75dd4a7c917cf91804ebd97c5ca0ea32c66d3f3b68
                • Instruction ID: 0d8aa64c09609efe559cbf99c35d64009e7cd0fd3eed5e575fea9c2f48295eb0
                • Opcode Fuzzy Hash: 838f9b6b9db24443cc8c3d75dd4a7c917cf91804ebd97c5ca0ea32c66d3f3b68
                • Instruction Fuzzy Hash: 4912D0B1D082A88AEB249B24DC58BEABB75EF51300F1440F9D54DA7281D7BD4FC5CB62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GI4<$L$L$L$L$P$W$W$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
                • API String ID: 0-1043747905
                • Opcode ID: 2499d40a214e458c02ccd860819a9cb7e13971148586f6ae822a96b9db136e25
                • Instruction ID: 0035d4919ebe316b49e2a32457dfe1006356b3f608e98f92c851c28a62dafbe7
                • Opcode Fuzzy Hash: 2499d40a214e458c02ccd860819a9cb7e13971148586f6ae822a96b9db136e25
                • Instruction Fuzzy Hash: EA62D0B1D082A89AEB24DB24DC98BEABB75EF45300F1040EAD44DA7281D7795FC5CF51
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GI4<$L$L$L$L$P$W$W$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
                • API String ID: 0-1043747905
                • Opcode ID: 266954a3e2accfdd4b6a7941801b51c83b09180020631cd32568fee549ec5609
                • Instruction ID: 66c7a79897db58b7a12ae4a746521455f2a31236dabafccf7e4a30f490a05003
                • Opcode Fuzzy Hash: 266954a3e2accfdd4b6a7941801b51c83b09180020631cd32568fee549ec5609
                • Instruction Fuzzy Hash: 9012E2A1D082A88AEB249B24DC58BEABB75EF51300F1440F9D54DA7281D7BD4FC5CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: D$E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-135341007
                • Opcode ID: d3b8882e80d641c566cfbb0e8f16a8c4114816c82183173e239c10d838d5ad63
                • Instruction ID: ed7ece5de607a9b13befe89c7317d60eaad4fee2447d6b99966710e3ff36ae37
                • Opcode Fuzzy Hash: d3b8882e80d641c566cfbb0e8f16a8c4114816c82183173e239c10d838d5ad63
                • Instruction Fuzzy Hash: 6422DF71D082A88AEB248A28CC58BEA7BB5EF51304F1440F9D54DA7281D7BE5FC5CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GI4<$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-3162309216
                • Opcode ID: 6426bacbaf6c9af287df4e56af580889ee39eb91d49e75e3259d4a32fe8ebf5b
                • Instruction ID: b092de671bdc1b57ba49222297d6b0a694199c4de1fc2a4cd1611cbcfaefdb6f
                • Opcode Fuzzy Hash: 6426bacbaf6c9af287df4e56af580889ee39eb91d49e75e3259d4a32fe8ebf5b
                • Instruction Fuzzy Hash: 5F0203B2D082A88AE7249A24DC58BEABB75EF50310F1440FAD54DA7281D7BD4FC5CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GI4<$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-3162309216
                • Opcode ID: d2f81c751735284bc6a0500bf0aed8e2a5977d6cb2f1720155da4cea9d565bc0
                • Instruction ID: fa2cffacc37f9b606df185b6c0807225ce9484181724cc4fc2ea360fdf8a0d8b
                • Opcode Fuzzy Hash: d2f81c751735284bc6a0500bf0aed8e2a5977d6cb2f1720155da4cea9d565bc0
                • Instruction Fuzzy Hash: 83E1F2B1D082A88AEB249B24DC587EABB75EF41310F1440FAD54D67281E7BD4FC5CB62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$ZW$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-2067304671
                • Opcode ID: 6884dc09f6807419133ca125fe337769de98ea77ab4d4ff6a915d334f191ad04
                • Instruction ID: 1a62dafd52f08700fd96b3d3a82f1296e47a53c716c1d27dd4c31ff3663bf475
                • Opcode Fuzzy Hash: 6884dc09f6807419133ca125fe337769de98ea77ab4d4ff6a915d334f191ad04
                • Instruction Fuzzy Hash: D1D1F2B1D086A88AEB208B24DC547EABBB5FF55300F1480FAD44D67281D77A1EC5CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$ZW$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-2067304671
                • Opcode ID: bca731d557083ac2d838db67da0c275d938bd3c941c2500fc51bd391487bc4f2
                • Instruction ID: 312ba07da9647d979e4b96f47b40c8179140f13b07d6ee7fb18778010b5d2f3f
                • Opcode Fuzzy Hash: bca731d557083ac2d838db67da0c275d938bd3c941c2500fc51bd391487bc4f2
                • Instruction Fuzzy Hash: DAD1D4B1D08668CAE720CA24EC447EA7BB5EF91304F1480FAD44D66681D67E0FC5CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$ZW$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-2067304671
                • Opcode ID: c91b30166e010125e2550344fbd474346124e2c02b1059b0c6d1e210be5c41d0
                • Instruction ID: 399b9e6f64d8f7249ba1407fbd80b444c8719853eb1ea75e381ec485fb907e84
                • Opcode Fuzzy Hash: c91b30166e010125e2550344fbd474346124e2c02b1059b0c6d1e210be5c41d0
                • Instruction Fuzzy Hash: 10D1D3B1E08668CAE720CA24EC447EA7BB5EF95304F1480FAD44D56281D67E1FC5CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$ZW$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-2067304671
                • Opcode ID: 40c6dc6acf07bca7c8174b6a7a669edb2fe1649cc0fe414cfe0b64edd132f5ad
                • Instruction ID: 457ba576cb818cd03b5a18fcb270c97991678a77ab083acc269a765419bd989c
                • Opcode Fuzzy Hash: 40c6dc6acf07bca7c8174b6a7a669edb2fe1649cc0fe414cfe0b64edd132f5ad
                • Instruction Fuzzy Hash: 0CC1C3B1E08668CAE720CA24EC447EA7BB5EF91304F1480FAD44D66681D67E1FC5CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$ZW$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-2067304671
                • Opcode ID: d0bc87a06825b68966a15600f72d9094f785653f55d68025b0e8b719de5755a2
                • Instruction ID: 31622d7732b8c28b5b5aadc4b497fd75813791d80474b5a8510f6b916e81ed1c
                • Opcode Fuzzy Hash: d0bc87a06825b68966a15600f72d9094f785653f55d68025b0e8b719de5755a2
                • Instruction Fuzzy Hash: F2C1C271D086A8CAEB208B24DC547EABBB5EF55304F0480FAD48D66281D77E1EC5CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: 9a464d1d44b70f7d47821e83393f9b7598e8252890378e76db8e81f04c4fca22
                • Instruction ID: 235ff28340f3aaea9d46d075871ee25bcc97a262a55d55abe4c1e055747e230e
                • Opcode Fuzzy Hash: 9a464d1d44b70f7d47821e83393f9b7598e8252890378e76db8e81f04c4fca22
                • Instruction Fuzzy Hash: 5E32ADB1D046A88BEB249B24CC94BEABBB5EF54304F1480EAD84D67281D7795FC1CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: 1de8418cc756fd7f90441e97517f237176fad07a9d7e2a91b2cc54c41d96eb6f
                • Instruction ID: b3b72635985119a0dfe2a11eace50938fcf60c106b800881e5afc48731af08f0
                • Opcode Fuzzy Hash: 1de8418cc756fd7f90441e97517f237176fad07a9d7e2a91b2cc54c41d96eb6f
                • Instruction Fuzzy Hash: A022D1B1E086A88AEB20CB24DC54BEABB75EF95304F1480F9D44DA7241D6B95FC1CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: 1dd9f53bde0901b270478d3c8e74899919b5f03b8fcc3f6c7ebb664cbc814dfc
                • Instruction ID: b5c7fb0f71666e73fa0cb22bafc2b9ad50f08a63a9983cc2fd85aa4f0e0cb3dd
                • Opcode Fuzzy Hash: 1dd9f53bde0901b270478d3c8e74899919b5f03b8fcc3f6c7ebb664cbc814dfc
                • Instruction Fuzzy Hash: 590223B1D082A89AEB248B24DC58BEA7B75EF51300F0480F9D54D67281D6BD5FC58F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: f79649a4a656f4cef3cb1d33814fa44f00ef7b01f062ecb3e173650cb600a2f2
                • Instruction ID: 68ad9ca7a6d86f953574bcf2edad5d4cb86463333d05f4a5be7c675f8bc30dd0
                • Opcode Fuzzy Hash: f79649a4a656f4cef3cb1d33814fa44f00ef7b01f062ecb3e173650cb600a2f2
                • Instruction Fuzzy Hash: B412BE71D085A88AEB24DA28DC58BEABB75EF84304F1441FAC84DA7281D77D5EC1CF51
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: cffe2869df89a3926286d785de849b0e339101d0f1aae96676cdfd2a45119da7
                • Instruction ID: 81249e479190f373a63894bbe781352ad6fa508cb079d716cb1fe2a47003a4de
                • Opcode Fuzzy Hash: cffe2869df89a3926286d785de849b0e339101d0f1aae96676cdfd2a45119da7
                • Instruction Fuzzy Hash: 88F1D1B1D086A88AE7249B24DC58BEABB75EF50300F1440FAD94D67282D7BD4FC58F52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: 04bd3582d22deb2285ba8a03ee4b9350b7919bd7ecd6c8fc16e17e84ac113bff
                • Instruction ID: 50b7b02db3fe6f0264690a5f555850647b16452a4276ae9a0a8aaa3204ca9947
                • Opcode Fuzzy Hash: 04bd3582d22deb2285ba8a03ee4b9350b7919bd7ecd6c8fc16e17e84ac113bff
                • Instruction Fuzzy Hash: A5F1F271D092A8CAEB248B24CC58BEABB75EF55304F1440F9D54C67282D6BD4EC5CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                • API String ID: 0-215400123
                • Opcode ID: a77b28ff3bb7093f9a1545223ce865cd9b77b413758781b67133b2b1bb0f4218
                • Instruction ID: 952cccd9c8750612ee1c6d63ed7c2d94f586c0d26cfd23f737ea4d02c8928170
                • Opcode Fuzzy Hash: a77b28ff3bb7093f9a1545223ce865cd9b77b413758781b67133b2b1bb0f4218
                • Instruction Fuzzy Hash: B6E1E0B1D086A88AEB248B24CC587EABB75EF51300F0480FAD54D67281D6BD5FC5CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: C$R$T$a$a$d$e$e$e$e$e$h$m$o$r$r$t$t
                • API String ID: 0-3634710157
                • Opcode ID: f02f132d57666e3574437993b449ef24b14a2c8cfb12e0383a42ab908d2986fb
                • Instruction ID: d99a33adc260bbd50e1592124759554d38fba80d23649436d300d72fa69c4560
                • Opcode Fuzzy Hash: f02f132d57666e3574437993b449ef24b14a2c8cfb12e0383a42ab908d2986fb
                • Instruction Fuzzy Hash: 3632B605A2866887DB68DF799C1968BB3B3EF59300F00D4FD840DE7264F7754A898B1E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: F$G$M$N$W$a$d$e$e$e$e$i$l$l$m$o$t$u
                • API String ID: 0-1985676396
                • Opcode ID: 2bc544473ca75e4220944434ce9b602564096081830bb9589744e3eeea8952f2
                • Instruction ID: c4ce32d0a7f91e719faed16611b7fa1062fd540897177c526a836d255dfc9189
                • Opcode Fuzzy Hash: 2bc544473ca75e4220944434ce9b602564096081830bb9589744e3eeea8952f2
                • Instruction Fuzzy Hash: 2FA1F621F2866887DB38C7398C092DAA6B2AF55300F04D4FD940DE7661EB754BC88F1B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$GO4;$P$S$ZW$c$e$i$o$r$s$s$t$x
                • API String ID: 0-997999129
                • Opcode ID: 7442e1ee39597f0a7d528289398039c508dcb03cfd256f66ead235634299ae24
                • Instruction ID: fa1b923000bc958da1a5f473ac806438125c2c20aba1c7e81f80ecf14b67d058
                • Opcode Fuzzy Hash: 7442e1ee39597f0a7d528289398039c508dcb03cfd256f66ead235634299ae24
                • Instruction Fuzzy Hash: ACA1C5B1D042688FE7208B24DC947EABBB5FF55304F1481EAD84897281E7785EC6CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 7;88$E$P$ZW$c$e$i$o$r$s$s$t$t9]$x
                • API String ID: 0-2649472270
                • Opcode ID: 2a9125c8a67d881afb7513199dcad762469df424c863960bb55e8a5d32c78142
                • Instruction ID: a79ecf8f6e2fce775134e13fb1e3a8bbceb59c23c72f57ec1cfd22f84db61a25
                • Opcode Fuzzy Hash: 2a9125c8a67d881afb7513199dcad762469df424c863960bb55e8a5d32c78142
                • Instruction Fuzzy Hash: 175126B0D092B48EEB208A15EC543FE7BB4BB51304F1481FFD84926281DA7D1AC68F66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: 7;88$E$P$ZW$c$e$i$o$r$s$s$t$t9]$x
                • API String ID: 0-2649472270
                • Opcode ID: b649a8c5490ec10d4641fb4aabc8a5504f61e675b2cbbc1271b139d025eb7101
                • Instruction ID: 823eb72bed04e99cbc6077fdd000a94a068aef3575460ec882576e58ddbc0ee0
                • Opcode Fuzzy Hash: b649a8c5490ec10d4641fb4aabc8a5504f61e675b2cbbc1271b139d025eb7101
                • Instruction Fuzzy Hash: B65116B0D092B58EEB208A15EC543EE7BB1BB51304F1481FFD44866281DA7D1AC58F66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: BHGN$L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-2036050423
                • Opcode ID: 2115da52119918d95fe9d719cc802a47d05ab6871b6eb6661b50906555f00461
                • Instruction ID: 761a15f2acc9a814dff3f1a28c27c1123f75687f86b548b1cbe02924999ee42e
                • Opcode Fuzzy Hash: 2115da52119918d95fe9d719cc802a47d05ab6871b6eb6661b50906555f00461
                • Instruction Fuzzy Hash: C5A122B1D046A89AFB208A24DC48BEA7B75EF91300F1441FAD84D97680D27D5FD6CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$P$S$ZW$c$e$i$o$r$s$s$t$x
                • API String ID: 0-2363549787
                • Opcode ID: 50e9a459ceb6b323e7b48693e69c493b962a65748f4484499f1d60290d782b62
                • Instruction ID: 5e7365f62837b5ec9b0d291fd2f837ed53bfcde56a44b92802375997cf332f8c
                • Opcode Fuzzy Hash: 50e9a459ceb6b323e7b48693e69c493b962a65748f4484499f1d60290d782b62
                • Instruction Fuzzy Hash: AE91E7B1D042688EEB208B24DC547EABBB4FF55304F1481EAD44C56382E7785EC6CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: acdc7ac307c9ea54544fa48383aa6a24a5d86a6ca8ea1fde402e9fbf717f2d67
                • Instruction ID: 91b0546b3767bd177bf691341a27b03fa266a6ce9096ac2e5551111cce0de359
                • Opcode Fuzzy Hash: acdc7ac307c9ea54544fa48383aa6a24a5d86a6ca8ea1fde402e9fbf717f2d67
                • Instruction Fuzzy Hash: 4802CDB1D042698BEB308B14DC84BEABB76EB88314F1481FAD84D27380D6795EC6CF55
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 47277a1450e8044b4040204d7922c67fc22a99caddca3b025ee3a5063deccda1
                • Instruction ID: 77e87f1897255ddc7dadaa31d0cf81be330dd2c624b1e61363c97a296ece8459
                • Opcode Fuzzy Hash: 47277a1450e8044b4040204d7922c67fc22a99caddca3b025ee3a5063deccda1
                • Instruction Fuzzy Hash: E8F1D0B1D042688AF724CA24CD80BEABBB1FF94314F1480FAD44D67680DA795FC68F65
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$P$ZW$c$e$i$o$r$s$s$t$x
                • API String ID: 0-2480995554
                • Opcode ID: dd5673eafceec4786a9d3f2e1e0f358f53a6eb95bdbe1da15b537efe7c7b5f7d
                • Instruction ID: 62d729b076ce35f3d21b64497a916669a95496a4a5be780719425f1f297876e1
                • Opcode Fuzzy Hash: dd5673eafceec4786a9d3f2e1e0f358f53a6eb95bdbe1da15b537efe7c7b5f7d
                • Instruction Fuzzy Hash: 28E1D0B1E051288FEB24CA14CCA4BEAB7B1EB84314F1092EAD44D67681D7785FC6CF56
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 574dd7b83512b242ee4f78a1350dbf550a8a83974eaff7099a61805afc8e0465
                • Instruction ID: 956853df53113352f344bf9932db612518d3be6bacfd7bae73c70adc2b6bb0aa
                • Opcode Fuzzy Hash: 574dd7b83512b242ee4f78a1350dbf550a8a83974eaff7099a61805afc8e0465
                • Instruction Fuzzy Hash: 65C10EB1D446A88AEB209B24DC48BEAB775EF50304F1440EAD84DA7680D27C5FD5CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 2265297403b7a21f89c59f31ff24d1e6dff9b70e39861881156f2c9f04e69c3e
                • Instruction ID: d40749676aec672c65378894e557880502d744d3943aa4cf90f25300bf9dfd71
                • Opcode Fuzzy Hash: 2265297403b7a21f89c59f31ff24d1e6dff9b70e39861881156f2c9f04e69c3e
                • Instruction Fuzzy Hash: D1C110B1D056A88EEB208A24DC48BEABB75EF55304F0440FAD84DA7A80D27D5FD5CF52
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: d36f9a07d92ae84150104e30c016e023dea8309e82dca0b5a86342c7a0e0541f
                • Instruction ID: 422e0aac25de425ca1dbaec1a4d6c37f6f8ce805ee006e5bad4a0c8650b3c46c
                • Opcode Fuzzy Hash: d36f9a07d92ae84150104e30c016e023dea8309e82dca0b5a86342c7a0e0541f
                • Instruction Fuzzy Hash: 32C1E3A1E142A88AF7208B24DC54BEA7B75EF50300F5480FED44DA7281D77D5ECACB66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: f2cb30a31b19762b384d10034e618d3478997d73e684a16cb82bfdc58643556d
                • Instruction ID: f7461310f1a785a953084082ed59c155da9a641f7b834ff86ae80a315ed5935d
                • Opcode Fuzzy Hash: f2cb30a31b19762b384d10034e618d3478997d73e684a16cb82bfdc58643556d
                • Instruction Fuzzy Hash: 75B154B1D0416A9AE7208B20CC44BFAB775EF95304F1490FAD84D9B281E63D5FC6CB66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 4c3645447d78d400222ae8e7d1813cad547fd90de5c85c6c24efcac0a1e0da6b
                • Instruction ID: 25ee816420852da5dfd73641dcb4b8dbf7f54389f61ac2ef3b5f9fbedf58660e
                • Opcode Fuzzy Hash: 4c3645447d78d400222ae8e7d1813cad547fd90de5c85c6c24efcac0a1e0da6b
                • Instruction Fuzzy Hash: 8AB1BEB1D046698AEB208B24DC887FABA75EF51304F1480FAD44D97281D3B95FC1CF62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$P$ZW$c$e$i$o$r$s$s$t$x
                • API String ID: 0-2480995554
                • Opcode ID: 478ed3d3704e8c64af3f2b1106ebbbffd393a4a276bc4511822b1292b0d829b2
                • Instruction ID: 4f79d3aea6fbefb617f506bc899f28b06ec3658c0fc1c5c2295baec394cd660f
                • Opcode Fuzzy Hash: 478ed3d3704e8c64af3f2b1106ebbbffd393a4a276bc4511822b1292b0d829b2
                • Instruction Fuzzy Hash: 989123B2D046688EE7208B24DC847EBBBB4EF55314F1481FAD84C66281D67D1EC5CFA6
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: E$P$ZW$c$e$i$o$r$s$s$t$x
                • API String ID: 0-2480995554
                • Opcode ID: 64efb5ad26f63117741f59cc55abb7bdc56387d852c01cda2c74319b135846f2
                • Instruction ID: 77eb7800781590f5405df9a4f764b9fa11cd58527ad6d6829ac290263fcaa522
                • Opcode Fuzzy Hash: 64efb5ad26f63117741f59cc55abb7bdc56387d852c01cda2c74319b135846f2
                • Instruction Fuzzy Hash: A08137B1D046688AEB208B24DC843EA7BB4FF55314F1481FAD88C66281D67D1EC5CF66
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 93b83d0b3c314c1b59c5655aeddbe00400ba21654ee07bd31f629166b44aad48
                • Instruction ID: a5d0c1caf1c3ae445b2811989ac6f6d25b05efed1cec3d7ccc2dfbdf51f1652b
                • Opcode Fuzzy Hash: 93b83d0b3c314c1b59c5655aeddbe00400ba21654ee07bd31f629166b44aad48
                • Instruction Fuzzy Hash: 8F7101B1D046A4DEF7208A14DC48BEABB79EB41314F1441FAD84D96280C37D9FD58F62
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                • API String ID: 0-4069139063
                • Opcode ID: 3032e427d8a566b3088da659f23c7c627e91a62785a5d4ab4ecdb67e293094a6
                • Instruction ID: 9ffd6caa521c18d701f8b8be85c2100a88481ffcdb919318203772b8ea21ba01
                • Opcode Fuzzy Hash: 3032e427d8a566b3088da659f23c7c627e91a62785a5d4ab4ecdb67e293094a6
                • Instruction Fuzzy Hash: C551C471D042948AF721CA24DD44BEABBB1FF95304F1490FAD44C67281DA7A4FC58F6A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: bu
                • API String ID: 0-348810805
                • Opcode ID: 09a452841d8de8229ec3f5f936c7df0f91fe662c2023ce46431a16a20c7f0779
                • Instruction ID: 0643500985b96cf078d413622d8d1a1588d874e7e2532311fe09c0cadbc4ec3c
                • Opcode Fuzzy Hash: 09a452841d8de8229ec3f5f936c7df0f91fe662c2023ce46431a16a20c7f0779
                • Instruction Fuzzy Hash: A251CFB1D05568CEDB209F25DC54AEAB7B5FF84302F0081FAD8499A291E7784EC5CF91
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID: [V
                • API String ID: 0-2440606292
                • Opcode ID: 43234e6210eb6166af8e5fcc313c6445bba65e9379824733164c4af9acf06da5
                • Instruction ID: 3c800d1d5f93234681dcadff89ccf5ab290fdd9a3f4c157e6b3e55f05c0dfe4c
                • Opcode Fuzzy Hash: 43234e6210eb6166af8e5fcc313c6445bba65e9379824733164c4af9acf06da5
                • Instruction Fuzzy Hash: 615126B2E055649FF7208A14DD54AEBB778EF91311F0141FADC0D9A280E67C6F89CE52
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bfef79fdb7f0b1660e5492192788d69bed315c045ecb653a97f18ab22ad6cdc
                • Instruction ID: 0aa08ccaba76c2ffad8b535ce4fea770af83d079b7e3c86346d6e5655675e6c9
                • Opcode Fuzzy Hash: 3bfef79fdb7f0b1660e5492192788d69bed315c045ecb653a97f18ab22ad6cdc
                • Instruction Fuzzy Hash: D8529F15B2466887DB68DF799C1919BB3B3EF59300F04E4FD940DE7660FB704A898B0A
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a0eea5730b1c6d7bb48467558cad0cf1940cf7be63e649df90948ade84a3a3
                • Instruction ID: d3390f52a845b690f4090e657204fd5562748f2e96744a6e7d201a12437c4ca4
                • Opcode Fuzzy Hash: 52a0eea5730b1c6d7bb48467558cad0cf1940cf7be63e649df90948ade84a3a3
                • Instruction Fuzzy Hash: 46E17BB1D451288BDB24DB14DC94AFAB7B5FB84305F1881EAE90DA6281E7389FC1CF51
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d7deca6af15faaefb9c167bc9f17433cc15ed6cb2e8a98425909fec9d868600
                • Instruction ID: 950e8fe46e4108d843321a4c9863ce570ed261dc5867d618b18934238a557f56
                • Opcode Fuzzy Hash: 5d7deca6af15faaefb9c167bc9f17433cc15ed6cb2e8a98425909fec9d868600
                • Instruction Fuzzy Hash: 0CE19EB1D416299BEB24CA15CC94BEABBB5FB94314F2481EAD80D67280D7385FC1CF51
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 017de79c50e4f9869a395d26d0c128002169253663fb73911d598c8bfa7a7c9a
                • Instruction ID: 504570d9f7fbf7a4d27284554131836562fcbd7692f7af2f210313c2ffdb1edf
                • Opcode Fuzzy Hash: 017de79c50e4f9869a395d26d0c128002169253663fb73911d598c8bfa7a7c9a
                • Instruction Fuzzy Hash: 19D19CB1D446288BEB24CA14CC94BFAB7B5EB84319F1881EAE90967241DB3C5FC5CF51
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d920cb8f595bdf2eb9a65510c45255db57ef9c8c060ae958af6c45ee3677ab0
                • Instruction ID: 5c6dcb6f0d9a400769f77577a94bb04c6702ea2155851bc8eecbbc1bc932ad46
                • Opcode Fuzzy Hash: 9d920cb8f595bdf2eb9a65510c45255db57ef9c8c060ae958af6c45ee3677ab0
                • Instruction Fuzzy Hash: F4C1D1B2D44A249AEB249A15DC44BFBB7B9FB81310F1441FAD80DA6680E63C5FC5CF52
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd8e652157426dd3891672b78a113fcfc02cc62c19e5678e3b63d7c956161869
                • Instruction ID: aa169dec9bde2e04d17efb182a846fe593a998075465b9a03173d75b7e41a059
                • Opcode Fuzzy Hash: cd8e652157426dd3891672b78a113fcfc02cc62c19e5678e3b63d7c956161869
                • Instruction Fuzzy Hash: B291ADB1D042688BEB24CF14CC90AEAB775FB84314F1441EAD90DA6680EA785FC5CF56
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 728a3e32f576f8463837dd590b9c2d164845d88392fc38b82005345d75422493
                • Instruction ID: fce834b9b5bf0f065011ae2742907d7a181f61c10bb75be2defc9a0627d7cb11
                • Opcode Fuzzy Hash: 728a3e32f576f8463837dd590b9c2d164845d88392fc38b82005345d75422493
                • Instruction Fuzzy Hash: 2E71ADB5D142688BE724CF25DC80AEBBB75FB85314F0480FAD80DA6640E6785FC58F52
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cd07b534cde3492c0a32738a22ef2d02c1b3426bf96fa07a3ee489b6ecb329b5
                • Instruction ID: d8d5cdb9d3bb58a47e2e72badb1a3e6b236f1989ee558caa245ff7c09ef9dde1
                • Opcode Fuzzy Hash: cd07b534cde3492c0a32738a22ef2d02c1b3426bf96fa07a3ee489b6ecb329b5
                • Instruction Fuzzy Hash: 9061CFB1D041299EEB208B11DC807EE77B5EF84324F0490FAE80D66640E7395EC6CF96
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46c14a31fc4fdfd0d6710e6d307ab6c7d987d06a15c58a7ae3aedb84a681fe22
                • Instruction ID: 13e82ed3e95105304b0207499ebf931241db754c38cf7e951925b70e0c533887
                • Opcode Fuzzy Hash: 46c14a31fc4fdfd0d6710e6d307ab6c7d987d06a15c58a7ae3aedb84a681fe22
                • Instruction Fuzzy Hash: 905106F2D141549FFB288B24CD99AF77775FB44300F1081BEEA0E56281DA7D5EC28A21
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 961885c268d462298945ed469cf76bf7347610c835c458859002122509e61950
                • Instruction ID: f427d1e6374c932be8995b428181ae40f0c001cea78e9482adceded6d1faa0fe
                • Opcode Fuzzy Hash: 961885c268d462298945ed469cf76bf7347610c835c458859002122509e61950
                • Instruction Fuzzy Hash: FC51BEB1E146689AE724CF15DC84AEBBB75FB84314F0040FAD90DA6680E6785FC58F52
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 182743dd6c3268a986be53628d433af35a5e6c2555239454455e4317999f3767
                • Instruction ID: c7c214c0436d49519d005bb5d288496f86b19d8099f291a59baf59b3f5ff6e3d
                • Opcode Fuzzy Hash: 182743dd6c3268a986be53628d433af35a5e6c2555239454455e4317999f3767
                • Instruction Fuzzy Hash: 2A51C1B1E142689AEB208B15DC40AEB7776FF85300F5481FAD80DA7680E3785EC6CF56
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9b361effb9d35335a0e667c8a37f2fff8e34b103283b8a0b8782b54dcc4627ad
                • Instruction ID: 42d4c320c12ffa12cfdb6100f84d5012fefd1f5f5842db14de126ee6f765e717
                • Opcode Fuzzy Hash: 9b361effb9d35335a0e667c8a37f2fff8e34b103283b8a0b8782b54dcc4627ad
                • Instruction Fuzzy Hash: 38618F16B2466887DB38DB399C1919BA2B3AF59300F04D4FD940DE7664FE704B898F0B
                Memory Dump Source
                • Source File: 00000000.00000002.1655119029.0000000000420000.00000020.00000001.01000000.00000003.sdmp, Offset: 00420000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_420000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e1b988752492533c87f38e02d61ec4199e558238f64988d70c3d61604edd5c6
                • Instruction ID: f835f50e96c06ce5480d6a5550cb105bf42c19913db0935725cb9a350713c138
                • Opcode Fuzzy Hash: 4e1b988752492533c87f38e02d61ec4199e558238f64988d70c3d61604edd5c6
                • Instruction Fuzzy Hash: C051F0B2E042589FF714CE20DC89AAB7B75EB84314F1480FAE90D56680DA3C5FC68F56
                Memory Dump Source
                • Source File: 00000000.00000002.1655916931.000000000075E000.00000040.00000001.01000000.00000003.sdmp, Offset: 0075E000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_75e000_an_api.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 405a174c291d28639658c2f9e2bb617acdab1ac2bd47ea845e71ca3bbeb1f381
                • Instruction ID: 07fd73c1f66ba31d20a21535f09b328e31abeac23e303c940b072c0d38ed10a2
                • Opcode Fuzzy Hash: 405a174c291d28639658c2f9e2bb617acdab1ac2bd47ea845e71ca3bbeb1f381
                • Instruction Fuzzy Hash: B551EEB2D046289BDB248B25DC416FAB3B5FF54344F1481EAE90D97281E3785EC1CF61